Dx.Exchange Has Serious Security Weaknesses that Could be Easily Criminalized

Dx.Exchange Has Serious Security Weaknesses that Could be Easily Criminalized

When the Dx.Exchange platform launched earlier this week, it was met with much fanfare and exposure across the financial news arena. However, major problems are already afoot.

An online trader checking out the platform’s security hygiene came across a number of security issues and said that the exchange could be “criminalized super-easy.”

The exchange had a soft launch on Jan 7 and has been marketed as bridging the gap between cryptocurrencies and real-world stocks. You can obtain not only digitized versions of Apple, Facebook and Apple stocks, but also some of the most popular cryptocurrencies.

Although the exchange had received some favorable reviews from major news outlets, the exposure has now taken a turn for the worst as reports are surfacing that Dx.Exchange has some major security issues.

Site Assessment Unearths Security Issues

An online trader whose identity remains a secret for legal reasons ran some checks on the newly launched Dx.Exchnage platform and found that the site was leaking some sensitive legal and financial data.

The anonymous trader who gave this information to Ars Technica created a dummy account to test the robustness of the platform and its security. Soon after turning on the developer tool in the Google Chrome browser to explore further, he found out some shocking details. The trader found that the request he had sent from his browser to Dx.Exchange included information about the authenticated token and the user’s details to access the account.

Allegedly, the anonymous trader said that the information on the browser contained password-reset links from other users’ tokens as well. The tokens are formatted using an open standard called JSON Web Tokens, which leaves it open to those who have enough skill that could easily obtain email addresses and the full names of the token’s owners.

The trader could basically gain access to any affected account if the users’ hadn’t already logged out from the point when the token info was leaked. After further exploration, the anonymous trader could also keep the access to the accounts even after they had logged out.

Even More Issues with Dx.Exchange

Although this discovery was already bad enough, the anonymous trader unearthed even more security issues with the Dx.Exchange platform. The leak endangered the entire system as token data belonging to employees of the company was also accessible.

Can you imagine the potential carnage if hackers had managed to get into the admin accounts of employees? The anonymous trader went onto say:

An Ars Technica staff member went on to confirm that the exchange was responding with lots of authentication tokens. He contacted several users from the obtained list and asked them if they had joined Dx.Exchange. One of the users confirmed that they did sign-up for the exchange just an hour before.

Then trader allegedly informed Dx.Exchange about the issues, who within 24-hours acted by scheduling a maintenance update to “perform several bug fixes and updates.”

Although the security issues with the Dx.Exchange could just be teething problems during their “soft launch”, it is important that the exchange’s users exercise precaution. The initial exposure in the financial media seemed like a great thing for the exchange, but could now become a liability as they need to exercise some damage limitations.

Featured image from Shutterstock.

10.01.2019 / 01:50 49
Apple Sell-Off Not Surprising, Why This Analyst Says Don’t Sell Apple Sell-Off Not Surprising, Why This
TweetShare The fall in Apple’s revenue forecast and the resulting share price drop is perhaps not so unexpected and therefore shouldn’t be such big
Crypto Startup Puts Tesla, Apple, Facebook Shares On Ethereum Blockchain Crypto Startup Puts Tesla, Apple,
DX.Exchange Digitizes Tesla, Apple, Other Nasdaq Stocks According to a report from Bloomberg, DX.Exchange, anup-and-coming crypto startup
European Exchange to Offer Investing in Stocks With Cryptocurrencies European Exchange to Offer Investing in
Cryptocurrency holders who look for ways to diversify their portfolios into other markets are about to get a new option for doing so. A regulated
Overstock’s tZero Issues SEC-Complaint Security Tokens Overstock’s tZero Issues SEC-Complaint
tZero announced it has issued its preferred tZero security tokens, sold during the Security Token Offering (STO)earlier this year. The company raised
Security Audit Of Exchange Or ICO. Simple Things You Should Know Security Audit Of Exchange Or ICO.
Today, crypto companies are beginning to realize that its better to spend a sizeable portion of their budget on assessing security than to lose
Comments (0)
Add a comment
Comment on