New Ars Technica Report Says DX.Exchange Has Security Concerns, Users’ Data Leakage Revealed


Newly launched crypto exchange, DX.Exchange – also known for having been built on NASDAQ’s, “market leading matching technology,” – has sparked concern among one unnamed trader, who has since revealed its flaws.

In particular, it has been found that DX.Exchange’s user information (i.e. personal, account and passwords) have been leaked reports Ars Technica (https://arstechnica.com/information-technology/2019/01/hot-new-trading-site-leaked-oodles-of-user-data-including-login-tokens/).

According to the claims made, the unnamed trader was interested in the security aspects of the exchange given the hype surrounding it upon its launch. To test for its fit, the trader supposedly created a fake account and used tools accessible via the Chrome browser. With the simplicity of the tools used, the trader was shocked to see that DX.Exchange was providing his browser with data belonging to other users – which should naturally be kept in private.

“I have about 100 collected [authentication] tokens over 30 minutes […] If you wanted to criminalize this, it would be super easy,” notes the trader.

As per the claims made, the tokens are based on JSON Web tokens, and to his surprise, in-depth information such as full names and email addresses of DX.Exchange users’ can be accessed. Furthermore, given that a user does not manually log out of his or her account, then any one can access it.

The trader then tried to see if any other ways can be found to access one’s account, and astonishingly, he was able to “permanently compromise” one’s account – implying that anyone can easily get into said user’s account even if they are signed in or logged out.

The Worse is Yet to Come

It seems like the worse is yet to come. In addition to user information leakage, it seems like said leakage can compromise the entire site, as some of the information belong to DX.Exchange’s very employees.

This means any hacker can easily gain access everything housed within the exchange. The trader explained the following to Ars Technica:

“I got tokens from the exchange itself […] You can see from the account’s email address it’s @coin.exchange [administrative email domain]. I have pretty good confidence I could do this for a day and get an administrative token and have everything.”

Since the findings were presented to DX themselves, the exchange has since announced that they will be undergoing some maintenance measures to rid the platform of the bugs they’ve been notified of, as seen in the tweet right below:

Investors need to be made aware that the exchange was launched as a “soft launch” and since their acknowledgement of the current problem, the team did mention the following as noticed by Ars Technica as well,

“Due to the high volume of interest in our platform and heavy signups, we discovered some bugs, most are fixed, few are going under examination right now. We are confident to be able to fix them all and finalize our launch in the shortest time.”

Overall, this is just one of several examples that investors should follow by. Many should be wary of the potential problems an exchange may house, especially in their infancy stages, therefore more time should be spent assessing its security among other factors prior to creating an account.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide