Data of over a million crypto exchange users exposed


GokuMarket, a centralized crypto exchange owned by ByteX, left an open instance, revealing the details of virtually all of its users, the Cybernews research team has discovered.

The leak comes after the team discovered an unprotected MongoDB instance, which stored information on GokuMarket crypto exchange users.

Businesses employ MongoDB to organize and store large swaths of document-oriented information, and in GokuMarket’s case, the details of over a million customers and admin users.

ADVERTISEMENT

GokuMarket, a cryptocurrency exchange, was recently acquired by Canada-based crypto exchange ByteX. The move came after GokuMarket, which had around a million users at the time, almost went bankrupt after denying users a withdrawal option in mid-2022, a disastrous year for crypto.

GokuMarket’s exposed database was discovered in October 2023 and secured the next day after researchers sent a responsible disclosure note.

However, the database was exposed to the web for some time, which means anyone could have accessed it. Meanwhile, the open instance held a trove of sensitive data on over a million users. The data included:

  • User IP
  • Country
  • Email addresses
  • Encrypted passwords
  • User crypto wallet addresses
  • Dates of birth
  • First and last names
  • Mobile numbers
Goku sample
Sample of leaked data.

The researchers believe that there’s more than enough information for a persistent attacker to develop a spear-phishing campaign, which would likely aim to drain the user’s crypto funds.

Additionally, the team discovered that the database held 35 accounts with full-admin access, including private Telegram channel IDs, exchange platform secret tokens, passwords, and other extremely sensitive information.

While individual user data may be exploited to target exposed users on other platforms through credential stuffing attacks, admin access details open up far nastier cans of worms, with attackers gaining the ability to scam en-masse, with the risk of unauthorized fund transfer.

ADVERTISEMENT

In theory, a leak of this nature could allow the manipulation of the market with attackers leveraging official Telegram channels for their malicious intentions. While the official GokuMarket Telegram channel has been inactive since September 2022, scams impersonating brands known within the crypto community are still a viable option.

We have reached out to GokuMarket / ByteX for comment but have yet to receive a reply before publishing the article.