Newly launched Bitcoin/XRP/Ethereum/Litecoin/Bitcoin Cash-trading exchange already has serious security vulnerabilities

DX.Exchange, a crypto-based asset trading platform has lately been making positive noise in the news cycle due to its January 7th launch. The exchange has been marketed as the platform that will bridge the gap between cryptocurrencies and real-world stocks, as investors can purchase tokenized versions of Apple, Facebook and Apple stocks, as well as some of the most popular cryptocurrencies like Bitcoin, Ethereum, XRP, Litecoin or Bitcoin Cash. Just a couple of days after launch the tune seems to be changing as popular tech website ArsTechnica reported how the platform suffers from major security issues.

The issues were exposed by an online trader who decided to do his due diligence and check out the security on the DX.Exchange website. After creating a dummy account and checking out the website with the help of Google Chrome developer tools, the trader noticed several vulnerabilities that might have caused serious leaks of account login credentials and personal user information.

The vulnerability is explained as an authentication token issue; whenever his browser sent one of these tokens (required for accessing your account) to the exchange’s website, the website sent back “all kinds of extraneous data”. The trader realized that this data was extremely sensitive, including other users’ authentication tokens and even password-reset links. A malicious user could use this data to gain unauthorized access to leaked accounts.

“I have about 100 collected tokens over 30 minutes. If you wanted to criminalize this, it would be super easy,” explains the trader.

The security issues didn’t stop there, as the leaked data apparently contained tokens belonging to the employees of the website. If someone were to gain access to this information, they could have easily log into the DX.Exchange website with administrative privileges. Once logged in this way, the hacker might have been able “to download entire databases, seed the site with malware, and possibly even transfer funds out of user accounts.”

The exchange has since responded, confirming that the issue has been acknowledged and fixed.

Still, the exchange seems to be plagued with early-launch issues and bugs that could endanger its users’ sensitive information and funds. Check out the complete ArsTechnica report here.



intelligent crypto
How are  regular people making returns of as much as 70% in a year with no risk?  By properly setting up a FREE Pionex grid bot - click the button to learn more.
Crypto arbitrage still works like a charm, if you do it right! Check out Alphador, leading crypto arbitrage bot to learn the best way of doing it.

Philipp Traugott
Philipp Traugott

Phil Traugott is a staff writer at CaptainAltcoin. As a trained marketing specialist for copywriting and creative campaigns, he has been advising top companies on the following topics: online marketing, SEO and software branding for more than 10 years. The topic of crypto currencies is becoming increasingly important for companies and investors and he found it very alluring and fitting for his skillset which prompted him to pivot his career towards blockchain and cryptocurrencies.

We will be happy to hear your thoughts

Leave a reply

CaptainAltcoin
Logo