Coin Cloud, the Bitcoin ATM company, fell victim to a hack that even its recent owners are unable to fully comprehend. Last November, cybersecurity group vx-underground alerted on X (formerly Twitter) about hackers asserting a successful breach of Coin Cloud, a defunct Bitcoin ATM firm.

According to vx-underground, the hackers declared seizing 70,000 customer photos from the ATMs’ embedded cameras and personal information of 300,000 customers. This included sensitive details such as Social Security Numbers, dates of birth, names, emails, phone numbers, occupations, physical addresses, and more. No entity has publicly taken responsibility for the hack. Even a month later, the true extent of the incident remains a puzzle, as per the company’s recent ownership. Coin Cloud, once operating numerous Bitcoin ATMs in the U.S. and Brazil, went bankrupt in February. Subsequently, Genesis Coin acquired 5,700 of Coin Cloud’s ATMs in July, as detailed in a press release. Earlier that year, Andrew Barnard, along with an associate from Bitstop, acquired Genesis Coin.

Barnard, now CEO of the rebranded company Bitcoin ATM after purchasing select Coin Cloud assets in the bankruptcy proceedings, informed TechCrunch that an investigation was launched following the vx-underground tweet. However, it failed to ascertain when the breach occurred or who was behind it, dubbing the incident “a mystery.” Barnard explained, “The breach occurred a while ago, as Coin Cloud had faced multiple hacks when it was operational. I suspect the data has been accessed recently for ransom. Pinpointing the exact timing is challenging due to lax controls during software development and several international contractors having access to crucial source code.” He further added, “Our examination indicates that the recently active services of Coin Cloud weren’t breached. Thus, it’s plausible this data was pilfered during one of the previous hacking incidents. Although it’s an assumption, it seems reasonable.

The exact time and perpetrator of the compromise are elusive, considering the numerous points of access by vendors and internal staff over the years.” Barnard highlighted the grave consequence: “If the source code, containing admin credentials for the database, fell into the wrong hands, it grants access to all customer Know Your Customer (KYC) information.” KYC procedures involve identity verification to thwart fraud and money laundering, typically involving customers submitting identity document scans.

A former Coin Cloud employee, preferring anonymity, criticized the company, labeling it “a complete disaster to work for.” The ex-employee asserted the absence of a security team and alleged at least one hack in the previous year. Additionally, she disclosed the company’s habit of storing vast amounts of unencrypted data.


Please enter your comment!
Please enter your name here