Crypto hack allegedly exposes 300,000 customer data

A crypto hack allegedly exposes 300,000 customer data. Once again, the problem arose primarily from KYC processes, which are repeatedly required by authorities. Those affected could become victims of identity theft.

Table of Contents

Crypto hack: This is how 300,000 customer data were exposed

Another crypto hack occurs. This time, an estimated 300,000 customer details were exposed. The source is probably a Brazilian company called Coin Cloud, which operated Bitcoin ATMs.

In Brazil and the USA, Coin Cloud counted more than 4,000 of the crypto ATMs where users can exchange cash for cryptocurrencies. However, in many countries the devices are subject to strict requirements. According to their own statements, authorities fear money laundering.

KYC should be used for control. Users must identify themselves with their real name, document and photo before they can exchange money at the ATMs. Databases in which this personal data is stored are particularly interesting for hackers when it comes to identity fraud.

IT security expert VX Underground reported on Twitter that the incident occurred . There he writes:

An unknown Threat Actor(s) claim to have compromised Coin Cloud.

They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number,… pic.twitter.com/TJ7RUK18Yq
— vx-underground (@vxunderground) November 12, 2023

In this way, it was possible to evaluate the faces of 70,000 people who were filmed by internal cameras while using the ATMs. Identifying data for a total of 300,000 people was obtained.

Social security numbers, dates of birth, real names, email addresses, telephone numbers, home addresses, professional occupations and other details fell into the hands of the hackers. The sensitive data comes primarily from Brazilians and Americans.

In addition, the hackers also gained access to the source code used by Coin Cloud to operate the crypto ATMs. The company filed for bankruptcy in the United States in February 2023.

KYC always poses risks

KYC processes, which must also be completed before using banks or crypto exchanges, always pose risks. The last major data leak in the industry was caused in autumn 2022 by the crypto lender Celsius, which was also insolvent .

Details about the latest case involving Coin Cloud are not yet known. VX Underground obtained its information from a private communication channel that is not publicly accessible. This is presumably a forum in which hackers and programmers exchange ideas with one another.

The fact that the claims are based on a true story can be assumed based on a small amount of data that the person responsible shared with VX Underground. The subsequently censored images show customers using the Coin Cloud ATMs. The company’s source code can also be seen on it.

Stay tuned for daily cryptocurrency news!

According to managing director Chris McAlary, Coin Cloud had to go out of business because business and legal problems became too great. The company went out of business with $40 million in debt. The company’s official website is still online at the time of going to press. The provider’s machines are no longer accessible.