SUMMARY
- Byte Federal, the largest US Bitcoin ATM operator, suffered a data breach affecting 58,000 customers.
- Hackers exploited a vulnerability in GitLab to access sensitive customer data.
- Exposed information includes names, IDs, addresses, and transaction histories.
- Byte Federal secured systems, notified customers, and is investigating with experts.
- Customers are urged to reset passwords and monitor accounts for fraud.
Byte Federal, the US’s largest Bitcoin ATM operator offering around 1,200 Bitcoin ATMs across the country, recently confirmed a data breach that potentially exposed the personal information of 58,000 customers.
The company submitted a report to Maine’s attorney general, revealing that the breach occurred on September 30th, 2024, but wasn’t discovered until November 18th. A consumer notification was published (PDF) on November 27th.
It is worth noting that this is the second data breach Byte Federal has experienced. In March 2023, hackers successfully stole $1.5 million worth of Bitcoin from the company.
What Happened?
Hackers exploited a vulnerability in a third-party software platform called GitLab to gain unauthorized access to one of Byte Federal’s servers. Upon discovering the breach, Byte Federal immediately shut down its platform, isolated the hackers, and secured the compromised server. They also implemented additional security measures, including resetting all customer accounts.
What Information Was Involved?
The compromised data may include a combination of the following for affected customers:
- Name
- Birthdate
- Address
- Photographs
- Phone number
- Email address
- Transaction history
- Social Security number
- Government-issued ID number
What Byte Federal is Doing
At the time of this writing, Byte Federal has no evidence that any information was misused or user funds/assets were compromised. The company is currently conducting a forensic investigation with the help of a cybersecurity team to determine the full scope of the breach. They are also cooperating with law enforcement.
The company has notified all affected customers via mail and issued a press release. Additionally, they’ve updated their website with further details and suggest the following steps for customers:
- Reset login credentials for Byte Federal services
- Monitor bank and credit card statements for fraudulent activity
- Obtain a free credit report and monitor it regularly for unauthorized activity
- Place a fraud alert or security freeze on credit reports with major credit reporting agencies (Experian, Equifax, TransUnion)
If you are a Byte Federal customer, follow the recommendations outlined above. Additionally, Byte Federal provided contact information for their dedicated helpline and customer service email for further assistance. They also encourage them to report any suspicious activity immediately.
Cryptocurrency platforms are facing increasing cyber threats, where attackers are targeting both assets and personal information, highlighting the ongoing challenges the cryptocurrency industry faces in safeguarding user data. Recently, hackers posted fake claims and phishing links, announcing a new CEO of Giggle Academy, founded by former Binance CEO Changpeng Zhao.
In October 2024, crypto payment services firm Transak suffered a data breach that exposed the information of over 92,000 individuals. This breach compromised sensitive data such as names, birthdays, passport and driver’s license information, and user selfies. Such incidents highlight the need for enhanced security measures within the crypto industry.
Roger Grimes, data-driven defense evangelist at KnowBe4, shared the following comment with Hackread.com regarding this news stating, “It seems like Byte Federal is doing all the right things in response to this security breach. Other companies should take note. My biggest worry would be a user’s funds or private keys being compromised, but this doesn’t appear to have happened, and that’s a good thing.“
Roger explained that “Although, the information the attacker did have access to could easily be used in sophisticated spear phishing attacks using crypto-related themes. That’s the only remaining worry. Byte Federal customers have to understand that some attackers intent on stealing their crypto value could use learned information against them in sophisticated phishing attacks and act accordingly.“
