Just yesterday, January 10th, news reached the crypto-verse that the newly launched DX.Exchange– that is powered by Nasdaq technology – had serious security vulnerabilities that could be exploited by malicious users and/or hackers. The security bugs were discovered by an online trader who requested that his identity be kept secret. The anonymous trader managed to collect over 100 JSON Web Tokens that could have resulted in the access of their corresponding user accounts.
The trader went on to explain the following to Ars Technica:
I have about 100 collected tokens over 30 minutes. If you wanted to criminalize this, it would be super easy.
I got tokens from the exchange itself. You can see from the account’s email address it’s @coins.exchange. I have pretty good confidence I could do this for a day and get an administrative token and have everything
DX.Exchange Patches and Shuts Down the Security Vulnerability
On the same day, the team at DX
Daniel Skowronski, CEO of DX. Exchange, also thanked everyone who had a hand in identifying the security vulnerability.
We would like to thank the vigilant reporter, and our supportive community, who together, brought this issue to our attention. We are happy to report that the vulnerability has been successfully patched, and no user funds were compromised.
Our launch was met with a stellar response from our community eager to trade cryptocurrencies and digital stocks. Customer funds were always safe, our multi layer advanced monitoring and defense mechanism was able to avoid any further issue.
What are your thoughts on the Nasdaq powere DX.Exchange having security vulnerabilities in the first week of operations? Please let us know in the comment section below.