Ransomware victim disclosure
← All victimsDUC App
listed as DUC App: Global Money Movement, Sim... · Claimed by Killsec · listed 9 months ago
Status timeline
- ListedOct 23, 2025
- Data leakeddate unknown
At a glance
- Group
- Killsec
- Status
- Data leaked
- Country
- Canada
- Sector
- Technology
- Listed on leak site
- Oct 23, 2025
About the victim
AI dossier — public-source company profileDUC App is a Canadian-based financial technology platform offering global money movement services including person-to-person transfers, international mobile top-ups, cryptocurrency transactions, gift cards, and API integrations for e-commerce. The platform operates via web, iOS, and Android and supports a wide range of payment methods including Visa, Mastercard, SEPA, Interac, and others. It has accumulated over 2,100 client reviews, suggesting a meaningful retail and business customer base.
- Industry
- Financial Technology (Fintech) & Cross-Border Payments
Attack summary
Severity: critical — The exfiltrated data includes private cryptocurrency keys (enabling direct financial theft), government-issued identity documents (passports, IDs), and financial transaction histories — all constituting regulated PII and financial data at scale. Private crypto keys in particular represent an immediate and irreversible financial risk to affected users.KillSec claims to have exfiltrated sensitive customer and operational data from DUC App, including personal identification documents, cryptocurrency wallet keys, transaction histories, and contact information, threatening full public release if the company refuses to cooperate. The disclosure status is marked as data_published, indicating at least partial release has occurred.
Data the group says was taken
AI dossier — extracted from the leak post- Client home addresses
- Phone numbers
- Email addresses
- Transaction histories
- Public cryptocurrency wallet keys
- Private cryptocurrency wallet keys
- Verified identity documents
- Passports
- Government-issued IDs
What the group claims
DUC App is a leading financial technology platform that empowers individuals and businesses to manage global payments and currency exchange effortlessly. Offering instant transfers, international mobile top-ups, cryptocurrency transactions, and robust API integrations for e-commerce, DUC App delivers a secure, user-friendly experience across web, iOS, and Android devices -- The data includes, but is not limited to, clients' home addresses, phone numbers, transaction histories, email addresses, public and private crypto address keys, verified documents, passports, IDs, and more. If the company refuses to cooperate, we will release all information.
Sources
- Victim siteducapp.com
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

