Tomcat
Professional
- Messages
- 2,695
- Reaction score
- 1,072
- Points
- 113
As the popularity of Bitcoin in particular and cryptocurrency in general grows, the number of cryptocurrency exchanges increases. According to Cryptimi, there are currently about 18,988 cryptocurrency exchange platforms, and according to Bloomberg, the income of cryptocurrency exchanges is $ 3 million per day and $ 1 billion per year. In this regard, small cryptocurrency exchanges are actively involved in the game, which do not pay enough attention to security.
The CyberNews research group decided to find out how safe cryptocurrency exchanges are. During the study, experts scanned the Internet for open MongoDB databases and matched them with keywords. After filtering with keywords, the researchers manually checked each database for sensitive information.
As it turned out during the study, one of the largest cryptocurrency exchanges has about $ 16.5 million in hardware ("cold") wallets and about 80 thousand leaked private keys. Leaked are also the RPC keys of its mainnet with a balance of $ 25 thousand.
In addition, it turned out that the Chinese exchange Hubdex, whose clients keep up to $ 52 thousand in accounts, does not encrypt KYC data - anyone can easily download ID cards and driver's licenses. Swiss exchange Lykke also does not encrypt KYC data and API keys from other exchanges, which allow attackers to easily withdraw other people's money.
The total balance on all unprotected sites discovered by researchers is at least $ 18 million.
Researchers tried to contact two "problem" exchanges. Lykke representatives immediately responded with specialists and warned their customers about the leak. The Hubdex email address was found to be invalid.
Mainnet is a blockchain that conducts real operations with cryptocurrency, sending it from senders to recipients. If testnet is a prototype that demonstrates the potential of a project, then mainnet is a ready-to-use full-fledged product.
KYC (know your customer) is a banking and stock exchange regulation term for financial institutions and bookmakers, as well as other companies working with private money, meaning that they must identify and establish the identity of a counterparty before conducting a financial transaction.
