On October 10, 2025, Shuffle.com, a rapidly expanding crypto betting platform, confirmed it suffered a significant data breach. This incident led to the exposure of personal information for most of its users, as hackers targeted a third-party customer management system.
The breach affected Fast Track, an iGaming CRM provider used by Shuffle for managing customer data and email communications. Noah Dummett, the founder of Shuffle, indicated that the security incident impacted a large portion of the platform’s user base.
Details of the Stolen Data
The data breach resulted in the theft of various personal information. Hackers accessed full names, email addresses, home addresses, phone numbers, and complete transaction histories. Additionally, the breach revealed betting patterns and logs of customer support messages.
More alarmingly, the attackers obtained KYC (Know Your Customer) verification documents, which included users’ driver’s license and passport copies used for age and identity verification, a requirement for compliance with Curaçao eGaming regulations.
Security of User Accounts
Shuffle reassured users that their account passwords and login details were not compromised, as these credentials were not stored with the third-party provider. All funds in Shuffle accounts remain secure and were unaffected during the breach.
Fast Track confirmed that the breach has been contained, posing no ongoing risk to user data. The company, SOC 2 certified, maintains strict data security standards, although this did not prevent the sophisticated attack from occurring.
Implications for Users and Industry Trends
The data breach presents serious risks for affected users. Given the nature of cryptocurrency, compromised personal information can lead to targeted phishing and social engineering attacks. Criminals may impersonate legitimate exchanges to deceive users into sharing private keys or transferring funds.
The incident underscores a troubling trend within the crypto and gaming industries, with similar breaches impacting platforms like Discord and Bitcoin Depot in recent years. The Shuffle incident reveals vulnerabilities within centralized third-party services handling sensitive information, even amidst the trend toward decentralization in crypto technology.
Conclusion
The Shuffle data breach highlights the ongoing vulnerabilities faced by crypto platforms due to their reliance on third-party providers. Users should assume their information has been compromised and take immediate steps to enhance their security, staying vigilant against potential phishing attempts that leverage their stolen data.
