Business 11 January 2019

Erik Gibbs

DX.Exchange updates code to patch security hole

A serious security flaw on the DX.Exchange security token trading platform would have allowed anyone to access the authentication tokens of the exchange’s users. It was potentially a bad omen for the exchange, which only went live this past Monday. Fortunately, before the problem became too severe, the company was able to create a patch for the flaw and update its servers to provide better user protection.

The exchange provides crypto tokens, representing shares in several firms that are traded on the NASDAQ exchange. It incorporates NASDAQ’s matching engine, as well as its financial information exchange protocol, in order to facilitate the trading of those shares.

Not long after turning on its lights, DX.Exchange inadvertently revealed sensitive data that included, among other things, password reset links. It hasn’t been determined, or at least not been made public, the number of user accounts that may have been affected, but one trader told Ars Technica that he had been able to collect “about 100 tokens over 30 minutes.” Ars confirmed the vulnerability, stating that it, too, had been able to collect “a large number” of authentication tokens.

The security issue had first been reported to the exchange by a journalist. It was later determined that the flaw not only compromised external users, but internal employee accounts, as well. This, if the information had fallen into the wrong hands, could have allowed the exchange’s entire databases to be stolen. The exchange reportedly has around 600,000 registered users.

The exchange acknowledged that the security hole was due to “an authentication token error,” adding that the flaw was patched before any serious damage was possible. The company’s CEO, Daniel Skowronksi, added in a statement that user funds were never at risk, asserting, “We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised … Customer funds were always safe, our multi layer advanced monitoring and defense mechanism was able to avoid any further issue.”

Going forward, DX.Exchange hopes the crypto community will help it clean up its software code. The company’s statement adds that any developer who finds a vulnerability can make a report to the exchange through its bug bounty program.

Note: Tokens on the Bitcoin Core (segwit) Chain are Referred to as BTC coins. Bitcoin Satoshi Vision (BSV) is today the only Bitcoin implementation that follows Satoshi Nakamoto’s original whitepaper for Peer to Peer Electronic Cash. Bitcoin BSV is the only major public blockchain that maintains the original vision for Bitcoin as fast, frictionless, electronic cash.

COMMENT

Add a Comment

latest news

UPS invests in blockchain e-commerce startup

Business 1 hour ago

UPS invests in blockchain e-commerce startup

Logistics giant United Parcel Service (UPS) has acquired a stake in blockchain-powered e-commerce platform Inxeption Corporation.

Read More
Crypto in Africa: South Africa gets new crypto mobile app and manifesto

Business 17 January 2019

Crypto in Africa: South Africa gets new crypto mobile app and manifesto

The year has been quite active for the crypto community in Africa. More start-ups continue to emerge, and politicians are taking up these new technologies.

Read More
Binance launched a new fiat to crypto platform in Jersey

Business 17 January 2019

Binance launched a new fiat to crypto platform in Jersey

Binance has launched a new fiat cryptocurrency exchange, Binance Jersey, which will allow users to exchange cryptocurrencies against GBP and EUR.

Read More