In February 2023, Coin Cloud, a major Bitcoin ATM operator, filed for bankruptcy. Months later, in November 2023, the cybersecurity collective vx-underground revealed a shocking truth: the company had been hacked.
The extent of the breach, however, remains unclear, leaving customers and industry experts with more questions than answers.
Table of Contents
Coin Cloud Data Breach
What We Know:
- Hackers claim to have stolen sensitive data from Coin Cloud, including:
- 70,000 customer photos taken from ATM cameras
- Personal information of 300,000 customers, potentially including Social Security numbers, dates of birth, addresses, and more
- Nobody has publicly claimed responsibility for the hack.
- Coin Cloud’s new owners, who acquired some of the company’s assets through bankruptcy proceedings, have not been able to determine when or how the breach occurred.
The Shadowy Culprits
However, despite the gravity of the claims, the alleged data breach remains shrouded in mystery. No group has officially taken credit for the hack, and details regarding the specific vulnerabilities exploited remain scarce.
This lack of clarity has fueled speculation and anxiety amongst Coin Cloud’s former customers.
A History of Vulnerability
The Coin Cloud hack raises questions about the company’s past security practices. A former employee, speaking anonymously, revealed that Coin Cloud lacked a dedicated security team and stored sensitive data in plaintext, meaning it was not encrypted.
The New Owners Respond
Andrew Barnard, CEO of Bitcoin ATM (the company formed after acquiring Coin Cloud’s assets), acknowledges the breach but remains uncertain about the details.
The lack of transparency and security controls at Coin Cloud prior to its bankruptcy is suspected to have played a major role in the breach.
Barnard pointed out the “little controls throughout the software development process” and the access granted to “multiple international contractors” with potential knowledge of sensitive information.
Investigating the Mystery
The vx-underground revelation has sparked an investigation by Bitcoin ATM, but they have been unable to determine the exact timeframe of the breach or identify the perpetrators.
Barnard speculates that hackers may have accessed the source code, which contained sensitive information like database credentials.
Customer Concerns
The data breach poses a significant risk to Coin Cloud customers whose information was compromised. Stolen data could be used for identity theft, phishing scams, and other malicious activities.
Uncertain Future
The Coin Cloud hack serves as a stark reminder of the crucial role cybersecurity plays in the digital age. As the cryptocurrency industry continues to evolve, it’s essential for companies to prioritize robust security measures to protect their customers’ sensitive data.
Looking Ahead:
As Bitcoin ATM assumes ownership of Coin Cloud’s legacy, they face the responsibility of ensuring the safety and security of customer data.
The investigation continues, it is crucial for the Bitcoin ATM company to prioritize transparency and implement stronger security measures to protect its customers and regain trust in the industry.
You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or email lorenzo@techcrunch.com.