Crypto exchange leaks every user’s support ticket to every other user
CyberNews recently discovered a bug affecting the cryptocurrency exchange platform Bitexlive in which support tickets were exposed to every visitor of the site via the socket. This data can be mundane or extremely sensitive, depending on the type of information being communicated between the customer and the customer support agents.
CyberNews contacted Bitexlive via Telegram on September 28 to disclose the issue and help them resolve it. Although we have received no communication in return, the issue seems to have been fixed after we informed them.
A request for comment was not returned by the time of publishing.
What data is being leaked?
The leaked data is related to any support ticket, which can be viewed by any visitor of the site via Bitexlive socket. When a Bitexlive user has some issue with the site, whether it's serious or mundane, they will contact customer support and open what's known as a support ticket -- basically a summary of the situation and a request for help. With this data leak, every user on Bitexlive can see other users' support tickets.
The leaked data includes:
- the time of request
- name of the ticket creator
- email of the ticket creator
- extra information, like Telegram handle or addresses
- full text of the ticket
- Image locations (if attached)
Needless to say, most of the data being leaked is already sensitive. But the area for most worry is the “full text of the ticket,” which can contain very sensitive information depending on the type of problem being discussed with customer support.
This can also include KYC, or Know Your Customer, data required by many cryptocurrency exchanges, which includes official identification documents like passports, driver’s licenses, and national IDs.
Below is a sample of the kind of data that we were able to see:
The data was being sent to every visitor of Bitexlive, so anyone with minimal technical knowledge could view this data.
Who is the company behind the vulnerability?
Bitexlive is a cryptocurrency exchange platform that is based in Turkey. Besides claiming the usual 24/7 support, secure storage and two-factor authentication, their website also claims that they put “Security First.”
However, while the vulnerability we discovered was not critical, it still reflects poorly on a financial services provider. Unfortunately, while Bitexlive seems to have used our vulnerability disclosure to patch their issue, they responded to neither our initial disclosure nor any of our follow-up requests for comment.
According to CoinGecko, Bitexlive has a daily trading volume of about $19 million, and has a trust score of 4/10.
What’s the impact of the vulnerability?
At the moment, with the limited knowledge that we have of the situation due to Bitexlive’s lack of communication, it is unknown for exactly how long the vulnerability had remained and how many people may have accessed this information.
Nonetheless, the kind of information that was exposed can be used for targeted phishing campaigns against Bitexlive users. Depending on the type of information that was being shared in these private support tickets, victims can potentially have their KYC data leaked.
With that, cybercriminals can commit identity theft on these victims, possibly taking out loans or credit cards in their names, or even using the information for social engineering and other purposes.
If you are or have been a user of Bitexlive, there’s a chance that your data has been exposed. Therefore, we recommend you:
- Review your messages with Bitexlive support in your mailbox to see if you’ve shared sensitive information
- Set up identity theft monitoring to make sure your finances are safe
- Keep an eye out for phishing or other suspicious emails or messages, and avoid clicking on links from suspicious emails