Personal data of 300K users, provided at BTC ATMs, allegedly in hacker's hands

[DdmrDdmr]

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

Specifically, the stolen information seems to be:

<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

See:
https://cointelegraph.com/news/coin-cloud-data-hack-united-states-brazil
https://twitter.com/vxunderground/status/1723749038057574425

[1714658100]

1714658100

[Lucius]

This looks like a leak of the Ledger database, only with the difference that the images of ATMs users are also included here. If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

[krishnaverma]

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

Specifically, the stolen information seems to be:

<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

See:
https://cointelegraph.com/news/coin-cloud-data-hack-united-states-brazil
https://twitter.com/vxunderground/status/1723749038057574425

This data can be misused in many ways. Strong measures must be taken to stop such leaks in future.

[ABCbits]

This is yet another reason to reject KYC. It's also crazy SSN of the customers got leaked since AFAIK it's very important data for those who live in US.

If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

In addition, CEX usually have better exchange rate. Anyway, i would guess the reason probably similar why people use ATM rather than mobile/internet banking, familiarity with or strong preferences towards ATM.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

That seems possible, but i think it's also possible the employee don't bother dispose the server securely.

[Aanuoluwatofunmi]

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

What a heck, I never thought as this could ever happened with the use of bitcoin ATM, this means that the service providers of these ATMs needs to be verified before using them and one cannot use any ATM anyhow, this is another important massive discovery in which most of the bitcoin privacy minded user's might not have given attention to, getting to know about this, it may results i having a decline in the rate of people using the bitcoin ATM because they know that their privacy informations are not secured, but sadly it's also ridiculous to see that using a bitcoin ATM is one of the worst mean of exposing our privacy.

[Nwada001]

If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

In addition, CEX usually have better exchange rate. Anyway, i would guess the reason probably similar why people use ATM rather than mobile/internet banking, familiarity with or strong preferences towards ATM.

One thing I notice most people make use of bitcoin ATM rather than exchange is that they result of them believing it's easy to use something, and they find CEX KYC very stressful to pass. The majority of bitcoin ATMs also don't request much data for verification some only request the mobile number and the selfies the machine took from their customers to explain why they are conducting the transaction.
 
Many people who I believe make use of Bitcoin ATMs are those who are so afraid of exchange, as many people believe they need some sort of skill before they can successfully buy from an exchange and make a good withdrawal with issue. I said this due to the experience I have had with a relative away who struggled to send bitcoin over to me sometime ago, even with the direction I gave her, she still ended up not being able to do it herself, and anything that has to do with online and they don't see a physical shop, most people have trust issues with that.

[Jawhead999]

What a heck, I never thought as this could ever happened with the use of bitcoin ATM, this means that the service providers of these ATMs needs to be verified before using them and one cannot use any ATM anyhow

I think not all bitcoin ATMs are asking KYC, that's why some users suggest Bitcoin ATMs when someone want to deal without KYC.

is it possible that they (or one of their employees) actually sold that database?

Talking a possibility, yes there's.

But the employees must be have had share their personal identity to the employer. In case something bad happen (like this one), the employees would be the first one that being investigated, so it's easy to catch him/them.

[posi]

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

What a heck, I never thought as this could ever happened with the use of bitcoin ATM, this means that the service providers of these ATMs needs to be verified before using them and one cannot use any ATM anyhow, this is another important massive discovery in which most of the bitcoin privacy minded user's might not have given attention to, getting to know about this, it may results i having a decline in the rate of people using the bitcoin ATM because they know that their privacy informations are not secured, but sadly it's also ridiculous to see that using a bitcoin ATM is one of the worst mean of exposing our privacy.

Once you use bitcoin in public, your privacy is also at risk, so using a bitcoin ATM or using bitcoin for payment will not guarantee our privacy. But people both want to ensure privacy and ensure that bitcoin will become a popular means of payment around the world. I really see the contradiction in our thoughts. Once we use KYC anywhere, the risk of information being stolen or sold is inevitable, even banks are selling our information.

[Yamane_Keto]

What makes a Bitcoin ATM company service request detailed data such as professions, physical addresses, social security numbers, and other data from the company, such as ATM transactions worth $100 to $5,000? Through this, Basic KYC, such as full name or passport photo, is sufficient, especially since the amount is less what requests by anti-money laundering services, which may request data such as the nature of income, position, and physical address.

This reminds me of the same data leak that happened to FTX after it filed for bankruptcy.

[yazher]

Honestly, this is not good, especially for those people who are vulnerable to attacks because they don't have enough security in their homes. There are lots of incidents where people are kidnapped and attacked to steal their bitcoins from them after they flex their BTC balance or someone just knows they have them. they were forced to ransom their selfs in order to save them from these bad people who wanted to steal their BTC. That's why we really need to save our address in order to prevent such things from happening to us especially our personal address and BTC balance.

[Text]

Instead of being convenient to use, there is a trade-off with added concerns due to the possibility of becoming a victim of identity theft and being used in cybercrimes. They need to monitor their bank accounts and credit reports for the aftermath of the breach, and it's worrisome to be in such a situation, as I won't be at ease. KYC is for identity verification, but it's disheartening to think that your personal information could be at risk of being used for malicious purposes such as deepfakes and other forms of impersonation.

[Odohu]

This looks like a leak of the Ledger database, only with the difference that the images of ATMs users are also included here. If we take into account that ATMs are usually the most expensive way of selling/buying cryptocurrencies, I wonder why all these users agreed to such KYC and did not use some CEX where they should still do KYC, but the fees would be many times less?

At first, I felt that Bitcoin ATM I'd one innovation that will Foster greater acceptance and adoption of Bitcoin as it offers more flexibility and accessibility to Bitcoin. Unfortunately,  events surrounding the operation of these ATMs and issues such as this one leaves nothing to be desired.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

This is likely the case...it was an easy money for whoever was involved since the company was already bankrupt.  This may benthe fate of most platforms hence the reason for my fears regarding KYC.

[acroman08]

seeing the news that was posted here in the forum about the Swedish couple who was tortured by criminals in order to get access to their Bitcoin assets makes this incident a lot scarier.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

it's possible, I mean it is not the first time a company has sold their user's sensitive data to get money from it.

[EluguHcman]

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

I don't have technical knowledge about this but with related experiences I have heard about hackers penetrating persons banks account through the ATM machines that retains the ATMs operators informations even after the ATM cards are ejected out from the machines.
I think they have a hardware device which is slotted in a Port of the ATM machines and reconfigures the machines programs and then they takes over the ATM machines language commands restoring the details of the previous ATM users.
I think I would blame the scientific technology of the ATMs operating system that stores informations of users in the machines else I don't think if this individual documents could be so easily comprised without obtaining the hardware device (ATM card). Hence I would suggest that the file that detects and stores this operators users of the ATMs should be abolished if possible to manage illegal intrudement of these hackers.
My little thoughts though!

quote author=DdmrDdmr link=topic=5473882.msg63149547#msg63149547 date=1699868170]
Specifically, the stolen information seems to be:

<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>

Most times, some of our personal full details should be kept private even though they are not secret keys because there would always be a way for compromise.
We are in the era of an advanced technology where impossibilities could be possible but at least, taken concious measures should be a paramount.

[Casdinyard]

The context is that of users of Coin Cloud Bitcoin ATM users in USA and Brazil. Though the company file for bankruptcy in February 2023, and I believe that all their Bitcoin ATM network is now non-operational, somewhere along the line hackers claim to have managed to make away with a bunch of very concerning personal data for something like 300.000 customers, alongside some 70.000 selfies provided at the ATMs themselves. The hackers are sharing their claims in private channels.

Specifically, the stolen information seems to be:

<…>  Social Security Number, Date of Birth, First Name, Last Name, e-mail address, Telephone Number, Current Occupation, Physical Address, and more. <…>

Once more, KYC sensible data has been (potentially) filtered at a very dangerous level, including information of user’s home addresses and complete names. Though not mentioned, one wonders if linked addresses and/or TXs may also form part of the breach, which would only worsen the situation by providing some tenancy information on top of the above (this is my speculation, not information cited in the below referenced sources).

See:
https://cointelegraph.com/news/coin-cloud-data-hack-united-states-brazil
https://twitter.com/vxunderground/status/1723749038057574425

Fuck. The very moment that you put you guard down and actually try out a bitcoin ATM, you subject yourself to risks of not only having your bitcoins stolen, but also getting your identity stolen at the same damn time. Since Coin Cloud's not operational anymore, who's gonna be responsible for the recompense that these 300k users will have to receive given the fact that their important info just got into the wrong hands.

As someone who personally experienced a similar situation as these poor folks (I got my PC contracted with a malware who not only stole my wallet's contents, but also stole important files on my harddrive and even went so far as to use my PC as an ethereum miner), what I would highly suggest they do is immediately get to the police to file a formal complaint even if the details on how to get the perpetrators apprehended are a little cloudy at the moment. The thing is that the police and justice units must know about this first and deem this as a major threat to mobilize their units and have them get to the bottom of this whole situation. Plus it's not that hard to imagine these hackers being in the same state or perhaps country as the victims considering that they only attacked a singular brand of ATM, which means investigation could go smooth and safe for the users who just got their information leaked.

While investigation is carrying on they need to secure their information by making sure that all their emails, if unable to be deleted, have their passwords changed and their 2FA activated. Their mobile numbers must also be changed, these are the most important things one should do soon as they find out they are exploited for the information they can provide.

[AmoreJaz]

seeing the news that was posted here in the forum about the Swedish couple who was tortured by criminals in order to get access to their Bitcoin assets makes this incident a lot scarier.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

it's possible, I mean it is not the first time a company has sold their user's sensitive data to get money from it.

inside job is also very possible in this case. for those users affected, better change other details that they think can b compromised. be cautious also for something that they will receive via emails claiming they need to log in or access any website to recover their lost keys or something. scammers will always find a way how to take the bait to their potential victims.

[Assface16678]

seeing the news that was posted here in the forum about the Swedish couple who was tortured by criminals in order to get access to their Bitcoin assets makes this incident a lot scarier.

Also, considering that the company behind everything went bankrupt, is it possible that they (or one of their employees) actually sold that database?

it's possible, I mean it is not the first time a company has sold their user's sensitive data to get money from it.

inside job is also very possible in this case. for those users affected, better change other details that they think can b compromised. be cautious also for something that they will receive via emails claiming they need to log in or access any website to recover their lost keys or something. scammers will always find a way how to take the bait to their potential victims.

True, this could be done by someone with access to the database of the said ATM or bank, because as a developer in database management, I can say that the sample information is in database format, or it is usually the structure of a row of data in a database, and it is alarming because if someone really releases it or gives it to hackers, then hackers could take advantage of this information as the information is crucial and vital. This should be actioned by the bank owner, or else they will be charged with heavy cases, and for those customers, better change the password or information of your account that is in that ATM, or else there will be inconvenience and, at worst, hackers might get something from you. I hope not all information is being extracted from the database, or else it will be doom for those users.

[adaseb]

I don’t understand why people use a bitcoin atm which requires KYC which a CEX also requires but is much more secure. And the fees are much much cheaper. Most exchanges you trade at 0.15-0.25% while a bitcoin atm is like 10%. Add in the fact that you need to KYC, I don’t see the point. Maybe it’s due to speed.

And yes all the bitcoin atms have a camera, and I am pretty sure it always records not only for the selfie image verification. This has been present in most bitcoin atms including the early ones.

[Kakmakr]

Well, the selfie in it self might not be an issue, if the scribbling on the poster, refer to the service that it was used for.

I always add the name of the service, where I use the photo or documents, so that it can be traced back to the origin of the leak.  

When I make a certified copy of the original, I write the name of the service for which it is used... on top of it.

[CODE200]

This is why I always wear a face mask whenever I go to the ATM or maybe even just let my parents use their own cards to get the money that I've transferred to their account, that way I don't have any interaction and even if my data is compromised, my face isn't the one posted. Has anyone presented or raised a bid to buy those data already? I assume that with all the information that was compromised, the price for the list is bound to be a lot of money. Man, with this kind of thing happening, KYC is becoming less and less attractive to me because I do consider that KYC can help with the AML policies surrounding cryptospace but at the same time, when things like this happen all the time, I just don't think that it's a good idea to advocate for it anymore.