Shuffle, a leading cryptocurrency betting platform, suffered a data breach after its third-party customer service provider was compromised, exposing the data of most of its users.
Shuffle founder Noah Dummett posted on Friday X that his company’s customer relationship management (CRM) service provider, Fast Track, suffered a data breach that exposed users’ data. Shuffle uses the service in question for “programmatic email sending and various communications with users,” suggesting that these messages and email addresses were likely among the leaked data.
“Unfortunately, it appears that their breach affected the vast majority of users,” Dummett wrote. He said the company is investigating how the breach occurred and “where this data ended up.”
The amount of data can be huge. At the time of this writing, Shuffle was the 12,064th most visited website in the world, according to SamelikeWeb. Dummett also said the company is looking for alternatives to Fast Track.
“In the future, we will also look at ways to reduce the risks present in third-party systems.”
sauce: Noah Dummett
Neither Dummett nor Fast Track responded to Cointelegraph’s requests for comment by the time of publication.
Related: $1 million bail for each suspect in New York cryptocurrency torture case
Data breaches impact the cryptocurrency industry
Even if a data breach only exposes emails or customer support messages, cryptocurrency users face a high risk because attackers can weaponize that information for phishing and social engineering, impersonating exchanges and wallets to steal private keys and funds. Unlike traditional accounts, cryptocurrency transactions are irreversible. This means that once the fraud is successful, complete and permanent losses can occur.
A recent example is the leak of a database containing sensitive age verification data (including photos of documents) for more than 2.1 million users from Discord, a popular gaming messaging platform among cryptocurrency users.
Last month, cryptocurrency exchange Crypto.com denied keeping a data breach of user details in 2023 a secret.
Over the summer, cryptocurrency ATM operator Bitcoin Depot notified users of a data breach that exposed the personal information of approximately 27,000 customers starting in mid-2024.
Coinbase was also reportedly informed in January that an employee of the outsourcing company may have compromised customer data.
Related: Bitcoin “wrench attacks” are expected to double in the worst year
Encrypted data breach puts people in physical danger
Another issue arising from a data breach could lead to the identification of crypto asset holders, exposing them to so-called $5 wrench attacks. This type of attack involves physically threatening or coercing someone to steal their cryptocurrency. The name is a reference to being hit with a wrench to reveal passwords, as depicted in the XKCD comics.
5 dollar wrench attack manga. sauce: Xkcd
At the end of August, an Indian anti-corruption court sentenced 14 people to life imprisonment in a case involving the kidnapping and crypto heist of a Surat-based businessman in 2018. The situation has gotten so bad that Satoshi Lab founder Alena Vranova warned of an increase in five-dollar wrench attacks, saying, “Every week, at least one Bitcoiner around the world is kidnapped, tortured, robbed, and sometimes worse.”
The situation has worsened to the point where crypto custodians are becoming more interested in their services due to the increasing frequency of so-called “$5 wrench attacks” targeting crypto traders, investors, and project leaders.
The Shuffle incident highlights a recurring vulnerability across the cryptocurrency ecosystem: centralized intermediaries that handle sensitive user data, and highlights the need for more transparent security auditing and risk management practices.
magazine: Here’s how to keep your crypto safe
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
