DX.Exchange, a crypto-based asset trading platform has lately
been making positive noise in the news cycle due to its January 7th
launch. The exchange has been marketed as the platform that will bridge the gap
between cryptocurrencies and real-world stocks, as investors can purchase tokenized
versions of Apple, Facebook and Apple stocks, as well as some of the most
popular cryptocurrencies like Bitcoin, Ethereum, XRP, Litecoin or Bitcoin Cash.
Just a couple of days after launch the tune seems to be changing as popular
tech website ArsTechnica reported how the platform suffers from major security
The issues were exposed by an online trader who decided to
do his due diligence and check out the security on the DX.Exchange website.
After creating a dummy account and checking out the website with the help of Google
Chrome developer tools, the trader noticed several vulnerabilities that might
have caused serious leaks of account login credentials and personal user
The vulnerability is explained as an authentication token
issue; whenever his browser sent one of these tokens (required for accessing
your account) to the exchange’s website, the website sent back “all kinds of
extraneous data”. The trader realized that this data was extremely sensitive, including
other users’ authentication tokens and even password-reset links. A malicious
user could use this data to gain unauthorized access to leaked accounts.
“I have about 100
collected tokens over 30 minutes. If you wanted to criminalize this, it would
be super easy,” explains the trader.
The security issues didn’t stop there, as the leaked data
apparently contained tokens belonging to the employees of the website. If
someone were to gain access to this information, they could have easily log
into the DX.Exchange website with administrative privileges. Once logged in
this way, the hacker might have been able “to download entire databases, seed
the site with malware, and possibly even transfer funds out of user accounts.”
The exchange has since responded, confirming that the issue
has been acknowledged and fixed.
Still, the exchange seems to be plagued with early-launch
issues and bugs that could endanger its users’ sensitive information and funds.
Check out the complete ArsTechnica report here.
Join Our Telegram Channel
CaptainAltcoin’s writers and guest post authors may or may not have a vested interest in any of the mentioned projects and businesses. None of the content on CaptainAltcoin is investment advice nor is it a replacement for advice from a certified financial planner.
The views expressed in this article are those of the author and do not necessarily reflect the official policy or position of CaptainAltcoin.com