In November, cybersecurity collective vx-underground wrote on X, formerly Twitter, that: Anonymous hackers claimed to have hacked Coin Clouda bankrupt Bitcoin ATM company.
According to the website vx-underground, the hackers claimed to have stolen 70,000 photos of customers taken from cameras built into the ATMs, in addition to the personal data of 300,000 customers, which allegedly included “Social Security numbers, date of birth, first name.” Name, last name, email address, phone number, current occupation, physical address, and more.
No one has publicly claimed the hack. A month later, what actually happened to Coin Cloud remains a mystery, even according to the company’s new owner.
Coin Cloud was a company that owned thousands of Bitcoin ATMs across the United States and Brazil. According to its official website, Even the company It filed for bankruptcy in February. In July, Genesis coinanother Bitcoin ATM provider, acquired 5,700 ATMs from Coin Cloud that have since been discontinued, According to a press release published at the time. Genesis Coin itself was acquired earlier in January by Andrew Barnard and his associate It owns another cryptocurrency ATM company called Bitstop.
call us
Do you have more information about the Coin Cloud hack? We would love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, via Telegram, Keybase and Wire @lorenzofb, or by email lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.
Barnard, who serves as CEO of Bitcoin ATMthe company that was renamed after purchasing some of Coin Cloud’s assets in bankruptcy proceedings, told TechCrunch that his company launched an investigation after vx-underground’s tweet, but was unable to determine when the breach occurred or who was responsible, and he himself described the incident as a “mystery.”
“The data breach has been around for a while, as Coin Cloud has been hacked several times in the past when it was still an operating company,” Barnard said. “I think the data is now being ransomized. It’s impossible to say.” [when] There were few controls throughout the software development process and many international contractors had access to source code that contained secrets within it to access [database]Barnard said in an email.
“The services that Coin Cloud keeps alive don’t appear to have been hacked recently from what we’ve shown,” Barnard added. “So it is reasonable to assume that this data was indeed stolen from one of the previous times the Coin Cloud was hacked. It is an assumption, but a reasonable one. It is impossible to determine when the data was compromised or who did it. Multiple vendors and internal employees have access Moreover, this could have happened at different times over the years.
If someone got hold of the source code, which contains administrator credentials for the database, the hackers “would have access to all the information,” Barnard said. [Know Your Customer] Customer information.”
Know Your Customer, or KYC, are checks conducted by technology and financial companies to verify a person’s identity to prevent fraud and money laundering. Know Your Customer (KYC) checks often rely on customers providing scans of their identity documents.
A former Coin Cloud employee, who requested to remain anonymous, told TechCrunch that Coin Cloud was “an absolute disaster to work for.”
“We didn’t have a security team,” the former employee said, adding that she believed Coin Cloud had been hacked at least once in the past year, and that the company stored much of the data in plain text, meaning it was not encrypted.