Iranian Crypto Exchange Bit24.cash Reportedly Exposes Sensitive Data of Nearly 230K Users

2024-01-08 20:01:01

Last updated: January 8, 2024 23:01 EST . 1 min read

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.Source: PixabayIranian crypto exchange Bit24.cash users reportedly suffered a significant data breach exposing sensitive data of nearly 230K citizens. However, the exchange dismissed the allegation as “wholly untrue.”

The breach was attributed to an alleged misconfigured storage used by the exchange, according to a team of researchers at Cybernews, who initially brought the allegations to light.

The misconfigured MinIO object storage was left unprotected, granting access to S3 buckets containing users’ KYC documents. The data had information including consent letters, passport information, and credit card details, the researchers explained.

“With access to such comprehensive personal and financial data, malicious actors could impersonate individuals, gain unauthorized access to accounts, ute fraudulent transactions, and potentially cause substantial financial and personal harm to the affected users.”

Cybernews researchers later said that the storage is now secure and inaccessible.

Bit24.cash is among the top 5 largest crypto exchanges in Iran, according to TRMlabs insights. The nation adopted a pro-crypto stance in 2019 to circumvent the sanctions imposed against it.

In response to the claims, the exchange vehemently refuted the allegation calling it “inaccurate and misleading.”

Hossein Amini, a security engineer at bit24.cash, assured that there is no evidence of data breach or unauthorized access to sensitive data and that user security remains Bit24.cash’s ‘utmost priorities.’

“The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our architecture or security protocols,” Amini said. He confidently asserted that their MinIO instance and S3 buckets remain secure.

Several breaches have occurred in the past due to unsecured access to users’ information. The recent potential breach of Strike, a Bitcoin Lightning-based payment platform, flagged by online sleuth ZachXBT, claimed to have exposed private emails of users.

This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.