CoinTracker Third-Party Security Incident (Mixpanel)

Postedabout 1 month agoActiveabout 1 month ago

Original: CoinTracker Third-party security incident (Mixpanel)

dotmanish

1 points

0 comments

Securitystory

informativeneutral

Debate

20/100

Security IncidentData_exfiltrationThird-Party Risk

Key topics

Security Incident

Data_exfiltration

Third-Party Risk

(Received as on 26 Nov 2025)

We’re reaching out to let you know about a security event involving one of CoinTracker’s third-party service providers, Mixpanel. We want to be transparent about what happened, what information was involved, and what we’re doing in response.

To be clear: CoinTracker’s systems were not compromised, and no access was gained to our internal infrastructure. What happened

On November 21, 2025, Mixpanel — a data analytics provider used by CoinTracker and many other software companies — provided details of a security incident that occurred within their environment.

Mixpanel’s security team found that an attacker had gained access to their systems through an SMS phishing attack (”smishing”). Using elevated permissions, the attacker exported certain datasets containing CoinTracker user information. Mixpanel stopped the unauthorized activity and initiated an investigation.

CoinTracker systems were not affected. What information was involved

The data involved is limited to profile data, which includes: Email address Geographic location (derived from IP address: city, region, country) Device metadata (e.g., screen size, Android version, mobile carrier) Limited transaction summaries (e.g., 2022 total transaction count) User preferences or attributes (e.g., “is accountant”)

No CoinTracker account logins or specific transaction/wallet data were exposed. What information was NOT involved

Wallet addresses Recovery phrases Private keys (CoinTracker never collects this data) CoinTracker passwords or login credentials Tax forms Exchange-connected transaction data Bank account or credit card information Social Security numbers or other government-issued IDs

CoinTracker’s systems were not compromised. The breach occurred solely within Mixpanel’s environment. Important safety tips

Be alert for any suspicious or unexpected emails. Avoid clicking on links or downloading attachments from unknown sources. If you use CoinTracker, enable multi-factor authentication (MFA) to further protect your account. What we’re doing

We have stopped sending email addresses to Mixpanel and are auditing all tools that handle user data. We’ve also opted into Mixpanel’s third-party review and monitoring process to confirm what was accessed and ensure it does not appear on the dark web.

Protecting your data is our priority. If you have questions or concerns, please don’t hesitate to reach out to our team at support@cointracker.com

The CoinTracker Team

Discussion Activity

Light discussion

First comment

43m

Peak period

0-1h

Avg / period

Key moments

01Story posted
Nov 26, 2025 at 10:20 PM EST
about 1 month ago
Step 01
02First comment
Nov 26, 2025 at 11:03 PM EST
43m after posting
Step 02
03Peak activity
1 comments in 0-1h
Hottest window of the conversation
Step 03
04Latest activity
Nov 27, 2025 at 10:29 AM EST
about 1 month ago
Step 04

Generating AI Summary...

Analyzing up to 500 comments to identify key contributors and discussion patterns

Discussion (0 comments)

Discussion hasn't started yet.

ID: 46065208Type: storyLast synced: 11/27/2025, 3:22:06 AM

Want the full context?

Jump to the original sources

Read the primary article or dive into the live Hacker News thread when you're ready.

View on HN