Dx.Exchange, a cryptocurrency trading platform, one which is regulated by the European Union, went online this week, with an option of 10 tokenized stocks and 10 cryptocurrencies of some of the largest names in the business.
Launched amid a lot of hype, it seems to have a hit a major roadblock just 3 days after its launch. An anonymous online trader, checking out the platform’s security structure says it has a number of security issues that can endanger the user’s privacy as well as their funds.
The trader started out by creating a dummy account to check out its security detail and robustness. The trader used Google Chrome‘s browser developer tools to test it out. His request was sent to the Dx.Exchange platform, but what was more alarming, was the fact that it included information about the authenticated token and the user’s details to access the account.
The anonymous trader has claimed that the information was not just limited to that and he also had access to password-reset links from other users. As the tokens are formatted using an open standard called JSON Web Tokens, a person with just about enough skills can obtain email addresses and the full names of the token’s owners.
The trader said:
“I have about 100 collected tokens over 30 minutes. If you wanted to criminalize this, it would be super easy.”
To put it simply, the trader could basically gain access into any account that had been subject to the same process by Dx.Exchange if the users’ hadn’t already logged out from the point when the token info was leaked. After further inspection, the anonymous trader could have permanent access to your account regardless of your online presence.
The anonymous trader went even further and unearthed more security issues with the Dx.Exchange platform. The leak threatened the entire system as token data of company’s employees is also said to be accessible. This would practically be an invite to potential havoc by hackers.
In a way it might be good that these problems have cropped up so early in the platform journey, it is still significant that its users exercise damage limiting precautions. The exchange, on its own end, has to look at its security profile and resolve them soon before investors and traders lose interest and trust in Dx.Exchange.