Earlier this week when Dx.Exchange soft-launched, the response across the crypto community was one of great enthusiasm and celebration. That being said, it’s become clear that there are already some problems on the horizon.

Recently, an online trader who was perusing the platform’s security came across several security issues, stating that the exchange could be “criminalised super-easy.”

Dx.Exchange celebrated their soft launch on the 7th of January and had been touted as the exchange to bridge the gap between cryptocurrencies and that of traditional, fiat stocks. Users are not only able to invest in digitised versions of Facebook, Apple and other stocks but also some of the crypto community’s most popular digital currencies.

Despite receiving positive reviews from many major news outlets, this favourable response has quickly turned to one that is negative as more reports surface surrounding the exchange’s security issues.

Security Issues Uncovered After Site Assessment:

The online trader whose identity remains a secret for the time being due to legal constraints performed a series of checks on the recently launched Dx.Exchange platform and discovered that the site was leaking sensitive financial and legal data.

The anonymous figure who passed on the information to Ars Technica created a mock account to run tests on the sites robustness as well as it’s security. Not long after turning on the developer tool in Chrome, he discovered some shocking revelations. He found that the request he sent from his browser to the exchange contained information about the authenticated token as well as the user’s details to access the account.

Even more shocking is the fact that, the anonymous trader claims that the information on his browser also contained password-reset links from that of other user tokens. These tokens are formatted through use of an open standard called JSON Web Tokens which leaves them wide-open to those would possess the necessary skills to obtain email addresses and even full names of owner’s of the tokens.

He stated:

“I have about 100 collected tokens over 30 minutes. If you wanted to criminalise this, it would be super easy.”

The trader could essentially gain access to any of the accounts affected had any user’s not already logged out from the point where any token info was leaked. Upon further exploration into the security hole, the trader discovered that he could hold onto access to any of the affected accounts even after the user’s had logged out.

More Issues Discovered With Dx.Exchange:

The anonymous trader’s discovery was quite bad, but as he continued his security scrape of the platform, he managed to discover more security issues with the platform. The initial leak that he found out the entire platform at risk as token data which belongs to employees of Dx.Exchange was also up for grabs.

Just imagine the potential for pandemonium if hackers somehow were able to obtain the admin accounts of employees? The trader went on to state:

“You can see from the account’s email address it’s @coins.exchange. I have pretty good confidence I could do this for a day and get an administrative token and have everything.”

A staff member at Ars Technica went on to confirm that the exchange was indeed responding with several authentication tokens and quickly contacted several users from the obtained list and asked whether they had just joined Dx.Exchange. One the contacted users confirmed that they had indeed signed up Dx.Exchange just an hour before being contacted.

The trader then apparently informed Dx.Exchange about the security issues who responded within 24 hours by scheduling a maintenance update to  “perform several bug fixes and updates.”

Of course, these security issues could very well be the product of a new exchange experiencing issues during a “soft launch”, however, it is essential any users on the exchange utilise it with vigilance. The exchange’s initial positive exposure in the financial media was great, but this could, of course, become a liability as Dx.Exchange would now need to do some damage control.

What are your thoughts on Dx.Exchange? Would you use the platform once these security holes are plugged? Let us know by commenting below.


Follow CoinBeat on FacebookTwitter & Telegram
Subscribe to our CoinBeat Newsletter
Submit an article to CoinBeat
View live Marketcap Prices here


Tech Chief At Bitmain To Be Appointed As New CEO

Previous article

Thailand’s SEC Awards Licenses To 4 New Crypto Firms

Next article

You may also like

Comments

Comments are closed.