An unidentified hacking group has purportedly claimed responsibility for a significant security breach targeting Coin Cloud, a Bitcoin ATM operator that once boasted over 4,000 machines in the U.S. and Brazil before filing for bankruptcy in February 2023.
The group asserts to have stolen 70,000 customer selfies and sensitive personal information for approximately 300,000 customers, along with the source code for Coin Cloud’s backend system.
The cybersecurity expert vx-underground brought attention to the breach through a post on X, disclosing that the hacking group is asserting its actions in private channels. Redacted images accompanying the post are said to depict customer selfies and personal identifying information, including names, addresses, Social Security numbers, dates of birth, occupations, phone numbers, and more.
The gravity of the situation is compounded by the hackers’ claim to have stolen the entire source code of Coin Cloud’s backend system. This source code is crucial for powering the cryptocurrency ATMs and underlies the company’s operations.
The threat actors are said to be sharing these claims in private channels, and there are concerns that the leaked database may be posted online soon. Coin Cloud has not yet provided a public comment on the reported breach.
The compromised data poses a significant risk to affected individuals in the United States and Brazil, exposing them to potential identity theft and various cybercrimes. Furthermore, the theft of Coin Cloud’s source code raises concerns about the potential misuse and exploitation of the company’s proprietary technology, which could compromise the security of its users.
Coin Cloud’s Woes Deepen: Bitcoin ATM Firm Faces Data Breach Amid Chapter 11 Bankruptcy
The tumultuous journey for Coin Cloud, a Bitcoin ATM firm, takes another challenging turn as reports emerge of a significant data breach. Coin Cloud, already navigating Chapter 11 bankruptcy filed in February 2023, now confronts the compromise of sensitive customer data, adding complexity to its financial troubles.
In its Chapter 11 bankruptcy filing to the Nevada Bankruptcy Court, Coin Cloud revealed liabilities ranging from US$100 million to US$500 million, with Genesis, a now-defunct cryptocurrency broker, standing as the most substantial creditor owed an uncollateralized loan of US$100 million.
Cole Kepro, a Nevada-based entity supplying essential arcade gaming machines for Coin Cloud’s operations, follows closely with an owed sum of approximately US$8.5 million. The bankrupt firm also had financial obligations of US$2.5 million to Brink’s U.S., a provider of cash management and security services.
A Leading Cryptocurrency ATM Player with Over 5,000 ATMs Globally Fell Off Due to Industry Challenges
Coin Cloud, a prominent player in the cryptocurrency ATM industry, has been active since at least 2014. As of January 2022, the company claimed to have over 1,100 ATMs and expressed being at a pivotal time in its hyper-growth. According to their website, Coin Cloud has expanded its network to encompass more than 5,000 ATMs handling over 40 cryptocurrencies.
At its peak, Coin Cloud was ranked second worldwide in terms of the number of ATMs, with 4,826 machines primarily located in the United States. However, the cryptocurrency ATM industry experienced a downturn in the second half of 2022. Factors such as market dynamics, competition, and the integration of cryptocurrency services into existing ATMs have influenced the industry landscape.
Despite the challenges faced by the industry, Coin Cloud was a notable player in the cryptocurrency ATM space, contributing to the accessibility and adoption of cryptocurrencies by providing a widespread network of ATMs that facilitate the buying and selling of various digital assets.
While the claim of the data breach is yet to be verified, customers are urged to monitor their financial accounts closely, implement additional security measures, and consider freezing their credit to protect themselves from potential identity theft.