Summary
A third party gained access to our SendGrid marketing email service.The incident was limited entirely to SendGrid, which we use only to send marketing messages.
No CoinTracking systems, accounts, or user data were accessed or affected.
What Happened
An attacker accessed our SendGrid account, a third-party service we use for marketing email delivery.
We do not store or upload CoinTracking user contact data to SendGrid — it is used purely to send outbound campaigns.
The attacker uploaded their own external contact list and used our verified SendGrid sender domain to send phishing emails impersonating CoinTracking (for example: “CoinTracking x Stellar – Claim your XLM NOW!”).
After discovery, we immediately secured the account, blocked access, and initiated a full security review.
Who Was Affected
Approximately 3% of the email addresses overlapped with CoinTracking users. This overlap likely occurred because some addresses had appeared in unrelated breaches elsewhere, not through CoinTracking.
Our Response
Immediately after identifying the incident, we:
- Reset all SendGrid credentials and verified 2FA protection.
- Removed all unauthorized contact lists and campaigns.
- Conducted a full audit confirming that no CoinTracking systems, servers, or user data were accessed.
- Added IP restrictions and advanced monitoring for all SendGrid accounts.
- Notified affected users and initiated a compliance and security review.
What You Should Do
If you received an email claiming to “claim XLM” or any similar offer:
- Delete the email immediately.
- Do not click any links or reply.
- Even if the email appears to come from support@cointracking.info, treat it as suspicious if it references rewards, token claims, or unusual offers.
- To verify communication, always log in directly via https://cointracking.info.
- If in doubt, contact us at support@cointracking.info directly from your email client or through our website — do not reply to the suspicious message.
Our Commitment
Security and transparency remain at the core of CoinTracking’s mission.
We uphold strict data protection standards and are certified under ISO 27001 Information Security Management.
We regret the confusion this incident may have caused and have implemented enhanced access controls and additional safeguards to prevent recurrence.
We will update this statement if new information becomes available.
Thank You
We appreciate your understanding and continued trust in CoinTracking. If you have any concerns, our support team is here to help at support@cointracking.info.
