Bitcoin Depot Hack Leaks Data of 27K Crypto Users
▼ Summary
– Bitcoin Depot, a Bitcoin ATM operator, has notified customers of a data breach exposing sensitive personal information.
– The breach was first detected on June 23, 2023, but disclosure was delayed until July 18, 2024, due to a federal investigation.
– Exposed data includes full names, phone numbers, driver’s license numbers, addresses, dates of birth, and email addresses.
– Nearly 27,000 individuals were affected, but they were not offered identity protection services due to the cryptocurrency-related risk.
– A similar breach occurred at Byte Federal in December 2024, affecting 58,000 customers due to a GitLab vulnerability.
Bitcoin ATM operator Bitcoin Depot has confirmed a major data breach affecting nearly 27,000 users, exposing sensitive personal information collected during customer verification processes. The company detected unauthorized network activity in June 2023 but delayed public disclosure at the request of federal investigators until their parallel probe concluded this month.
According to notifications sent to impacted individuals, the compromised data includes full names, phone numbers, physical addresses, email addresses, dates of birth, and driver’s license numbers, details typically gathered to comply with anti-money laundering regulations. Bitcoin Depot operates one of North America’s largest crypto ATM networks, with over 8,800 machines across the U.S., Canada, and Australia.
Unlike conventional financial data breaches, victims won’t receive identity theft protection services due to the cryptocurrency-specific nature of the risks. Instead, the company urges users to monitor accounts vigilantly, watch for phishing attempts, and consider credit freezes to mitigate potential fraud. The delayed disclosure highlights challenges in balancing regulatory requirements with timely consumer alerts, federal law enforcement explicitly requested postponement until their investigation wrapped up on July 18, 2024.
This incident mirrors a December 2023 breach at rival operator Byte Federal, where hackers exploited a GitLab flaw to access data on 58,000 customers. Both cases underscore persistent security vulnerabilities in crypto ATM infrastructure, particularly around KYC (Know Your Customer) documentation storage. Bitcoin Depot has yet to clarify whether the breach stemmed from external hacking or internal system weaknesses.
With cryptocurrency scams proliferating, experts emphasize that exposed personal data could fuel targeted social engineering attacks. Users are advised to enable two-factor authentication on all crypto exchange accounts and scrutinize unsolicited communications requesting sensitive details. Regulatory scrutiny of crypto ATM operators’ data practices is likely to intensify following these repeated breaches.
(Source: Bleeping Computer)
