The cybersecurity group vx-underground reported in November on X, previously Twitter, that anonymous hackers claimed to have penetrated Coin Cloud, an insolvent Bitcoin ATM startup.
According to vx-underground, the hackers claimed to have stolen 70,000 images of customers taken from ATM cameras, as well as 300,000 customers’ personal data, which allegedly includes “Social Security Numbers, date of birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more.”
Nobody has officially claimed the hack. Even according to the company’s current owner, what happened to Coin Cloud remains a mystery a month later.
According to its official website, Coin Cloud was a corporation that operated hundreds of Bitcoin ATMs throughout the United States and Brazil until it filed for bankruptcy in February. According to a press release issued at the time, Genesis Coin, another Bitcoin ATM operator, bought 5,700 ATMs from the now-defunct Coin Cloud in July. Andrew Barnard and his associate, who owned another cryptocurrency ATM startup called Bitstop, purchased Genesis Coin earlier in January.
Barnard, the CEO of Bitcoin ATM, the re-branded company formed after the bankruptcy of some Coin Cloud assets, told TechCrunch that his company launched an investigation following the vx-underground tweet, but it couldn’t determine when the breach occurred or who was responsible, and he himself described the incident as “a mystery.”
“The data breach happened a while ago, as Coin Cloud has been hacked multiple times in the past when they were still an operating company,” Barnard stated. “I believe that data is being ransomed right now.” “It’s impossible to say [when] because there were few controls throughout the software development process and multiple international contractors had access to source code containing secrets to access the database,” Barnard said in an email.
“It doesn’t look like the services that Coin Cloud kept alive were recently breached from what we were shown,” Barnard went on to say. “As a result, it’s reasonable to assume this is data stolen from one of the previous times Coin Cloud was hacked.” It’s an assumption, but one that makes sense. It’s hard to establish when the data was hacked or who was responsible. Because so many suppliers and internal personnel had access to information, it could have occurred at any point throughout the years.”
Barnard said that if the source code, which held the admin credentials to the database, was acquired, the hackers “would have access to all the [Know Your Customer] information of customers.”
In order to prevent fraud and money laundering, technology and financial firms conduct Know Your Customer (KYC) checks to confirm a person’s identification. Customers are often required to provide scans of their identification papers as part of KYC procedures.
A former Coin Cloud employee who requested anonymity told TechCrunch that the company was “an absolute disaster to work for.”
“We didn’t have a security team,” the former employee said, adding that she thinks Coin Cloud was hacked at least once last year and that the firm kept a large amount of data in plaintext, which means it wasn’t secured.
