Mobile crypto ‘mining’ app possibly connected to personal data leak
Disclaimer: This article has been updated to include comments from the Pi Network, which claims that no Vietnamese identity cards were held on its servers.
Pi Network, a cryptocurrency mining app for mobile users, may have been connected to 17GB worth of personal data leaks, a Vietnamese news outlet reported on Monday.
The treasure trove of personal data was apparently taken from the Know Your Customer checks of users of Pi Network, according to the person who posted it to hacker hangout RaidForums on Thursday.
The identity cards of an estimated 10,000 Vietnamese citizens were placed for sale, along with connected home addresses, phone numbers and email addresses. The seller placed a price tag of $9,000 on the data, payable in either Bitcoin (BTC) or Litecoin (LTC).
Phien Vo, a moderator of a Vietnamese Pi Network group chat channel, told VnExpress that Pi Network’s KYC checks are performed by a third party, adding that Vietnamese identity cards like those in question aren’t compatible with the app. However, Vo did indicate that an older version of the app was compatible with the cards at one point.
“To perform KYC verification on Pi Network, Vietnamese would need to use their passports. Only some users who used earlier versions of Pi could perform KYC verification using their driver licenses, but so far the system has yet to accept Vietnamese identity cards,” Vo said.
Vietnam’s Ministry of Public Security's cybersecurity division has since launched an investigation into the matter.
An independent investigation into Pi Network’s perceived value was recently conducted by Cem Dilmegani, a tech entrepreneur and founder of AIMultiple. Written weeks prior to the recent data leak, the review concluded that Pi Network bore the hallmarks of a multilevel marketing scheme, or an affiliate marketing program.
The Pi app reportedly demands users log in every day and click a button to receive their PI coins. No blockchain consensus algorithm, like proof-of-work or proof-of-stake, is used in the app, and users can gain increased mining rates by referring other people. The PI token is not yet traded on exchanges and has no dollar value.
The app reportedly sells data for advertising revenue from the moment its usage begins. Given that ad space can sell for a higher value with personal user info included, many have been led to speculate that the Pi app is designed only to siphon personally identifying information from its users.
Cointelegraph reached out to a Pi Network spokesperson for comment. Justin Wu, of Pi Network's marketing and growth team, reiterated that the app's KYC was carried out by a third party, and that no Vietnamese identity cards were held on Pi Network's servers. Wu added that an internal check did not uncover any evidence of a data leak. Wu said Pi Network's referral program was like others in the cryptocurrency space, and is only meant to incentivize the participation of family and friends.