Hackers Claim 70,000 Selfies in Coin Cloud Bitcoin ATM Breach


Coin Cloud, a leading Bitcoin ATM provider, declared bankruptcy in February after weathering the storms of the volatile cryptocurrency industry for years. In a surprising turn of events, Coin Cloud has become relevant again, not due to Bitcoin’s recent push to 40k, but because they have suffered a data breach. The company’s portfolio included over 4,500 cryptocurrency ATMs in various locations across the US and Brazil. Unfortunately, they lost all support after many top crypto lenders went bankrupt following the FTX scandal.

While the aftermath of FTX rippled through the crypto space, Coin Cloud, much like its counterparts, faced unprecedented challenges. The collapse of FTX, orchestrated by Sam Bankman-Fried, became a nationwide phenomenon that stunned many. Genesis Global Holdco, Celsius Network, and Voyager Digital, all key players in the crypto lending space, froze withdrawals during the market turmoil and lost billions of dollars of customer funds. 

Coin Cloud, with Genesis as its main financial backer, took a severe hit when Genesis filed for bankruptcy. The company, burdened with over $100 million in loans and interest owed to Genesis, found itself at a critical turning point. Despite posting revenues of $303 million in 2021, legal and business troubles led Coin Cloud to operate at a significant loss in 2022.

The troubles included a lawsuit against a manufacturer for 4,000 faulty crypto ATMs and the CMO overspending the business marketing budget by 20 million. Coin Cloud was in a lengthy legal case with the Chief Marketing Officer (CMO), who allegedly misrepresented his qualifications during the hiring process. The CMO claimed racial discrimination, which added to the legal entanglements and escalated legal fees for the company.

In February, Coin Cloud filed for bankruptcy, seemingly concluding the story. However, the plot thickens. Coin Cloud’s ATMs, known for their top features of a responsive touch screen, small physical footprint, bill dispenser, companion app, and a multifunctional camera, have once again been brought into relevancy. Coin Clouds multifunctional camera “does two things: it takes your picture, and it scans your mobile wallet’s QR code. This increases your security (nobody can steal your ID and use it at a Coin Cloud BTM) and also makes it easier to interact with the machine.”

According to a tweet by vxunderground, an unknown threat actor alleges to have compromised Coin Cloud. The company’s claim that its camera takes pictures and scans QR codes for security purposes has come back to haunt them. The threat actor asserts to have exfiltrated 70,000 customer selfies captured by the ATM cameras and personal identifiable information (PII) of 300,000 customers. The stolen PII includes Social Security Numbers, Dates of Birth, First and Last Names, email addresses, Telephone Numbers, Current Occupations, Physical Addresses, and more. The compromised data reportedly spans individuals residing in the United States and Brazil.

Adding another layer to the breach, the threat actor also claims to have stolen the entire backend source code of Coin Cloud. The lack of isolation between transactional data and customer PII data raises significant concerns, with the database containing an extensive amount of sensitive information. The inclusion of 70,000 customer selfies intensifies the privacy invasion aspect of this attack.

As of now, there is limited information available on this unfolding story, making it one to watch closely as more details emerge. 

Some recent breaches: