Byte Federal is a leading Bitcoin Automated Teller Machine (BTM), based in the United States. The company suffered from a serious data breach.
According to a filing made Thursday with Maine’s Attorney General, Byte Federal breached allowed attackers access to personal information of over 58,000 users. This includes 111 Maine residents. It was only on November 18 that the company became aware of the breach, more than one month after its occurrence on September 30.
Venket Naga is the co-founder of Serenity and its CEO. Decrypt The incident is a good example of the ever-changing nature of cyber threats. Crypto industry firms, he said, are at the forefront of cyber threats. “must adopt adaptive frameworks that evolve with emerging risks, posing risks to both the physical and underlying infrastructure involved with blockchain.”
CoinATMRadar’s data indicates that Byte Federal is the operator of 1,356 Bitcom machines in the United States. The number is equal to approximately 4,3% of all the crypto ATMs across the nation.
According to the report, an unreliable third-party website was exploited. Byte Federal, after discovering the incident one month later decided to close its platform. It assured customers that there was no loss of funds.
The smart contract auditors from Hacken Ataberk Yavuzer, a crypto-cybersecurity firm, and Olesia Bilenka explain in a joint declaration that the “incident occurred due to an unpatched or outdated GitLab system.” Then, it goes on to say that “inadequate server segmentation” This could have been what enabled attackers to gain access to sensitive customer data.
“It is very likely that the GitLab repositories contained sensitive credentials to access Byte Federal’s databases, which include name, birthdate, address, phone number, email address, government-issued ID, social security number, transaction activity, and user photograph information,” The auditors’ highlights
The company said that despite the breach it had found no proof that the data of customers was misused or accessed. “Nonetheless, we are taking precautionary measures to ensure the security of your data and to help alleviate any concerns you may have.” Read the customer letter.
Byte Federal has also stated that it is working with an independently-led cybersecurity team to conduct a forensic analysis of the incident, and may pursue legal action.
Byte Federal has said it reset hard all of its customer’s accounts. It also sent an alert about the incident. In order to avoid further hacking, the company changed its password management system and tokens.
Customers were urged to change their passwords. It warned that users may be asked to verify their personal information—providing more confidential data to a firm that just experienced a potential data leak.
“The Byte Federal incident is yet another example of how forcing commercial activities to retain their customers' data is the worst practice concerning their privacy,” Former Bitcoin ATM operators anonymously told Decrypt. They chose to stop their service instead of complying with the rules on knowing your customer.
“In the case of cryptocurrencies, these data breaches are even more dangerous for users because they associate their personal information with a specific type of financial activity, making them easy targets for theft and fraud,” Former Bitcoin ATM operators added
Stacy Elliott edited this article.