ADVERTISEMENT

Cryptocurrency marketplaces leave $18 million in the open for anyone to steal, leak user data

trading market visual representation
Cybernews Team
Jun 19, 2020 Updated: 6 December 2023 6 min read

Main takeaways

  • One main exchange has around $16.5 million in “hot” wallets, with almost 80,000 private keys exposed. Its mainnet RPC keys are also exposed with a $25,000 balance
  • One Chinese exchange, Hubdex, has users with high balances ($52,000, $40,000, $8,000, etc.) and unencrypted KYC data – ID cards and driver’s licenses that are easily downloadable
  • Another smaller exchange, Swiss-based Lykke, also has unencrypted KYC data and other exchanges’ API keys that can allow for easy money withdrawal from those exchanges. Balances are as high as $10,000
  • The crypto marketplaces or platforms are unprotected, allowing anyone to easily steal or manipulate balances
  • Unprotected data includes private keys, multisig wallet keys, API keys, full user and KYC data, mainnet RPC keys, and more
  • The total balance in these unprotected marketplaces comes to at least $18 million

About this research

Lykke

What data we found in the database

Lykke's exposed API keys
Lykke exposing their clients' private keys
Lykke's exposed redeem scripts for client Multisig wallets
Lykke exposing clients' balance amounts

Hubdex

  1. User assets cannot be manipulated
  2. Trading orders cannot be altered
  3. All trading assets are genuine and cannot be forged

What data we found in research

Chinese marketplace Hubdex leaks customer KYC data, here a national ID
Crypto marketplace Hubdex leaking customer data, private keys, etc.
ADVERTISEMENT
More leaked private keys by Hubdex

What did we discover?

Disclosure

Hubdex did not respond, and emails were not delivered to their inbox

Lykke

conversation with Lykke part 1
Conversation with Lykke - they confirm the impact

Bottom line

Protect yourself online with our hand-picked digital privacy tools

ADVERTISEMENT