In November, the cyber security collective vx-underground wrote on X, formerly Twitter, that unknown hackers claimed to have breached Coin Clouda bankrupt Bitcoin ATM company.
According to vx-underground, the hackers claimed to have stolen 70,000 customer photos taken by cameras embedded in ATMs, as well as 300,000 customers’ personal data, which reportedly includes, “Social Security Numbers, date of birth, First Name, Last Name , e-mail address, Telephone, Current Occupation, Physical Address and more.”
No one has publicly claimed the hack. A month later, what really happened to Coin Cloud remains a mystery, even according to the company’s new owner.
Coin Cloud was a company that maintained thousands of Bitcoin ATMs across the US and Brazil, according to its official website, up to the company filed for bankruptcy in February. On July, Coin of Genesisanother Bitcoin ATM provider, acquired 5,700 ATMs from Coin Cloud which has since been defunct, according to a press release issued at the time. Genesis Coin itself was acquired earlier in January by Andrew Barnard and a partner, who he owned another cryptocurrency ATM company called Bitstop.
Contact us
Do you have more information about Coin Cloud hack? We would love to hear from you. Lorenzo Franceschi-Bicchierai can be reached securely on Signal at +1 917 257 1382 or via Telegram, Keybase and Wire @lorenzofb or email at lorenzo@techcrunch.com. You can also contact TechCrunch via SecureDrop.
Barnard, who serves as its CEO Bitcoin ATMthe company, which was renamed after purchasing some of Coin Cloud’s assets in bankruptcy, told TechCrunch that his company had launched an investigation into vx-underground’s tweet, but could not conclude when the breach occurred or who was responsible. described the incident as a “mystery”.
“The data breach happened a while ago, as Coin Cloud has been hacked many times in the past when it was still an operating company,” Barnard said. “I think the data is just now being bought up. It is impossible to say [when] as there were minimal controls throughout the software development process and many international contractors had access to the source code which contained secrets within it to access the [database]Barnard said in an email.
“It doesn’t appear that the services that Coin Cloud has kept alive have been compromised recently from what we’ve been shown,” Barnard added. “Therefore, it is reasonable to assume that this is data that has already been stolen from one of the previous times Coin Cloud was breached. It’s an assumption, but a logical one. It’s impossible to really say when the data was breached or who did it. So many vendors and internal employees had access to what could have happened at many different times over the years.”
Barnard said that if someone obtained the source code, which contained the database administrator’s credentials, hackers “would have access to all [Know Your Customer] customer information.”
Know Your Customer, or KYC, are checks performed by technology and financial companies to verify an individual’s identity to prevent fraud and money laundering. KYC checks are often based on customers submitting scans of their identity documents.
A former Coin Cloud employee, who asked to remain anonymous, told TechCrunch that Coin Cloud was “an absolute disaster to work for.”
“We didn’t have a security team,” the former employee said, adding that she believes Coin Cloud was hacked at least once last year and that the company stored a lot of data in plain text, meaning it wasn’t encrypted.
