Bitcoin Depot breach exposes data of nearly 27,000 crypto users

Bitcoin Depot breach exposes data of nearly 27,000 crypto users

Bitcoin Depot, an operator of Bitcoin ATMs, is notifying customers of a data breach incident that has exposed their sensitive information.

In the letter sent to affected individuals, the company informs that it first detected suspicious activity on its network last year on June 23.

Although the internal investigation was completed on July 18, 2024, a parallel investigation by federal agencies dictated that public disclosure of the incident should be withheld until it was completed.

“On July 18, 2024, the investigation was complete, and we identified your personal information contained within documents related to certain of our customers that the unauthorized individual obtained,” explains Bitcoin Depot in the letter.

“Unfortunately, we were not able to inform you sooner due to an ongoing investigation. Federal law enforcement requested that Bitcoin Depot wait to provide you notice until after they completed the investigation.”

The type of data that has been exposed in this incident varies from individual to individual and may include:

  • Full name
  • Phone number
  • Driver’s license number
  • Address
  • Date of birth
  • Email address

Bitcoin Depot is one of the largest Bitcoin ATM networks in the United States, operating 8,800 machines in the U.S., Canada, and Australia.

The information exposed in this incident is similar to data typically collected during Know-Your-Customer verification processes that crypto ATM operations in the U.S. are obliged to comply with as per applicable FinCEN regulations.

The number of people exposed in this incident is estimated to nearly 27,000.

Because the financial risk is related to cryptocurrency, letter recipients were not offered coverage through identity monitoring and theft protection services.

Instead, they are advised to maintain high alertness for signs of fraud, monitor their account statements, and consider placing a security freeze on their credit report.

In December 2024, a similar incident occurred at U.S. Bitcoin ATM operator Byte Federal, which disclosed a data breach affecting 58,000 customers.

In that case, the breach was caused by hackers exploiting a GitLab vulnerability to access a server hosting sensitive customer information.

BleepingComputer has contacted Bitcoin Depot about the security incident but a comment was not avaialble.

Tines Needle

While cloud attacks may be growing more sophisticated, attackers still succeed with surprisingly simple techniques.

Drawing from Wiz’s detections across thousands of organizations, this report reveals 8 key techniques used by cloud-fluent threat actors.


Source link