Business 11 January 2019

Erik Gibbs

DX.Exchange updates code to patch security hole

A serious security flaw on the DX.Exchange security token trading platform would have allowed anyone to access the authentication tokens of the exchange’s users. It was potentially a bad omen for the exchange, which only went live this past Monday. Fortunately, before the problem became too severe, the company was able to create a patch for the flaw and update its servers to provide better user protection.

The exchange provides crypto tokens, representing shares in several firms that are traded on the NASDAQ exchange. It incorporates NASDAQ’s matching engine, as well as its financial information exchange protocol, in order to facilitate the trading of those shares.

Not long after turning on its lights, DX.Exchange inadvertently revealed sensitive data that included, among other things, password reset links. It hasn’t been determined, or at least not been made public, the number of user accounts that may have been affected, but one trader told Ars Technica that he had been able to collect “about 100 tokens over 30 minutes.” Ars confirmed the vulnerability, stating that it, too, had been able to collect “a large number” of authentication tokens.

The security issue had first been reported to the exchange by a journalist. It was later determined that the flaw not only compromised external users, but internal employee accounts, as well. This, if the information had fallen into the wrong hands, could have allowed the exchange’s entire databases to be stolen. The exchange reportedly has around 600,000 registered users.

The exchange acknowledged that the security hole was due to “an authentication token error,” adding that the flaw was patched before any serious damage was possible. The company’s CEO, Daniel Skowronksi, added in a statement that user funds were never at risk, asserting, “We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised … Customer funds were always safe, our multi layer advanced monitoring and defense mechanism was able to avoid any further issue.”

Going forward, DX.Exchange hopes the crypto community will help it clean up its software code. The company’s statement adds that any developer who finds a vulnerability can make a report to the exchange through its bug bounty program.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

The Bitcoin Vision: Episode 14

Business 22 May 2019

The Bitcoin Vision: Episode 14

Founding President of the Bitcoin Association Jimmy Nguyen is back this week for another update on technical developments in the Bitcoin SV ecosystem.

Read More
Dutchman arrested for alleged crypto mining fraud of $2.2 million

Business 22 May 2019

Dutchman arrested for alleged crypto mining fraud of $2.2 million

Dutch authorities arrested a 33-year-old businessperson for allegedly defrauding investors, taking their money to buy himself luxury goods.

Read More
Laos central bank warns against crypto use

Business 22 May 2019

Laos central bank warns against crypto use

Laos wants to remind its citizens that it really doesn’t like cryptocurrencies, and they’re illegal too.

Read More
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]
[data-clipboard-demo]