ShinyHunters Breach French Tax Firm Waltio; 50,000 Users’ Balances Exposed

French crypto tax platform Waltio confirmed Friday it has filed a criminal complaint following a ransomware attack by the notorious ShinyHunters group. The breach, which the company detected following an extortion attempt on January 21, exposed the personal data and financial positions of approximately 50,000 users.

The Data: A Target List for Criminals

While Waltio stated that no passwords, API keys, or wallet seed phrases were compromised, the nature of the stolen data poses a specific physical and social engineering risk. The attackers accessed:

• Email addresses.
• Aggregated figures from 2024 tax reports.
• Account balances and capital gains/losses as of December 31, 2024.

This creates a high-fidelity "lead list" for criminals. Unlike a standard credential leak, this breach reveals exactly which individuals hold significant crypto wealth, making them prime targets for sophisticated spear-phishing or, in extreme cases, the physical "crypto kidnappings" recently flagged by French authorities.

The Investigation

Waltio posted on X (formerly Twitter) that it has filed a formal complaint for "attempted extortion and compromise of automated data processing systems." The case is now handled by the J3 cybercrime unit of the Paris Public Prosecutor's Office.

"Our investigations show that this is not an active intrusion into our current production infrastructure. Waltio services are operating normally.". Waltio Statement

The breach allegedly appeared on dark web marketplaces as early as December 24, 2025, nearly a month before the extortion demands reached Waltio executives. The company has notified the CNIL (France’s data protection authority) and urged users to verify email security codes to prevent impersonation attempts.