Breaking: CoinTracker & CoinLedger crypto data leaked via Mixpanel (their 3rd-party provider). These platforms are used for tracking crypto wallet balances and transactions.
Here is what was leaked:
- Email address
- Geographic location (derived from IP address: city, region, country)
- Device metadata (e.g., screen size, Android version, mobile carrier)
- Limited transaction summaries (e.g., 2022 total transaction count)
- User preferences or attributes (e.g., “is accountant”)
What this means is the hackers now know which users most likely have crypto and whom to target. Next step is for hackers to get the identities behind the email addresses, after which they can go after the users (extortion, blackmail, murder, kidnapping, etc.). They have the approximate location, which they can use when searching social media, to determine the person’s identity behind each email address.
Partial email I received from Cointracker:
What happened:
On November 21, 2025, Mixpanel — a data analytics provider used by CoinTracker and many other software companies — provided details of a security incident that occurred within their environment.
Mixpanel’s security team found that an attacker had gained access to their systems through an SMS phishing attack (”smishing”). Using elevated permissions, the attacker exported certain datasets containing CoinTracker user information. Mixpanel stopped the unauthorized activity and initiated an investigation.
Partial email I received from CoinLedger:
What happened:
On November 17, 2025, Mixpanel (a data analytics company that CoinLedger is a customer of) provided details to our team of a security incident that happened within their environment.
On Nov. 9th, Mixpanel’s security team was made aware that an attacker had gained access to Mixpanel systems via SMS phishing attack. The attacker used elevated permissions on the affected Mixpanel account to export two datasets containing CoinLedger user information.
What information was involved:
The data involved consisted of analytics profile information, which includes:
First and last name (if that is set on your CoinLedger profile)
Email address
Approximate location derived from your browser (city, state, country)
https://protos.com/openai-cointracker-user-data-leaked-after-third-party-hacked-via-sms/
OpenAI, CoinTracker user data leaked after third-party hacked via SMS
Nov 27, 2025
Crypto tax firm CoinTracker and Sam Altman’s OpenAI have warned users that they may have suffered a data leak after the companies’ analytics partner Mixpanel fell victim to a “smishing” attack.
Mixpanel announced today that it suffered a security incident on November 8, leading to the leaking of customer data. It claimed the breach was the result of a “smishing campaign,” a phishing attack carried out via SMS text.
CoinTracker and OpenAI also disclosed the breach in an email sent yesterday. OpenAI claimed that the names, email addresses, approximate location, and device information of some of its users have been stolen.
CoinTracker similarly warned that email addresses, locations derived from IP addresses, device metadata, and summaries of users’ transactions were exported by the attackers.
The firm says that Mixpanel shared details of the attack on November 21, while OpenAI says it was informed on November 25. The AI platform has since removed Mixpanel from its services.
OpenAI stressed that “no chat, API requests, API usage data, passwords, credentials, API keys, payment details, or government IDs were compromised or exposed.” It also claims that the incident wasn’t a result of OpenAI’s systems and clarified that ChatGPT users weren’t affected by the breach.
It did, however, warn users that any leaked information may be used to target them. As such, it asked them to be vigilant, look out for potential scams, and be cautious of unexpected communications, domain names, and password requests.
Mixpanel responded to the breach by securing the affected accounts, resetting employee passwords, blocking malicious IP addresses, seeking help from third-party forensics firms, and reaching out to law enforcement and cybersecurity advisors.
Data breaches are common within the crypto industry, and attackers have targeted the likes of Crypto.com and Coinbase in the pursuit of user information.
Last Christmas, the data of almost 70,000 Coinbase users was leaked. The third-party customer service firm Zendesk was also attacked this year, resulting in the leaking of millions of user IDs submitted by Discord users.
https://x.com/cointracker_cs/status/1994062082031895019
CoinTracker Support @cointracker_cs – Nov 27, 2025
We’re addressing a security incident that occurred only within Mixpanel, a third-party analytics provider. This issue has impacted many other software companies, including OpenAI: CoinTracker’s systems remain secure and were not compromised.
Data accessed at Mixpanel: email, approximate geo info (from IP), device metadata, limited transaction summaries, and user profile attributes.
Critically, the following were not accessed: wallet addresses, recovery phrases, private keys, passwords, tax forms, exchange-connected data, or any financial information. As a reminder, CoinTracker never collects recovery phrases or private keys.
Our response: we’ve stopped sending email data to Mixpanel, are auditing all tools that handle user info, and are participating in Mixpanel’s review and monitoring efforts. No action is required from users, but enabling MFA is always recommended.
If you have questions, our team is here to help: support@cointracker.com
We’re addressing a security incident that occurred only within Mixpanel, a third-party analytics provider. This issue has impacted many other software companies, including OpenAI: CoinTracker’s systems remain secure and were not compromised.
— CoinTracker Support (@cointracker_cs) November 27, 2025
Data accessed at Mixpanel: email,…
https://x.com/wiimee/status/1993971660169343033
11/27/25 – CoinTracker had another data leak.
Not from their own system, but a third party provider (again). The affected service provider was Mixpanel.
Data exposed:
- Email address
- Approximate location (city/region)
- Device details (e.g. phone model)
- Very limited transaction summaries
- Some user preferences
The Good News
According to Cointracker they didn’t get your wallet addresses, passwords or tax forms.
What should you do if you received this E-mail?
From this day on, every crypto related e-mail you receive should be considered a phishing attempt unless proven otherwise.
Enable 2FA today.
Your crypto risk isn’t just onchain, it starts with your inbox.
CoinTracker had another data leak.
— WiiMee (@wiimee) November 27, 2025
Not from their own system, but a third party provider (again). The affected service provider was Mixpanel.
Data exposed:
• Email address
• Approximate location (city/region)
• Device details (e.g. phone model)
• Very limited transaction… pic.twitter.com/Kc5j1DSMpp
https://x.com/wiimee/status/1993989410094719285
11/27/25 – Just found out that CoinLedger was using Mixpanel too and they’re also affected by the data leak.
They gave out your First and Last Name additionally if you set it in their profile (which you probably did, because you’d need it for a tax report).
Targeted phishing will rise.
Just found out that CoinLedger was using Mixpanel too and they're also affected by the data leak.
— WiiMee (@wiimee) November 27, 2025
They gave out your First and Last Name additionally if you set it in their profile (which you probably did, because you'd need it for a tax report).
Targeted phishing will rise. https://t.co/WLWsnriiJw pic.twitter.com/CzgkqEWgQu