Ransomware victim disclosure
← All victimstransak
Claimed by Stormous · listed 2 months ago
Status timeline
- ListedMay 2, 2026
- Data leakeddate unknown
At a glance
- Group
- Stormous
- Status
- Data leaked
- Country
- United Kingdom
- Sector
- Financial Services
- Listed on leak site
- May 2, 2026
About the victim
AI dossier — public-source company profileTransak is a UK-based (FCA authorised) and US-registered (MSB) developer integration toolkit enabling users to buy and sell cryptocurrency using fiat currency within third-party apps, websites, and web plugins. It operates across 64 countries supporting 136 cryptocurrencies via debit card, bank transfer, and other payment methods, and powers crypto onboarding for 600+ web3 applications including MetaMask, Uniswap, and Trust Wallet. The platform includes KYC/AML compliance infrastructure, a white-label API, and liquidity sourced from 10+ exchanges.
- Industry
- Cryptocurrency Fiat On/Off Ramp & Payments Infrastructure
- Employees
- 51-200
Attack summary
Severity: critical — Transak operates a KYC-regulated fiat-to-crypto platform collecting government-issued ID, personal identity data, and financial payment information from users across 64 countries at scale; data_published status for a regulated financial services entity handling PII and financial records at this volume constitutes a critical disclosure regardless of the sparse leak post detail.Stormous claims to have attacked Transak and the disclosure status is listed as 'data_published', indicating data has been released; however, the leak post contains no explicit description of exfiltration volume, encryption activity, or specific data categories beyond the victim identification.
Data the group says was taken
AI dossier — extracted from the leak post- KYC identity verification records
- User personal data
- Payment method information
- Financial transaction records
- API integration credentials (potential)
What the group claims
transak.com/
Sources
- Victim sitetransak.com
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

