Join our community of 10,000 traders on Hacked.com for only $ 39 per month
Brazilian Cryptocurrency Exchange Foxbit recently revealed that via the BlinkTrade trading platform, it was updating its login process , making it safer for users. However, the update may be too late, as recent reports suggest that the low security of the business has allowed hackers to hack users on an estimated 58 BTC (approximately $ 540,000).
Cybersecurity expert Leandro Trindade warned Foxbit that her security practices had malfunctioned on March 29th. The cybersecurity expert realized that something was happening when he noticed that the local complaints portal Reclame Aqui was inundated with Foxbit. content.
While digging deeper, he found that most users were complaining that the funds they had on the platform had disappeared. The Trindade investigation revealed that, on Foxbit, users could change their two-factor authentication settings (2FA) using a single password.
This allowed hackers to phish users and change their 2FA settings to exclude them from their own accounts. Since there was no confirmation by email, no security question, or any other layer of security, all they had to do next was to remove funds from it. user.
Speaking at the local publication Portal do Bitcoin, Trindade said:
"I could be rich right now, but my code of ethics will not allow it."
He added that he had been trying to warn the exchange that their users were in danger. He sent two emails to the company, left a support ticket and sent it on Facebook. It took BlinkTrade about two weeks to get back to him. In his response, he said that it would take seven days to resolve the issues.
Through Portal do Bitcoin, it took 25 days for the company to get rid of the vulnerability. Subsequently, Foxbit and BlinkTrade revealed that they were aware of the situation before Trindade contacted them and added that a "new login and withdrawal procedure had been scheduled since early February. .
The Foxbit Declaration reads (approximately):
"The company was informed of the first occurrences in December and has since been working with BlinkTrade to enhance security and guide users, as our blog shows."
Evando Conceição Oliveira, a Foxbit user, claims to have lost $ 10,300 on the platform on January 22nd. He was first contacted by Foxit's legal department, who tried to offer him 50% of what he lost. Oliveira tried to negotiate for a little more, and ended up receiving $ 5,700 from the stock market.
According to Foxbit, there are several other cases, some of which are taken to court. In class. A similar case in Brazil, related to online banking, has given the user reason, potentially creating a precedent.
This is not the first time the Foxbit platform has made the headlines. As reported by CCN, a bug in the cryptocurrency trading platform allowed users to withdraw their funds twice, leading to a loss of $ 270,000. The problem saw Foxbit go down for 14 days, although he did deal with withdrawals during his extended downtime.
As expected, competition could be about to get tougher in the country, as Brazil's largest investment company, XP Investimentos, will launch a cryptocurrency swap.
BlinkTrade revealed that " has no liability in the occurrences, since in the case of phishing, it is the users who provide (directly or indirectly) their personal information to third parties. " The company's CEO, Rodrigo Souza, has since published a video contesting Trindade's criticism.
Image from Shutterstock.
Follow us on Telegram.