Business 11 January 2019

Erik Gibbs

DX.Exchange updates code to patch security hole

A serious security flaw on the DX.Exchange security token trading platform would have allowed anyone to access the authentication tokens of the exchange’s users. It was potentially a bad omen for the exchange, which only went live this past Monday. Fortunately, before the problem became too severe, the company was able to create a patch for the flaw and update its servers to provide better user protection.

The exchange provides crypto tokens, representing shares in several firms that are traded on the NASDAQ exchange. It incorporates NASDAQ’s matching engine, as well as its financial information exchange protocol, in order to facilitate the trading of those shares.

Not long after turning on its lights, DX.Exchange inadvertently revealed sensitive data that included, among other things, password reset links. It hasn’t been determined, or at least not been made public, the number of user accounts that may have been affected, but one trader told Ars Technica that he had been able to collect “about 100 tokens over 30 minutes.” Ars confirmed the vulnerability, stating that it, too, had been able to collect “a large number” of authentication tokens.

The security issue had first been reported to the exchange by a journalist. It was later determined that the flaw not only compromised external users, but internal employee accounts, as well. This, if the information had fallen into the wrong hands, could have allowed the exchange’s entire databases to be stolen. The exchange reportedly has around 600,000 registered users.

The exchange acknowledged that the security hole was due to “an authentication token error,” adding that the flaw was patched before any serious damage was possible. The company’s CEO, Daniel Skowronksi, added in a statement that user funds were never at risk, asserting, “We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised … Customer funds were always safe, our multi layer advanced monitoring and defense mechanism was able to avoid any further issue.”

Going forward, DX.Exchange hopes the crypto community will help it clean up its software code. The company’s statement adds that any developer who finds a vulnerability can make a report to the exchange through its bug bounty program.

Note: Tokens on the Bitcoin Core (SegWit) chain are referenced as BTC coins; tokens on the Bitcoin Cash ABC chain are referenced as BCH, BCH-ABC or BAB coins.

Bitcoin Satoshi Vision (BSV) is today the only Bitcoin project that follows the original Satoshi Nakamoto whitepaper, and that follows the original Satoshi protocol and design. BSV is the only public blockchain that maintains the original vision for Bitcoin and will massively scale to become the world’s new money and enterprise blockchain.

COMMENT

latest news

‘Irresponsible tweets’ land John McAfee in hot water with Skycoin

Business 22 March 2019

‘Irresponsible tweets’ land John McAfee in hot water with Skycoin

Skycoin has responded on Twitter that it John McAfee’s comments about “whale f--king” that actually led to the project being forced to sever ties with the cryptocurrency influencer.

Read More
Watch out: Fake Wasabi crypto wallet out to steal your crypto

Business 22 March 2019

Watch out: Fake Wasabi crypto wallet out to steal your crypto

The scam wallet is an uncanny clone of the real Wasabi wallet. It comes with a fake website and for those who are not keen, it's almost impossible to distinguish between it and the real one.

Read More
UPS partners with blockchain startup for B2B platform

Business 22 March 2019

UPS partners with blockchain startup for B2B platform

UPS, a global leader in logistics, announced a partnership with Inxeption that targets B2B merchants.

Read More