The Singapore-based company founded and managed by Vietnamese stated Monday its server had been attacked and personal data of a large number of users could have been leaked.
It added user assets were not affected by the attack.
Internet users on Dec. 25 found the data of Onus customers posted on a data trading website by an account named 'vndcio.'
The data includes real name, email address, phone number, username and Electronic Know Your Customer (eKYC) info, which is the digital verification of an identity without the need for face-to-face interaction.
Of all 1.92 million Onus users, around 90 percent are Vietnamese, the hacker said.
'vndcio' claimed to have accessed the server of Onus to get the data and delete the files on the server afterward.
He or she also uploaded screenshots of the data, including passport and ID card info of users along with videos of 10 users’ faces, which is how Onus identify its customers.
The hacker did not reveal how much he or she charges for the data but provided an email address for contact.
On Dec. 26, another account, 'blackblock1234,' uploaded the same data with a total volume of nine terabytes.
The leaked data is enough for hackers to fake user identification or send them unwanted advertisements.
Onus, formally VNDC, launched its app in March last year and claimed to have 1.8 million users in over 20 economies, with over 600,000 of them having identified themselves electronically.
It allows users to trade cryptocurrencies like Bitcoin and manage their investment.