Ransomware victim disclosure
← All victimsTripleA
listed as TripleA (aaa.com) · Claimed by Hunters International · listed 9 months ago
Status timeline
- ListedOct 3, 2025
- Data leakeddate unknown
At a glance
- Status
- Data leaked
- Country
- Singapore
- Listed on leak site
- Oct 3, 2025
About the victim
AI dossier — public-source company profileTripleA (aaa.com) is a Singapore-based fintech company that operates a business-to-business platform enabling companies to accept Bitcoin and other cryptocurrency payments. Using blockchain technology, it converts received cryptocurrencies into local currencies to mitigate exchange rate risk. The platform also supports cross-border transactions, allowing businesses globally to accept crypto payments from customers in any country.
- Industry
- Cryptocurrency Payment Processing (Fintech)
Attack summary
Severity: high — TripleA is a fintech/crypto payment processor handling business financial transactions and potentially sensitive client financial data. Data_published status confirms exfiltration has occurred and data has been released, representing significant exposure of financial and business records from a regulated fintech entity.Hunters International claims to have attacked TripleA and has published the data (disclosed status: data_published), indicating exfiltration of company data. No specific ransom amount or data size was stated in the post.
Data the group says was taken
AI dossier — extracted from the leak post- Business transaction records
- Cryptocurrency payment data
- Corporate client information
- Financial/settlement data
Original description
AI-summarised, not from the leak postTripleA is a fintech company that aims to simplify cryptocurrency transactions. It provides a business-to-business platform for companies to accept Bitcoin and other cryptocurrency payments. Using blockchain technology, TripleA converts received cryptocurrencies into a local currency, mitigating exchange rate risks. It also supports cross-border transactions, enabling businesses globally to accept cryptocurrency payments from any country.
Sources
- Victim siteaaa.com
Source
Indexed 9 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

