Reserved IP Address°C
04-17-2025
BSV
$27.8
Vol 22.59m
-0.75%
BTC
$84596
Vol 22381.49m
-0.45%
BCH
$334.81
Vol 161.17m
3.66%
LTC
$75.09
Vol 319.84m
-0.1%
DOGE
$0.15
Vol 678.89m
-0.31%
Getting your Trinity Audio player ready...

A serious security flaw on the DX.Exchange security token trading platform would have allowed anyone to access the authentication tokens of the exchange’s users. It was potentially a bad omen for the exchange, which only went live this past Monday. Fortunately, before the problem became too severe, the company was able to create a patch for the flaw and update its servers to provide better user protection.

The exchange provides crypto tokens, representing shares in several firms that are traded on the NASDAQ exchange. It incorporates NASDAQ’s matching engine, as well as its financial information exchange protocol, in order to facilitate the trading of those shares.

Not long after turning on its lights, DX.Exchange inadvertently revealed sensitive data that included, among other things, password reset links. It hasn’t been determined, or at least not been made public, the number of user accounts that may have been affected, but one trader told Ars Technica that he had been able to collect “about 100 tokens over 30 minutes.” Ars confirmed the vulnerability, stating that it, too, had been able to collect “a large number” of authentication tokens.

The security issue had first been reported to the exchange by a journalist. It was later determined that the flaw not only compromised external users, but internal employee accounts, as well. This, if the information had fallen into the wrong hands, could have allowed the exchange’s entire databases to be stolen. The exchange reportedly has around 600,000 registered users.

The exchange acknowledged that the security hole was due to “an authentication token error,” adding that the flaw was patched before any serious damage was possible. The company’s CEO, Daniel Skowronksi, added in a statement that user funds were never at risk, asserting, “We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised … Customer funds were always safe, our multi layer advanced monitoring and defense mechanism was able to avoid any further issue.”

Going forward, DX.Exchange hopes the crypto community will help it clean up its software code. The company’s statement adds that any developer who finds a vulnerability can make a report to the exchange through its bug bounty program.

Recommended for you

Blockstream’s Jade wallet and the silent threat inside ESP32 chip
The ESP32 chip, a low-cost microcontroller manufactured in China, has now been exposed as a critical threat vector in BTC...
April 17, 2025
Digital Asset Recovery: Should blockchains enforce property rights?
BSV is the only blockchain designed to comply with property rights and the law, and as we have seen, property...
April 17, 2025
Advertisement
Advertisement
Advertisement