Shuffle, a leading cryptocurrency betting platform, suffered a data breach after its third-party customer service provider was compromised, exposing the data of most of its users.
Shuffle founder Noah Dummett posted on Friday X that his company’s customer relationship management (CRM) service provider, Fast Track, suffered a data breach that exposed users’ data. Shuffle uses the service in question for “programmatic email sending and various communications with users,” suggesting that these messages and email addresses were likely the result of a data breach.
“Unfortunately, it appears that their breach affected the vast majority of users,” Dummett wrote. He said the company is investigating how the breach occurred and “where this data ended up.”
The amount of data can be huge. According to SamelikeWeb, Shuffle is the 12,064th most visited website in the world at the time of this writing. Dummett also said the company is looking for alternatives to Fast Track.
“In the future, we will also look at ways to reduce the risks present in third-party systems.”
Neither Dummett nor Fast Track responded to Cointelegraph’s requests for comment via publication.
Related: $1 million bail for each suspect in New York cryptocurrency torture case
Data breaches impact the cryptocurrency industry
Even if a data breach only exposes emails or customer support messages, cryptocurrency users face a high risk because attackers can weaponize that information for phishing and social engineering, impersonating exchanges and wallets to steal private keys and funds. Unlike traditional accounts, cryptocurrency transactions are irreversible. This means that once the fraud is successful, complete and permanent losses can occur.
A recent example is the leak of a database containing sensitive age verification data (including photos of documents) for more than 2.1 million users from Discord, a popular gaming messaging platform among cryptocurrency users. Last month, cryptocurrency exchange Crypto.com denied keeping a data breach of user details in 2023 a secret.
Over the summer, cryptocurrency ATM operator Bitcoin Depot notified users of a data breach that exposed the personal information of approximately 27,000 customers starting in mid-2024.
Coinbase was also reportedly informed in January that an employee of the outsourcing company may have compromised customer data.
Related: Bitcoin wrench attacks are expected to double in worst-case scenario
Encrypted data breach puts people in physical danger
Another issue arising from a data breach could lead to the identification of crypto asset holders, exposing them to so-called $5 wrench attacks. This type of attack involves physically threatening or coercing someone to steal their cryptocurrency. The name refers to being hit with a wrench to reveal a password, as depicted in the XKCD comics.
At the end of August, an Indian anti-corruption court sentenced 14 people to life imprisonment in a case involving the kidnapping and crypto heist of a Surat-based businessman in 2018. The situation has gotten so bad that Satoshi Lab founder Alena Vranova warned of an increase in five-dollar wrench attacks, saying, “Every week, at least one Bitcoiner around the world is kidnapped, tortured, robbed, and sometimes worse.”
The situation has worsened to the point where there is growing interest in the services of crypto custodians due to the increasing frequency of so-called “$5 wrench attacks” targeting crypto traders, investors, and project leaders.
The Shuffle incident highlights a recurring vulnerability across the cryptocurrency ecosystem: centralized intermediaries that handle sensitive user data, and highlights the need for more transparent security auditing and risk management practices.
magazine: Here’s how to keep your crypto safe