Digital currency space is one other sector that requires highly-advanced security systems, given that the industry unarguably attracts some of the most sophisticated cybercriminals. A poor security system on any cryptocurrency company can result in the loss of millions of dollars.
Possible $18 million crypto theft on two exchanges
A new survey conducted on multiple digital currency marketplace has shown that about $18 million have been subjected to crypto theft on two different cryptocurrency exchanges, due to inadequate security service. The flaws were found on Lykke and Hubdex, according to the report published by CyberNews.
Lykke, a Switzerland digital currency exchange, has been accused of exposing API keys on a database, which can be publicly accessed by anyone, including hackers. For crypto theft purposes, the flaw could enable hackers to execute many functions on the exchange, such as deposits, withdrawal, trades, and transfer of cryptocurrency.
Furthermore, it was discovered that the exchange was allegedly exposing private keys belonging to customers on the database. Perhaps, anyone can be able to access cryptocurrency wallets of the users to transfer, spend, and conduct any other illicit activities, as these keys act as a password to their crypto wallets.
However, the exchange has before the development, and they are taking necessary measures to avoid any case of crypto theft in the future. Lykke’s response reads:
No personal data was exposed and no funds lost,” Lykke told CyberNews. “However, we have done a thorough process review and a proper incident post-mortem to avoid such situations in the future.
Hubdex exposed users’ private data on a public database
The other exchange flagged by CyberNews is the China-based marketplace dubbed, Hubdex. There were high chances of crypto theft occurring on the exchange due to the same vulnerability found on Lykke. The Chinese exchange reportedly exposed users’ private data on the public database.
Hackers could leverage the inadequate security measures to manipulate password harsh, access the account, and cryptocurrency wallets of any customer of their choice. The exchange was also accused of exposing customers’ KYC on the public database. CyberNews wrote:
The amount of data we stumbled across is quite staggering and significant. Instead of providing users with security and anonymity, these unsecured platforms have exposed their users, not only to getting their data stolen, but also their investment.
Attempts to contact the exchange on the development weren’t successful. However, the database has been taken down after CyberNews reached out to the country’s CERT, one of the organizations that handle cybersecurity cases in the country.