Canadian cryptocurrency exchange Coinsquare has sparked concern for its customers after revealing it had spotted unusual activity on the platform.

On Saturday 19 November, Coinsquare tweeted that it would “undergo an unscheduled maintenance period” after detecting unusual activity. The platform did not offer much detail at the time, instead simply stating that “no client funds have been lost”.

Coinsquare breach tweet
Coinsquare’s tweet on 19 November, informing users that it had undergone unscheduled maintenance

However, Coinsquare later contacted its customers via email on Friday 25 November. The email directly informed them that customer assets were “secure in cold storage and are not at risk” despite the maintenance.

Full service was eventually restored the same day on both its web and mobile platforms, according to a subsequent Coinsquare tweet.

Customer details at risk

But, according to a number of customer reports, the email included information that it had “identified an intrusion” and a database containing personal information had been exposed which potentially could have been accessed by an unintended third party. The email also explained which information could have been included, such as:

Coinsquare breach email
The beginning of Coinsquare’s email to customers
  • Customer names
  • Customer email addresses
  • Residential addresses
  • Phone numbers
  • Dates of birth
  • Device ID’s
  • Public wallet addresses
  • Transaction history
  • Account balances

Despite a long list of details that could have been accessed, Coinsquare insisted that “no passwords were exposed”. The cryptocurrency exchange platform explained that it had no evidence that any information had been viewed by a third party, but had decided to make all customers aware regardless.

While some clients appreciated the communication, many were concerned about not knowing whether their information had been accessed in the Coinsquare breach.

Following the email, Coinsquare remained active on Twitter. Responding to customer tweets, the company elaborated that it had “only identified three clients whose accounts were accessed”. The exchange also commented on the social media platform that the holders of these accounts had been contacted separately.

The Fintech Times has reached out to Coinsquare for an explanation but the crypto exchange platform has not yet responded.

Coinsquare security promises 
Martin Piszel before the coinsquare breach
Martin Piszel, CEO of Coinsquare

Coinsquare highlights that it is the first Canadian crypto exchange to be IIROC (Investment Industry Regulatory Organization of Canada)-registered.

A few days prior to the alleged Coinsquare breach, Martin Piszel, CEO of Coinsquare, issued an open letter to customers on the platform’s website. Following the collapse of Bahamas-based crypto exchange FTX, Piszel explained how Coinsquare continued to be a safe haven for customer assets.

Piszel explained: “I wanted to confirm how Coinsquare’s position as a fully regulated IIROC investment dealer uniquely protects your account and your crypto asset investments

“As the full extent of the FTX collapse continues to ripple throughout the financial markets, there are some clear lessons the industry must learn. Although some see regulation as overreaching, it plays a critical role in ensuring that these tragedies do not happen. We here at Coinsquare will push for consistent regulation of this market giving clients the oversight they deserve.”

Leave a Reply

Your email address will not be published.