French prosecutors and the national cyber unit opened a preliminary investigation after Waltio, a crypto tax reporting platform, disclosed a data breach that occurred on january 21. The incident exposed personal tax data for roughly 50.000 users, most of them in France.
Waltio reported that the breach, attributed by investigators to the hacking group known as “Shiny Hunters,” compromised email addresses and detailed elements from users’ 2024 tax declarations — specifically cryptocurrency gains, losses and year‑end asset balances. The company estimated its service supports about 150.000 users across France, Spain and Belgium, making the leak material in scale for a compliance provider.
Waltio asserted that several categories of particularly sensitive data were not accessed in the incident: passwords, wallet addresses, banking details, administrative records and tax identification numbers. Even so, the combination of verified identity and taxable crypto holdings creates high-value intelligence for criminals, according to warnings issued by French authorities.
The episode matters because Waltio occupies a compliance choke point between identity and financial records; leaked tax declarations give attackers a verified map of gains, losses and year‑end balances that can be monetized without touching wallets. Authorities and users responded swiftly once the platform filed a complaint for attempted extortion.
Investigation, extortion claim and risks to users
After the breach, Waltio received a ransom demand and filed a formal complaint for attempted extortion and unauthorized access to its automated data processing systems. The Paris Public Prosecutor’s Office and the National Cyber Unit launched a preliminary probe to assess the intrusion, the extortion attempt and any downstream risks for affected individuals.
Authorities cautioned that exposed tax compliance data is attractive to criminals because it provides confirmed evidence of taxable crypto holdings. That reduces the effort needed for targeted scams, blackmail or so‑called “wrench attacks” aimed at extracting access to assets off‑chain. For holders and advisers, the incident highlights the asymmetric risk of attacking peripheral services rather than direct wallet compromise.
For the market and affected users, the immediate focus will be on the prosecutor’s inquiry and any further disclosures from Waltio about the scope of exfiltrated records. Investors and service providers will also monitor whether this case prompts tighter operational controls or regulatory scrutiny of platforms that collect and centralize tax‑related crypto data — a shift that could influence how firms manage compliance data and how users weigh custody and disclosure risks going forward.
