Shuffle.com, one of the fastest-growing crypto betting platforms, confirmed a major data breach on October 10, 2025. The breach exposed personal information belonging to most of its users after hackers targeted a third-party customer management system.
The attack hit Fast Track, an iGaming CRM provider that Shuffle used for email communications and customer data management. According to Shuffle founder Noah Dummett, the majority of the platform’s users were affected by the security incident.
What Information Was Stolen
The stolen data includes a wide range of personal details. Hackers accessed full names, email addresses, home addresses, phone numbers, and complete transaction histories. The breach also exposed betting patterns and customer support message logs.
More concerning, attackers obtained KYC (Know Your Customer) verification documents. These include copies of driver’s licenses and passports that users uploaded to verify their age and identity. The platform collects this information to comply with Curaçao eGaming regulations.
Source: @noahdummett
Payment information was partially compromised, including payment types and the last four digits of card numbers. However, Shuffle emphasized that full payment credentials were not stored with Fast Track.
User Accounts and Funds Remain Secure
Shuffle assured users that their account passwords and login credentials were not part of the stolen data. The company stated that these security details were never stored with the third-party provider. All player funds in Shuffle accounts remain secure and were not accessed during the breach.
Fast Track told Shuffle that the breach has been contained and poses no ongoing risk to user data. The company is SOC 2 certified and maintains high data security standards, though this certification did not prevent the sophisticated attack.
How the Attack Happened
Fast Track described the incident as a “highly sophisticated cyber attack” that specifically targeted two clients on its platform. The company detected the breach in early October and immediately stopped the attack after discovery. Fast Track confirmed that no other clients beyond the two targeted companies were impacted.
The exact method hackers used to breach Fast Track’s systems remains under investigation. Both Shuffle and Fast Track are working to understand how the attack occurred and what additional impacts it may have.
Shuffle plans to end its partnership with Fast Track and is looking for alternative CRM providers. The company is also exploring ways to reduce risks associated with third-party systems in the future.
Who Is Affected
The breach impacts a substantial user base. Shuffle launched in February 2023 and has grown rapidly, now processing over $2 billion in monthly wagers. The platform supports 17 different cryptocurrencies and offers more than 4,000 games from major providers.
The Melbourne-based company raised $2.5 million in seed funding and became profitable within five months of operation. Founder Noah Dummett previously worked at crypto firms including FTX and Alameda Research before launching Shuffle.
Risks for Crypto Users
This breach creates serious risks for affected users. Crypto holders face heightened dangers from data breaches because attackers can use personal information for targeted phishing and social engineering attacks.
Criminals may pose as legitimate crypto exchanges or wallet providers to trick users into revealing private keys or transferring funds. Unlike traditional bank transactions, cryptocurrency transfers cannot be reversed. A single successful scam results in permanent and total loss of funds.
The stolen KYC documents create additional risks. Attackers can use copies of driver’s licenses and passports for identity theft, opening accounts in victims’ names, or accessing other services.
Security experts also warn about the rise of “$5 wrench attacks” against crypto holders. These physical threats involve criminals using personal information to locate and coerce victims into handing over cryptocurrency.
Shuffle urged users to enable two-factor authentication on their accounts and stay alert for phishing attempts. Users should expect highly convincing fake emails that reference their personal information, recent transactions, and specific betting activity.
Industry Pattern
This incident follows a troubling pattern in the crypto and gaming industries. Similar breaches have affected Discord users (2.1 million accounts), Bitcoin Depot customers (27,000 accounts), and multiple other platforms in 2024 and 2025.
The Shuffle breach highlights a weakness in the cryptocurrency space: centralized third-party services that handle sensitive user data. Even platforms focused on crypto’s decentralized principles often rely on traditional service providers that become attack targets.
Fast Track is an iGaming CRM automation platform founded in 2016 with offices in Malta, Sweden, Spain, and the United States. The company serves over 100 operator partners worldwide and provides real-time player data management and engagement tools.
The Bottom Line
The Shuffle data breach demonstrates that crypto platforms remain vulnerable through their third-party providers, regardless of their own security measures. Users should assume their personal information has been compromised, enable all available security features, and remain vigilant against phishing attempts using their stolen data. The incident reinforces that storing cryptocurrency on any platform—even secure ones—carries risks beyond just market volatility.