Shuffle Hit By Data Breach After Third-Party CRM Hack

Shuffle, a leading crypto betting platform, suffered a data breach after its third-party customer service provider was compromised, exposing the data of most of its users.

According to a Friday X post from Shuffle founder Noa Dummett, the company’s customer relationship management (CRM) service provider, Fast Track, suffered a data breach that exposed its users’ data. Shuffle used the service in question for “programmatic email sending and various communications with users,” suggesting that those messages and email addresses were likely among the data breached.

“Unfortunately, it seems that their breach has impacted the majority of our users,” Dummett wrote. He said that the company is investigating how the breach took place and “where this data ended up.”

The amount of data is likely to be significant. According to SimilarWeb, Shuffle is the 12,064th most-visited website in the world at the time of writing. Dummett also noted that the company will be looking for alternatives to Fast Track.

“We’ll also be looking into ways we can mitigate the risks that exist with 3rd party systems in future.“

Neither Dummett nor Fast Track replied to Cointelegraph’s request for comment by publication.

Related: New York crypto torture case suspects out on $1M bail each

Data breaches affect the crypto industry

Even if a data breach only exposes emails or customer-support messages, crypto users face a heightened risk because attackers can weaponize that information for phishing and social engineering — impersonating exchanges or wallets to steal private keys or funds. Unlike traditional accounts, cryptocurrency transactions are irreversible, meaning a single successful scam can result in a total and permanent loss.

A recent example was the database containing the sensitive age verification data of more than 2.1 million users (including photos of documents) leaked from Discord, a gaming messaging platform popular among crypto users. Last month, crypto exchange Crypto.com denied that it kept a 2023 data leak of user details a secret.

Over the summer, crypto ATM operator Bitcoin Depot notified its users of a data breach from mid-2024 that exposed the private information of nearly 27,000 customers.

Coinbase was also reportedly informed in January that an employee of an outsourcing firm may have leaked customer data.

Related: Bitcoin ’wrench attacks’ on track to double its worst year

Crypto data leaks put people in physical danger

Another issue arising from the leak of data that can lead to the identification of crypto holders exposes them to so-called $5 wrench attacks. This type of attack involves stealing someone’s cryptocurrency by physically threatening or coercing them — the name references being hit with a wrench to reveal one’s password, as depicted in an XKCD comic.

At the end of August, an Indian anti-corruption court sentenced 14 individuals to life imprisonment in a case involving the kidnapping and extortion of crypto from a Surat-based businessman in 2018. The situation got bad enough that Alena Vranova, founder of SatoshiLabs, warned of the increase in $5 wrench attacks and claimed that “every week, there is a Bitcoiner, at least one in the world, who gets kidnapped, tortured, extorted, and sometimes even worse.”

The situation has deteriorated to the point where crypto custodians are experiencing increased interest in their services due to the rising frequency of so-called “$5 wrench attacks” targeting cryptocurrency traders, investors, and project leaders.

The Shuffle incident highlights a recurring weakness across the cryptocurrency ecosystem — centralized intermediaries handling sensitive user data — and underscores the need for more transparent security audits and risk management practices.

Magazine: Here’s how to keep your crypto safe