Just yesterday, January 10th, news reached the crypto-verse that the newly launched DX.Exchange– that is powered by Nasdaq technology – had serious security vulnerabilities that could be exploited by malicious users and/or hackers. The security bugs were discovered by an online trader who requested that his identity be kept secret. The anonymous trader managed to collect over 100 JSON Web Tokens that could have resulted in the access of their corresponding user accounts.
I have about 100 collected tokens over 30 minutes. If you wanted to criminalize this, it would be super easy.
I got tokens from the exchange itself. You can see from the account’s email address it’s @coins.exchange. I have pretty good confidence I could do this for a day and get an administrative token and have everything
DX.Exchange Patches and Shuts Down the Security Vulnerability
On the same day, the team at DX.Exchange issued a twitter announcement stating that they had fixed the security issue. The full tweet can be found below.
#DX.Exchange has successfully patched and shut down a security vulnerability, resulting from an authentication token error. DX responded immediately, by introducing a security patch, preventing any threat to users and their funds. Read the full story at https://t.co/FxB7pbtnoy
— DX.Exchange (@DXdotExchange) January 10, 2019
Daniel Skowronski, CEO of DX. Exchange, also thanked everyone who had a hand in identifying the security vulnerability.
We would like to thank the vigilant reporter, and our supportive community, who together, brought this issue to our attention. We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised.
Our launch was met with a stellar response from our community eager to trade cryptocurrencies and digital stocks. Customer funds were always safe, our multi layer advanced monitoring and defense mechanism was able to avoid any further issue.
What are your thoughts on the Nasdaq powere DX.Exchange having security vulnerabilities in the first week of operations? Please let us know in the comment section below.
Disclaimer:This article is not meant to give financial advice. Any additional opinion herein is purely the author’s and does not represent the opinion of Ethereum World News or any of its other writers. Please carry out your own research before investing in any of the numerous cryptocurrencies available. Thank you.