Iranian Cryptocurrency Exchange Bit24.cash Faces Potential Data Breach
A potential data breach has been uncovered at Bit24.cash, an Iranian cryptocurrency exchange, raising concerns about the exposure of sensitive information belonging to nearly 230,000 users, Cybernews reported on January 8.
Concerns Mount Over Exposure of Sensitive User Data at Bit24.cash
Given Iran’s restricted access to global financial markets because of sanctions, the country has increasingly turned to cryptocurrencies. In the past year alone, Iranian crypto exchanges facilitated transactions totaling almost $3bn, with the majority adhering to Know Your Customer (KYC) requirements.
Bit24.cash, a prominent over-the-counter crypto exchange in Iran supporting over 300 coins and tokens, is now under scrutiny. The KYC process, crucial for preventing criminal activities, mandates users to verify their identity by submitting official documents. Despite the confidential nature of these documents, users expect exchanges to diligently safeguard them.
Misconfigured MinIO Instance Exposes KYC Data of 230,000 Iranian Citizens
However, a misconfigured MinIO instance was discovered by Cybernews researchers, inadvertently providing access to S3 buckets containing the exchange’s KYC data. This misconfiguration exposed critical details of approximately 230,000 Iranian citizens, including written consent to regulations, passports, IDs, and credit cards. The exchange has reported that the instance has been secured and is no longer accessible.
Experts Warn of Significant Threat as KYC Data Breach Hits Crypto Exchange
Cybernews researchers emphasize the severity of compromised KYC verification data on cryptocurrency exchanges, stating that such a breach poses a significant threat. Malicious actors could exploit the exposed data for identity theft, fraudulent transactions, and phishing attacks, potentially causing substantial financial and personal harm to affected users.
Bit24.cash Denies Data Breach, Claims Accusations are Inaccurate
Hossein Amini, a security engineer at Bit24.cash, dismissed Cybernews’ claims as “inaccurate and misleading”, stating that the company found no evidence of a data breach or unauthorized access to sensitive user information.
Analyst comment
Negative news: Iranian Cryptocurrency Exchange Bit24.cash Faces Potential Data Breach and Exposes Sensitive User Data
As an analyst, the market is likely to react negatively to this news. The potential data breach and exposure of sensitive user data raises concerns about the security and trustworthiness of Bit24.cash. This could lead to a decrease in users and transactions on the exchange, as people may be hesitant to trust their personal information and funds with the platform.
