I was "informed" yesterday by email titled "Third-Party Data Breach Affecting Uphold Users", claiming, that there had been a "data breach" at a third-party provider affecting Uphold users. Uphold is a platform that provides a wallet for cryptocurrency. But this is just scam. I'll summarize some information and explain why you should probably should stay away from the whole thing.
Uphold is a multi-asset platform for digital money that offers financial services for a global market. Specifically, Uphold offers the option of maintaining an account to manage and trade cryptocurrencies and transfer them into US dollars or euros, or to purchase additional cryptocurrencies for various cryptocurrencies.
I've had a Coil integration within on of my blogs to gain some donations from Coil supporters visiting my blog. And to collect the micro payment, an uphold wallet was required. The earning summarizes over more than a year was below 2 US $ – so I dropped the Coil integration and never uses the uphold wallet again.
On December 22, 2025, I received an email from tarte.com titled "Third-Party Data Breach Affecting Uphold Users" informing me that their security team had detected a security breach on December 17, 2025 that could affect my Uphold account. My email address, name, and various other data were affected. Here are the details:
Third-Party Data Breach Affecting Uphold Users
Hi there,
We're reaching out because a security incident has been identified that may impact your Uphold account. On December 17, 2025, our security team discovered that a third-party service provider experienced a data breach.
The following information may have been exposed:
● Email addresses linked to Uphold accounts
● Names and contact details
● Account backup and recovery preferences
● Transaction and activity logs
We strongly recommend reaching out to our Security Response Team to confirm the status of your account and to take any necessary protective measures.
Well, I thought immediately it's phishing (tarte.com redirects to a cosmetics shot), but No links were provided, only phone numbers in the US that could be contacted if necessary. From what I saw is, that it seems to be a vhishing scam, tricking uphold users to call the phone number and hand over sensitive personal information. The goal of the scammer: Get access to the uphold wallet and drain the assets.
You may read the full story, and why I also won't use uphold anymore, within my German blog post here. You can use the Translate feature build into my German blog to read the text in English, French and other languages.
