DX.Exchange, may have easily exploitable security vulnerabilities that could compromise large amounts of user data.
According to Ars Techina, an anonymous trader who wanted to use the platform created a “dummy account” to check whether the platform was indeed secure. After careful examination, the user found that the trading platform had been sharing “other users’ authentication tokens and password-reset links.”
The user added that he collected 100 tokens in 30 minutes, and malware could be used to download entire databases, and even take token from the exchanges’ own email.
The DX.Exchange team was informed and the developer’s are fixing the bugs.