Coin Cloud security breach exposes thousands of user data

Hackers are said to have gained access to such private data as SSNs, emails, and phone numbers for more than 300,000 customers of Coin Cloud.

An unknown cybercriminal (or a group of hackers) has reportedly gained unauthorized access to personal data for over 300,000 customers of the now-defunct Bitcoin (BTC) ATM provider Coin Cloud.

An unknown Threat Actor(s) claim to have compromised Coin Cloud.

They allege to have exfiltrated 70,000 customer selfies (via ATM cameras), and 300,000 customers PII which includes Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number,… pic.twitter.com/TJ7RUK18Yq

— vx-underground (@vxunderground) November 12, 2023

In an X post on Nov. 12, researchers for the malware repository vx-underground said the hackers have allegedly exfiltrated 70,000 customer selfies, which were made with Bitcoin ATM cameras for KYC verification.

In addition, the cybercriminals accessed personally identifiable information such as SNN, email addresses, phone numbers, and so on for more than 300,000 customers of Coin Cloud. According to vx-underground’s sources, the hackers have also allegedly gained access to data for individuals residing in the U.S. and Brazil.

While it is unclear how the hackers gained access to Coin Cloud’s database, the report says they have also stolen the source code to the entire backend.

Coin Cloud bankruptcy

In early 2023, Coin Cloud filed for bankruptcy protection as the Las Vegas-based firm encountered “business difficulties and legal problems,” which resulted in losses of $40 million.

In a filing in the U.S. Bankruptcy Court for the District of Nevada, the firm said it has 10,000 creditors with assets under management ranging between $50 million to $100 million. As per court filings, Genesis Global Capital, the troubled crypto lender, was the largest unsecured creditor of Coin Cloud, lending the firm over $100 million.