Cryptonews Blockchain News

Iranian Crypto Exchange Bit24.cash Reportedly Exposes Sensitive Data of Nearly 230K Users

Iran

Author

Sujha Sundararajan

Author

Sujha Sundararajan

About Author

Sujha has been recognised as 🟣 Women In Crypto 2024 🟣 by BeInCrypto for her leadership in crypto journalism.

Author Profile

Last updated:

January 8, 2024

Why Trust Cryptonews

Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews

Iranian crypto exchange Bit24.cash users reportedly suffered a significant data breach exposing sensitive data of nearly 230K citizens. However, the exchange dismissed the allegation as “wholly untrue.”

The breach was attributed to an alleged misconfigured storage system used by the exchange, according to a team of researchers at Cybernews, who initially brought the allegations to light.

The misconfigured MinIO object storage system was left unprotected, granting access to S3 buckets containing users’ KYC documents. The data had information including consent letters, passport information, and credit card details, the researchers explained.

“With access to such comprehensive personal and financial data, malicious actors could impersonate individuals, gain unauthorized access to accounts, execute fraudulent transactions, and potentially cause substantial financial and personal harm to the affected users.”

Cybernews researchers later said that the storage is now secure and inaccessible.

Bit24.cash is among the top 5 largest crypto exchanges in Iran, according to TRMlabs insights. The nation adopted a pro-crypto stance in 2019 to circumvent the sanctions imposed against it.

Bit24.cash – “Wholly Untrue”

In response to the claims, the exchange vehemently refuted the allegation calling it “inaccurate and misleading.”

Hossein Amini, a security engineer at bit24.cash, assured that there is no evidence of data breach or unauthorized access to sensitive data and that user security remains Bit24.cash’s ‘utmost priorities.’

“The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our system architecture or security protocols,” Amini said. He confidently asserted that their MinIO instance and S3 buckets remain secure.

Several breaches have occurred in the past due to unsecured access to users’ information. The recent potential breach of Strike, a Bitcoin Lightning-based payment platform, flagged by online sleuth ZachXBT, claimed to have exposed private emails of users.