Evolve Bank & Trust, a prominent banking partner for several crypto-friendly fintech companies, faces multiple lawsuits after a ransomware attack exposed sensitive customer information and accusations of mishandling funds. The bank, which manages funds for platforms like Juno and Yotta, has been accused of failing to protect customer data and unauthorized debits from user accounts. As these legal battles unfold, critical questions arise regarding financial institutions’ security within the digital finance and crypto ecosystem.
What happened
- February to May 2024: The LockBit ransomware group accessed and downloaded personal data from Evolve Bank’s systems over several months. During this period, sensitive information including names, Social Security numbers, bank account details, and contact information was compromised.
- June 25, 2024: Evolve Bank publicly announced the data breach. They confirmed that a cybercriminal organization had stolen personal information from millions of customers and posted it on the dark web. The breach impacted over 7.6 million individuals, including customers of Evolve’s fintech partners like Juno.
- July 9, 2024: The bank began notifying affected individuals about the breach, offering credit monitoring and identity theft protection services. This disclosure followed regulatory scrutiny and added pressure from ongoing legal challenges.
Cybersecurity Breach and Data Mismanagement at Evolve Bank
The ransomware attack by LockBit exposed the personal information of millions, making it one of the largest data breaches in the financial services sector in 2024. The compromised data included highly sensitive details that could be used for identity theft and fraud. Although Evolve Bank assured customers that no funds were impacted directly by this data breach, the exposure of personal and financial information has left many vulnerable.
One of the key fintech platforms affected by the breach was Juno. The cryptocurrency investment platform partnered with Evolve for its banking services. As a result, Juno customers filed a class-action lawsuit against both Juno and Evolve Bank. They accuse them of negligence and failing to notify customers promptly about the breach.
Fund Mismanagement and Legal Action
In addition to the cybersecurity failures, Evolve Bank is facing another lawsuit from Yotta. The fintech company claims Evolve misappropriated millions in customer funds. Yotta alleges that after the collapse of Synapse Financial Technologies, a key partner, Evolve withheld access to over $25 million in customer funds and mishandled transactions from “for benefit of” (FBO) accounts. This lawsuit, combined with the fallout from Synapse’s bankruptcy, has intensified the legal challenges Evolve faces.
Regulatory Failures and Executive Departures
Regulatory scrutiny intensified after the breach. The Federal Reserve Board issued an enforcement action against Evolve for failing to meet anti-money laundering standards and lacking adequate risk management in its fintech partnerships. These compliance failures led to increased regulatory pressure, further weakening the bank’s position.
Amidst these issues, three senior executives, including the chief credit officer, resigned from Evolve Bank in mid-2024. Their departure came at a critical time when the bank was already grappling with legal and cybersecurity crises. That raised concerns about its leadership stability.
Impact on the Crypto-Fintech Ecosystem
Evolve Bank’s troubles highlight the growing risks in the banking and fintech partnership model, especially for companies involved in cryptocurrencies. As digital finance services grow, the demand for stronger cybersecurity and risk management practices is becoming more urgent. Evolve’s failure to protect customer data and manage funds effectively has led to a loss of trust among its FinTech partners and users.
>>> Read more: Fed Orders United Texas Bank to Halt Crypto-Banking Services
As Evolve Bank deals with lawsuits and works to recover from its cybersecurity breach and fund mismanagement, a larger question remains: how can financial institutions in the fintech space ensure the security of customer assets? These legal battles are likely to reshape fintech regulation and set new standards for banking partnerships, especially those serving the cryptocurrency sector. For now, Evolve’s woes serve as a cautionary tale for both banks and fintech companies operating at the intersection of traditional finance and digital assets.
Readers’ frequently asked questions
What kind of data was compromised in the Evolve Bank breach, and how can affected customers protect themselves?
The data compromised during the Evolve Bank breach included highly sensitive personal information. It exposed names, Social Security numbers, bank account details, and contact information. This type of information is particularly valuable to cybercriminals for identity theft, fraud, and phishing attacks. Since the data was posted on the dark web, affected individuals are at increased risk of being targeted by criminals. Evolve has offered two years of complimentary credit monitoring and identity theft protection through TransUnion to mitigate these risks. Customers should monitor their accounts closely for unauthorized transactions. They must report any suspicious activity, and remain vigilant for phishing attempts pretending to be from Evolve or its fintech partners. Using strong, unique passwords and enabling two-factor authentication for financial accounts is also recommended.
Why did fintech partners of Evolve Bank, such as Juno and Yotta, become involved in lawsuits following the data breach?
Evolve Bank’s fintech partners, including Juno and Yotta, have become embroiled in lawsuits because these companies relied on Evolve to handle and secure their customers’ funds and personal information. In the case of Juno, users of the platform were directly affected by the data breach. The class-action lawsuit alleges that Juno and Evolve were negligent in safeguarding customer data. Additionally, Juno customers faced delays in being notified of the breach. That compounded the financial and personal risks they faced. Yotta’s lawsuit, on the other hand, stems from a separate issue involving fund mismanagement. After the collapse of Synapse Financial Technologies, Yotta claims Evolve mishandled millions in customer funds, held in “for benefit of” (FBO) accounts. The lawsuits highlight how heavily reliant fintech companies are on traditional banking institutions to ensure the security of funds and personal information. The legal consequences can extend to their fintech partners when those institutions fail.
What are the broader implications of these events for the crypto-fintech ecosystem?
The fallout from Evolve Bank’s breach and fund mismanagement highlights key vulnerabilities in the crypto-fintech ecosystem, especially in the partnerships between fintech platforms and their banking partners. Fintech companies increasingly rely on traditional banks to offer services such as payments, custody of funds, and transaction processing. Hence, these banks’ security and regulatory compliance become central to the fintech company’s success. Evolve Bank’s failure to properly manage cybersecurity risks and regulatory compliance had legal consequences and damaged the trust that fintech companies, and by extension, their users, place in these partnerships. Moving forward, we can expect stricter regulatory scrutiny over these banking relationships, particularly in the crypto sector where the stakes are higher due to the volatility of digital assets. This might lead fintech companies to re-evaluate their banking partners or demand higher security standards. It will reshape how crypto-fintech companies interact with traditional financial institutions.
What Is In It For You? Action Items You Might Want to Consider
Reassess Your Banking and Custodial Partners
If you’re using fintech platforms like Juno or others partnering with traditional banks, it’s time to reassess the security of your funds. With Evolve Bank’s data breach and fund mismanagement issues coming to light, traders should consider whether their chosen platform has robust security measures in place. Look into the bank’s track record, and don’t hesitate to ask the platform about its contingency plans for protecting funds in case of a breach. Diversifying custodial services may also help mitigate risks.
Monitor Accounts for Unusual Activity
In light of the data breaches involving millions of customers, it’s crucial to keep a close eye on your accounts for any suspicious transactions. Even if you’re not directly affected, the ripple effects of breaches can result in phishing attempts or unauthorized access to accounts. Set up alerts for all transactions and review your account statements regularly to catch any unauthorized activities early.
Implement Strong Security Measures on All Trading Platforms
The evolving threats in crypto-fintech partnerships make it essential to bolster your own security practices. Use multi-factor authentication (MFA) wherever possible, regularly update passwords, and avoid using the same credentials across platforms. While the platforms and banks may improve their security, you as a trader must take steps proactively to safeguard your accounts and digital assets from potential risks tied to platform vulnerabilities.