An unknown threat actor has claimed responsibility for the Coin Cloud data breach, a cryptocurrency ATM network. The alleged attackers assert that they have successfully compromised the company’s security infrastructure, gaining access to a trove of sensitive customer data and even making off with the source code for Coin Cloud’s entire backend.
The Coin Cloud data breach has resulted in the unauthorized exfiltration of 70,000 customer selfies, captured through the ATMs’ integrated cameras.
In addition to this alarming invasion of privacy, the attackers claim to have accessed and stolen personally identifiable information (PII) for 300,000 customers.
The stolen PII during the data breach at Coin Cloud includes highly sensitive details such as social security numbers, dates of birth, first and last names, email addresses, telephone numbers, current occupations, physical addresses, and more. The extent of the compromised data is staggering, potentially exposing affected individuals in both the United States and Brazil to identity theft and various forms of cybercrime.
The Cyber Express Team has made efforts to contact officials in order to authenticate the claim; however, as of now, officials have yet to officially confirm the occurrence of the Coin Cloud data breach.
Adding to the gravity of the situation, the threat actors assert that they have successfully absconded with the entire source code of Coin Cloud’s backend. This includes the proprietary technology that powers the cryptocurrency ATMs and underlies the company’s operations.
The theft of such intellectual property (IP) raises concerns about potential misuse or exploitation, as the attackers could gain insights into the intricacies of Coin Cloud’s systems and potentially compromise the security of its users further.
Financial Turmoil Amidst Coin Cloud Data Breach
Coin Cloud, already facing challenges in the cryptocurrency market, filed for Chapter 11 bankruptcy in February 2023. According to the company’s submission to the Nevada Bankruptcy court, it disclosed liabilities ranging from US$100 million to US$500 million, with creditors numbering between 5,001 and 10,000.
The most substantial creditor listed is the now-defunct cryptocurrency broker, Genesis, to which Coin Cloud owes an uncollateralized loan of US$100 million. Following closely is Cole Kepro, a Nevada-based entity specializing in the production of arcade gaming machines utilized in casino gambling, with Coin Cloud owing approximately US$8.5 million. Notably, Cole Kepro supplied the physical equipment essential for Coin Cloud’s operations.
Additionally, the bankrupt company had financial obligations to Brink’s U.S., a provider of cash management and security services recognized for its sizeable armored vehicles that handle cash transportation. Coin Cloud owed Brink’s U.S. a sum of US$2.5 million.
This Coin Cloud data breach adds a layer of complexity to the situation. The compromised security and loss of customer trust could further exacerbate Coin Cloud’s financial troubles, making recovery and survival in the competitive cryptocurrency landscape an uphill battle.
Though the claim has not been verified yet, still customers are urged to monitor their financial accounts closely, implement additional security measures, and consider freezing their credit to protect themselves from potential identity theft.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.