= $116755.92 USD | $160499.36 CAD | €99917.80 EUR | $86925.70 GBP | $179605.80 AUD
= $349.25 CAD
= $5282.06 CAD
= $164.61 CAD
= $0.292683 CAD
= $21.67 USD
At Coincards, we’ve always walked a fine line — the line between protecting your privacy and upholding radical transparency about how we run our business.
We don’t collect more than we need, and we don’t track your activity across the web. We log only what’s legally required, and nothing more. That’s not just a policy — it’s a commitment we’ve built into our platform from the start.
So when something goes wrong, we don’t hide it. We talk about it.
What Happened
A vulnerability in one of our systems was exploited, affecting exactly 6 user accounts — no more.
Using this opening, they were able to compromise a small number of user accounts and place fraudulent gift card orders that cost them virtually nothing but resulted in real financial loss on our end.
Because digital gift cards are fulfilled instantly and cannot be revoked, the attacker was able to extract value before we could detect and stop the abuse. The total financial impact was in the tens of thousands of dollars. We’ve been able to recover a small portion of this only, so the real-world loss hurts.
Immediate Response
-
The vulnerability was identified and fully patched
-
All affected user accounts were restored to their rightful owners
-
We contacted each impacted user directly before disclosure of the incident and offered the option to fully delete their account data
-
A comprehensive internal audit is underway across our systems and access controls
Because Coincards is — and always has been — a non-custodial platform, we hold minimal user data by design. We do not manage wallets, hold funds or store payment information.
Even in the event of a breach, there’s very little to take — and that’s exactly how we intend to keep it.
Privacy Is a Right. Exploiting It Isn’t.
The attacker behind this incident used privacy-preserving tools to carry out and obscure the fraud, mainly Monero (XMR), a tool we’ve long supported and accepted at Coincards.
We believe in the right to transact privately. We’ve spent years advocating for privacy tools because they protect users — not just from surveillance, but from overreach, censorship, and financial exclusion. But privacy, like any tool, can be abused. And in this case, it was.
What makes this especially difficult is that it came from within a community we’ve stood beside and supported for years. It’s disappointing — and frankly, disheartening — that someone would use Monero to steal a significant amount from a small, hardworking team like ours.
We’re not a VC-funded company.
We don’t have a safety net.
In the gift card space — especially as a crypto-native business — fraud insurance simply doesn’t exist.
This loss came directly out of our bottom line.
To recover it, we’ll need to sell over $500,000 in gift cards — just to offset the damage done by one bad actor.
It sucks.
We’ve always accepted privacy coins because we believe in freedom of choice — and that hasn’t changed. But this incident shows how platform-level vulnerabilities, when combined with anonymous tools, can create blind spots. We’re improving our internal systems and abuse detection — not limiting our support for privacy-first payments.
Moving Forward
We’ve taken corrective action quickly and decisively. We’ve been transparent with affected users. And we’re being transparent with you.
No system is immune from attack. But what matters is how you respond — and whether you stick to your principles along the way.
We’re still here. Still building. Still privacy-first.
And hey — if you wanna throw a little love to help offset the loss, grab a gift card or toss a couple bucks our way. 🧡