Three executives from Evolve, a crypto-friendly bank that suffered a data leak affecting at least 7.6 million customers, have all reportedly left their jobs.

According to financial journalist Jason Mikula, the bank’s chief credit officer, corporate controller, and chief lending officer-open banking have left their roles. 

Evolve was hacked by the Russia-based ransomware group Lockbit in May with a whopping 33 terabytes of user data leaked the following month. This data belonged to customers from Bitfinex, Nomad, and Copper Banking. 

Data included personal information such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. 

Evolve has reportedly been pausing certain wire transfers over $3,000. In these cases, a so-called ‘travel rule’ kicks in that requires the collection of additional data.  

There may be more shoes yet to drop

Mikula told Protos, “Evolve is facing enormous challenges on multiple fronts right now, and I suspect there may be more shoes yet to drop.

“Retaining and attracting talent can become a major challenge for troubled institutions like Evolve. The work of remediating a consent order — to say nothing of the Russia-linked ransomware attack or Synapse bankruptcy — can be time-consuming, tedious, and often thankless.” 

Read more: Federal Reserve issues enforcement action against Evolve Bank

Evolve Bank and Trust and ​​Evolve Bancorp were issued the consent order in June. It claimed the bank had “deficiencies in its anti-money laundering, risk management, and consumer compliance programs.”

Mikula said, “Experienced, skilled executives with other options don’t always want to stick around for that, while less-skilled or motivated employees may be more likely to.” 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Three execs from ‘troubled’ Evolve Bank have left their jobs appeared first on Protos.

Crypto-friendly Evolve Bank and Trust has admitted that it has known about ‘unauthorized activity’ — specifically the theft of 33 terabytes of user data — for the past month despite only notifying end users about the breach last week.

The data leak, which has been attributed to infamous Russia-based ransomware group Lockbit, reportedly includes personal details belonging to Bitfinex users.

Evolve said on Monday that in late May, some of its systems stopped working properly due to ‘unauthorized activity’ that appears to stem from an employee accidentally clicking on a malicious link. 

The bank claims it stopped the attack ‘within days’ and hasn’t seen any more unauthorized activity since May 31. It also didn’t pay the ransom demand and says Lockbit mistakenly attributed the data to the Federal Reserve. 

Despite this activity, as reported by Fintech Business Weekly (FBW) reporter Jason Mikula, “It appears [Evolve Bank] didn’t notify impacted fintechs (or end users) until the breach became public last week.”

Bitfinex accounts included in Evolve leak

The data stolen from Evolve Bank reportedly includes personally identifiable information (PII), such as names, addresses, social security and tax ID numbers, dates of birth, account balances, and email addresses. The data reportedly comes from 155,586 accounts linked to firms including Bitfinex, Nomad, and Copper Banking. 

An industry source told FBW, “I can’t think of a data breach with this much PII and consumer and commercial financial data…. that then is publicly available…. Ever.”

Read more: Crypto ransom group LockBit leaks stolen pharmacy staff data

Mikula has since received a cease and desist email from Evolve. He said, “If people misunderstood my posts to mean that I would share sensitive PII in my reporting, please know that was never my intent.”

One anonymous source claiming to be an exec impacted by the Evolve hack reportedly asked Mikula for the leaked files as they hadn’t “gotten confirmation from Evolve.”

Today’s announcement was updated from a June 26 version which omitted disclosure of May’s ‘unauthorized activity.’

Update July 2, 09:51 UTC: Changed the headline and body to clarify it was Copper Banking included in the leaked Lockbit documents. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Evolve Bank leak has personal data of Bitfinex, Copper Banking, Nomad users appeared first on Protos.

Crypto ransomware group Lockbit leaked 33 terabytes of Evolve Bank and Trust data yesterday despite initially threatening to release data from the Federal Reserve ‘containing Americans’ banking secrets.’

As part of the leak, Lockbit shared a link to a press release detailing the Federal Reserve’s enforcement action against Evolve Bank. Evolve Bank and Trust agreed to a cease-and-desist order in June after the Federal Reserve “found that Evolve engaged in unsafe and unsound banking practices,” in relation to its fintech partnerships.

Lockbit is also reported to have leaked parent directories, torrents, and compressed archive files from Evolve Bank and Trust.

According to Fintech Business Weekly reporter Jason Mikula, industry sources say the situation is “as bad as it gets,” as documents containing “end user PII, including SSNs, card PANs, wires, and settlement files,” have been leaked. 

LockBit listed the ransom demand for an undisclosed sum on Sunday where it claimed negotiations had failed. It said, “You better hire another negotiator within 48 hours, and fire this clinical idiot who values Americans’ bank secrecy at $50,000.”

Evolve told its clients in an email, “We acknowledge these reports and are actively investigating the situation.”

“The Evolve team, in collaboration with law enforcement and government agencies, is monitoring and addressing this matter with the utmost diligence and transparency,” it added. 

Read more: Federal Reserve issues enforcement action against Evolve Bank

Evolve Bank and Trust facilitated customer accounts for the fintech middleman firm Synpase which declared bankruptcy in April.

Following Synapse’s collapse there’s a reported disappearance of $109 million in customer deposits that was held by several banks, including Evolve, for fintech firm Yotta. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Customer data from crypto-friendly Evolve Bank leaked by Lockbit appeared first on Protos.

Evolve Bank and Trust has agreed to a cease-and-desist order with the Federal Reserve after it “found that Evolve engaged in unsafe and unsound banking practices” surrounding some of its fintech partnerships.

Furthermore, the Federal Reserve found that Evolve did not have “controls sufficient to comply with anti-money laundering laws.” 

Evolve has been thrust into the banking industry spotlight recently as many fintech users have had their accounts frozen due to the failure of Synapse Financial Technologies, the middleman that connected Evolve to these various fintechs. 

The problem has grown in complexity as the ledgers of Synapse and Evolve, and even some of the fintechs like Yotta, disagree on how much money is meant to be in certain accounts.

Evolve has been an important bank for the crypto ecosystem, serving as the card issuer for BlockFi’s credit cards and providing checking accounts and debit cards for FTX customers.

The recent examiner report in the FTX bankruptcy court also highlighted that FTX Philanthropy had approximately $10 million in accounts at Evolve Bank and Trust.  

Read more: TrueUSD bank FlowBank forced into bankruptcy

Alleged scammers who operated ‘pig-butchering’ scams also used Evolve Bank, with Protos reporting on a US Secret Service affidavit in support of seizure.

Today’s cease and desist order will require Evolve to submit more detailed plans to the regulators in order to show it is complying with applicable laws, including internal controls and money laundering controls. Furthermore, the bank is required to submit an updated due diligence program that explains how it ensures it has adequate information on its customers. 

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Federal Reserve issues enforcement action against Evolve Bank appeared first on Protos.

A January complaint for forfeiture filing initially reviewed by Fintech Business Weekly details several million dollars seized at Evolve Bank and Trust related to a variety of fraudulent enterprises, including crypto-based pig-butchering and money laundering.

The complaint alleges that Paralel Design Limited, Gatcha Pictures Limited, and Bytechip LLC were engaged in an interconnected scheme to provide money laundering services, specifically receiving funds from cryptocurrency investment scams, pig-butchering scams, and other fraudulent activity.

The filing describes the group behind the operation as ’26 Chinese nationals who allegedly reside in California, New York, and various regions throughout China.’ It also claims that they “All appear to be conspiring together to orchestrate fraud scams.” A US Secret Service agent describes these allegations in the filing. 

Read more: Hundreds freed from ‘pig-butchering’ compound after victim escapes

Evolve Bank and Trust provides Banking as a Service (BaaS) products that enable other firms to open up ‘vAccounts’ at Evolve for its clients. Allegedly, these firms engaged in fraud would open vAccounts at one of more of the following platforms: Wise, Airwallex, Mercury, Relay, and Solidfi. These are all Money Service Businesses (MSBs) that maintain contractual agreements for BaaS with EB&T.

A lawsuit filed by ByteChip LLC against Solid on the same day as the complaint for forfeiture describes ByteChip as ‘a leading neobank’ that provides, among other things, ‘Banking-as-a-Service’ products. The lawsuit describes how ByteChip contracted with Solid and opened a virtual bank account with Solid, where funds were held with Evolve Bank and Trust. ByteChip claims to have used the account as a master account to process its clients’ funds.

Evolve eventually froze the funds associated with ByteChip, Gatcha, and another firm called Rinotech, citing ‘unsatisfactory banking practices.’

To clarify, Evolve provided services to Solid, Solid provided services to ByteChip, and ByteChip provided services to its clients — allegedly fraudsters. 

Read more: A year on from the US regional banking crisis, what’s changed?

An investigator for Evolve told the agent investigating the fraud that they estimated the total exposure was in excess of $15 million in Evolve’s virtual accounts. 

Evolve served as the card issuer for BlockFi’s credit card, provided some accounts to FTX customers, and was named in the FTX bankruptcy. At the time, Evolve stated that “Evolve does not lend against cryptocurrency; we do not offer crypto custodial services, and we do not trade crypto or hold any form of cryptocurrency on our balance sheet. Further, Evolve does not currently, nor have we at any point in the past, invest in or transact crypto.”

They continued, “Evolve was in the process of dissolving our relationship with FTX at the time of their bankruptcy filing. To be clear, Evolve did not lend to FTX or their affiliates; we do not have corporate or deposit accounts with FTX or their affiliates. Again, Evolve does not currently, nor have we ever, invest or transact crypto.”

Got a tip? Send us an email or ProtonMail. For more informed news, follow us on X, Instagram, Bluesky, and Google News, or subscribe to our YouTube channel.

The post US seizes pig-butchering funds at Evolve Bank appeared first on Protos.