Major United States-based Bitcoin automated teller machine (BTM) company Byte Federal has suffered a major data breach.
A Thursday filing with Maine’s attorney general shows that Byte Federal’s breach allowed the attacker to access the personal data of 58,000 customers, including 111 Maine residents. The company noticed the attack on Nov. 18, more than a month after it occurred on Sept. 30.
Venket Naga, co-founder and CEO of security-focused data storage service Serenity, told Decrypt that the incident shows the dynamic nature of constantly expanding cybersecurity threats. According to him, crypto industry firms “must adopt adaptive frameworks that evolve with emerging risks, posing risks to both the physical and underlying infrastructure involved with blockchain.”
CoinATMRadar data shows that Byte Federal operates 1,356 Bitcom ATMs in the United States. This is equivalent to about 4.3% of all crypto ATMs in the country.
German Authorities Seize $279,000 in Bitcoin ATM Crackdown
Editor's note: This article has been updated to correct the amount seized. In a sweeping operation across Germany, financial regulators and law enforcement agencies have confiscated nearly €250,000 (about $279,000) in cash and shut down 13 cryptocurrency ATMs operating without proper authorization. The German Federal Financial Supervisory Authority (BaFin) announced the results of this coordinated effort on Tuesday, in a statement that highlighted concerns over money laundering risks associated...
The attack was reportedly a consequence of a third-party service being exploited. After detecting the incident a month later, Byte Federal decided to shut down its platform and reassured users that no funds were lost.
A joint statement from smart contract auditors at crypto cybersecurity firm Hacken Ataberk Yavuzer and Olesia Bilenka explains that the “incident occurred due to an unpatched or outdated GitLab system.” It goes on to add that “inadequate server segmentation” could be what allowed attackers to access sensitive customer data.
“It is very likely that the GitLab repositories contained sensitive credentials to access Byte Federal’s databases, which include name, birthdate, address, phone number, email address, government-issued ID, social security number, transaction activity, and user photograph information,” the auditors highlighted.
Despite the breach, the company noted that it found no evidence that customer data was actually misused or accessed. “Nonetheless, we are taking precautionary measures to ensure the security of your data and to help alleviate any concerns you may have.” the letter to customers read.
Byte Federal also noted it’s working with an independent cybersecurity team on a forensic investigation of the incident and might pursue legal action.
Byte Federal said it applied a hard reset to all customer accounts and sent a notice concerning the incident. The company also changed internal passwords, the password management system, tokens and keys to prevent further breaches.
Crypto ATM Company Bitcoin Depot Launches on Nasdaq
Bitcoin ATM operator Bitcoin Depot today launched on the Nasdaq stock exchange, making it the first U.S. company of its kind to go public. The company—one of the largest Bitcoin ATM operators in the country—last week announced its merger with blank check company GSR II Meteora. Bitcoin Depot, which is listed under the ticker BTM, was trading for $3.61 per share at the time of writing, according to Nasdaq data. At one point earlier this morning, the price was as high as $6.62—a noticeable shift...
The company urged customers to reset their login credentials. It warned that users may be asked to verify their personal information—providing more confidential data to a firm that just experienced a potential data leak.
“The Byte Federal incident is yet another example of how forcing commercial activities to retain their customers' data is the worst practice concerning their privacy,” an anonymous former Bitcoin ATM operator told Decrypt. They wanted to withhold their identity because they chose to shut down their service rather than comply with know-your-customer rules.
“In the case of cryptocurrencies, these data breaches are even more dangerous for users because they associate their personal information with a specific type of financial activity, making them easy targets for theft and fraud,” the former Bitcoin ATM operator added.
Edited by Stacy Elliott.
