Erratum, July 3, 12:00 UTC: An earlier version of this article stated that, among others, the Evolve Bank data leak affected Copper. The affected entity was in fact fintech firm Copper Banking. Copper.co is a digital asset custody and trading solutions company, unrelated to Copper Banking, and was not affected by the vulnerability.
- Evolve Bank hack affected users on multiple crypto platforms.
- Russian hackers are likely behind the hack.
- Fed claimed Evolve Bank engaged in โunsafe practices.โ
Hacks have been rocking crypto since almost its inception. However, recent events show the crypto space is also open to vulnerabilities coming from more traditional institutions. This happened in the case of the crypto-friendly Evolve Bank, whose hack affected users of several crypto platforms, including Bitfinex.ย
Sponsored
According to the recent communication by Evolve Bank, the institution knew about the hack weeks before notifying the users after the hack had already been revealed. This lack of communication raises questions about the bank’s practices.
What Happened with the Evolve Bank Hack
On Monday, July 1, Evolve Bank revealed that it suffered a major security incident, falling victim to ransomware software. This happened after an employee clicked on a malicious link, reportedly sent to them by a Russian ransomware group Lockbit.
According to Evolve Bankโs statement, the company first learned about the hack on March 31. That same day, they resolved the issue, claiming no further vulnerabilities occurred. However, the bank only notified its users on July 1, days after the hackers had already leaked the data.
The compromised user data, amounting to 33 terabytes, included highly sensitive information, such as usersโ names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses.
The breach affected 155,586 accounts across multiple Evolve Bank partners, including Affirm, Mercury, and Wise. It also affected users of well-known crypto entities, including Bitfinex, Nomad, and Copper Banking.
Evolve Bank in More Controversy Beyond Hack
The recent ransomware hack is not the only controversy surrounding the Evolve Bank. Recently, the Federal Reserve Board issued an enforcement action against the bank, citing deficiencies in anti-money laundering (AML), risk management, and consumer compliance programs.
On June 14, the Fed and the Arkansas State Bank Department mandated Evolve Bank enhance its policies and programs to address risks, particularly risks surrounding its partnerships with financial technology companies. This includes implementing stricter oversight and monitoring procedures, improving recordkeeping, and ensuring compliance with AML laws and consumer protection regulationsโ.
Interestingly, the recent ransomware hack affected the partnerships that the Fed warned about, exposing the data from users across multiple platforms. This includes users who were never customers of the Evolve Bank but were still customers of one of its partners, including those in crypto.
On the Flipside
- US regulators have made it increasingly harder for crypto companies to find reliable banking partners. This has pushed many to work with any bank that would take them, like the Evolve Bank.
- Evolve Bank is not the only crypto-friendly bank that had major issues recently. In 2023, a string of crypto-friendly banks faced bankruptcies, including Silvergate. The bank did business with crypto exchanges, including FTX and Kraken.
Why This Matters
Security remains the paramount concern for all digital and financial institutions, especially in crypto. Leaked account details and personal information can lead to access to user accounts and expose users to further hacks and scams.
Read more about high-profile hacks linked to Russia:
Blockchain Trail Links FTX $477 Million Hacker to Russia
Read more about Solanaโs recent performance:
Solana Flipped Ethereum Again, This Time in Record Frequency