Copy link
Increase text size
Decrease text size
Link copied

Iranian Crypto Exchange Bit24.Cash Suffers User Passport and ID Leak

Bit24.cash accidentally disclosed sensitive information of almost 230,000 users.

Tue, 09 Jan 2024, 01:31 am UTC

Iran has fully embraced cryptocurrency despite restricted access to international financial markets.

Iranian crypto exchanges facilitated nearly $3 billion in transactions in the past year alone.

Notably, the overwhelming majority of incoming crypto volume in Iran adheres to Know Your Customer (KYC) requirements, indicating a commitment to regulatory standards.

Bit24.Cash Incident Raises Security Concerns

Bit24.cash, a prominent over-the-counter crypto exchange in Iran with support for over 300 coins and tokens, has recently been in the spotlight.

The KYC process, crucial for curbing criminal activity, involves users confirming their identity by submitting official documents.

According to Security Affairs, given the sensitive nature of these documents shared during the KYC process, users rightfully expect exchanges to prioritize robust security measures.

However, Cybernews researchers made a concerning discovery. A misconfigured MinIO, a high-performance object storage system, unintentionally provided access to S3 buckets, the cloud storage containers housing Bit24.cash's KYC data.

This lapse in configuration exposed the personal information of approximately 230,000 Iranian citizens, including written consent to regulations, passports, IDs, and credit cards.

Unveiling the Impact and Response

The compromised KYC verification data on the Bit24.cash platform highlights the potential consequences of security lapses in cryptocurrency exchanges.

The incident underscores the importance of secure handling and storing user data, particularly in a sector where privacy and compliance are paramount.

In response to the discovery, our attempts to contact Bit24.cash for a statement went unanswered before the publication of this article.

However, it's crucial to note that the identified misconfiguration has been addressed, and the vulnerable instance is no longer accessible.

According to Cyber News, this incident serves as a stark reminder of the ongoing challenges in safeguarding user data in the evolving landscape of cryptocurrency exchanges.

The industry must also continue to prioritize robust security measures to maintain user trust and uphold regulatory standards.

Photo: Kevin Ku/Unsplash

TokenPost | [email protected]

<Copyright © TokenPost. All Rights Reserved. >

Back to top
Copyright ⓒ TokenPost. All Rights Reserved.