Report: Critical Vulnerabilities Leaking User Data Found on DX.Exchange, Patched Later

Published at: Jan. 10, 2019

Estonia-based cryptocurrency and tokenized stock exchange DX.Exchange has reportedly fixed a critical vulnerability that leaked sensitive user data.

Technology news website Ars Technica reported on the security leak Jan. 9, citing an anonymous trader who conducted a security analysis of DX.Exchange.

According to Ars Technica’s article, a trader, who wished to remain anonymous due to legal concerns, noticed that the exchange was sending sensitive data of other users to their browser. After examining the data, the trader has reportedly found that the data included other users’ authentication tokens and password reset links:

“I have about 100 collected [authentication] tokens over 30 minutes, [...] if you wanted to criminalize this, it would be super easy.”

The authentication tokens were reportedly formatted in the JSON Web token standard and could be easily decoded with the use of online tools, obtaining full names and email addresses of the exchange’s users.

According to Ars Technica, the trader has explained that the tokens could grant access to their associated accounts, as long as the user hasn’t manually logged out after the token was leaked.

The trader has also reportedly found a way to permanently backdoor an account by using the platform’s programming interface, which would grant them access even after a user has logged out.

Furthermore, Ars Technica reported that some of the login data leaked by the platform belongs to the employees of the site. The article explains the severity of the issue:

“In the event that such a token gave unauthorized access to an account with administrative privileges, the hacker might be able to download entire databases, seed the site with malware, and possibly even transfer funds out of user accounts.”

Ars Technica itself has reportedly checked and confirmed the presence of the vulnerabilities discovered by the trader, obtaining what it described as a large number of authentication tokens through the publicly available programming interface.

Ars Technica contacted the DX.Exchange, and according to the article, the leak has now been fixed.

In response to a request for commentary from Cointelegraph, DX.Exchange has claimed that the vulnerability has been successfully patched and the customers’ funds are completely safe. The CEO of the exchange Daniel Skowronski has commented:

“We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised.”

As Cointelegraph reported Jan. 3, DX.Exchange leverages Nasdaq’s Financial Information Exchange (FIX) protocol and allows its users to trade tokenized stocks of major companies, including Google, Facebook and Amazon.

Tags
Bitcoin
Cryptocurrency Exchange
Cryptocurrencies
Nasdaq
Stocks
Estonia
Malware
Related Posts
Nasdaq-Powered EU Exchange Reveals Crypto Trading Pairs, Tokenized Stocks
Nasdaq-powered DX Exchange announced the platform’s launch and available trading pairs in a series of tweets Jan. 6. The digital trading platform uses Nasdaq’s Financial Information Exchange (FIX) protocol. As Cointelegraph previously reported, users of the exchange will be able to trade tokenize stocks in various major global companies. Another tweet on Jan. 6 announced that tokenized stocks of Amazon, Baidu, Apple, Facebook, Google, Intel, Microsoft, Netflix, Nvidia and Tesla will be available to trade on the platform. The exchange also announced support for various crypto to crypto and crypto to fiat pairs. Namely, the company revealed that Ripple (XRP) …
Bitcoin / Jan. 7, 2019
Garry Tan’s 2013 investment of $300K in Coinbase is now worth $2.4B
Garry Tan, a prominent angel investor and the founder of Initialized Capital, was one of the first investors to provide seed funding to Coinbase eight years ago. Less than a decade later, and after today's highly anticipated Nasdaq listing for Coinbase's COIN stock, Tan's 2013 investment of $300,000 into Coinbase is now worth $2.4 billion. Coinbase debuted on the Nasdaq on April 14 at $381 per share, making it one of the most hyped listings in the U.S. stock market of the year. How did $300,000 become $2.4 billion? In 2013, when Tan invested in Coinbase, it was unclear whether …
Technology / April 14, 2021
Bitcoin price drops to near $61K shortly after COIN lists on Nasdaq
Following months of build-up and speculation, Coinbase (COIN) listed on the Nasdaq and in true cryptocurrency fashion, opening day trading was a volatile affair that may have had a widespread effect on the cryptocurrency market. COIN's reference price was initially $250 but the stock opened at $381 and rapidly rose to a high of around $429.54 before reversing course to $310 once the initial frenzy died down. Typically, stocks are quite volatile on their first day of trading and COIN is no exception to that trend. Therefore, the success of today's launch and the strength of Coinbase as a company …
Blockchain / April 14, 2021
Here’s why bears aim to keep Bitcoin under $29K ahead of Friday’s $640M BTC options expiry
Over the past nine days, Bitcoin's (BTC) daily closing price fluctuated in a tight range between $28,700 and $31,300. The May 12 collapse of TerraUSD (UST), previously the third-largest stablecoin by market cap, negatively impacted investor confidence and the path for Bitcoin' price recovery seems clouded after the Nasdaq Composite Stock Market Index plunged 4.7% on May 18. Disappointing quarterly results from top United States retailers are amping up recession fears and on May 18, Target (TG) shares dropped 25%, while Walmart (WMT) stock plunged 17% in two days. The prospect of an economic slowdown brought the S&P 500 Index …
Bitcoin / May 19, 2022
Bitcoin aims for $25K as institutional demand increases and economic data soothes investor fears
Bitcoin (BTC) price broke above $22,500 on Jan. 20 and has since been able to defend that level — accumulating 40.5% gains in the month of January. The move accompanied improvements in the stock market, which also rallied after China dropped COVID-19 restrictions after three years of strict pandemic controls. E-commerce and entertainment companies lead as the year-to-date market performers. Warner Bros (WBD) added 54%, Shopify (SHOP) 42%, MercadoLibre (MELI) 41%, Carnival Corp (CCL) 35% and Paramount Global (PARA) managed a gain 35% so far. Corporate earnings continue to attract investors' inflow and attention after oil-producer Chevron posted the second-largest …
Bitcoin / Jan. 30, 2023