Cyber Incident Victim: Litebit

Litebit.eu, a prominent Dutch cryptocurrency broker, experienced two separate data breaches within a six-week period in 2017, with the second incident confirmed on September 12. The first breach occurred in August 2017 and was disclosed by the company as a "potential" compromise of customer accounts, though no funds were stolen. Approximately six weeks later, attackers successfully infiltrated Litebit's backend systems on September 12, gaining unauthorized access to customer databases containing email addresses, hashed passwords, and International Bank Account Number (IBAN) information. The breach did not result in theft of cryptocurrency funds or compromise of wallet security. Litebit promptly reported both incidents to Dutch law enforcement authorities and the national Data Protection Authority, though investigation outcomes remained undisclosed at the time of reporting.

The September breach specifically exposed personally identifiable information including payment methods, physical addresses, and phone numbers alongside the compromised credentials and banking details. In response to both incidents, Litebit advised affected users to immediately change their account passwords and reset two-factor authentication (2FA) configurations. The company attributed the security failures to vulnerabilities involving a third-party supplier rather than direct compromises of their core systems. These consecutive breaches impacted a significant portion of Litebit's customer base given its position as one of the Netherlands' largest cryptocurrency brokers. The repeated security incidents raised concerns about the broker's operational resilience despite no financial losses occurring, with the company maintaining transparency through public disclosures and regulatory notifications throughout both events.