Major leak exposes users from Russian crypto exchanges


Customers at nine crypto exchanges in Russia have had their anonymity shattered, with private user data being exposed for more than two months now, the Cybernews Research team has discovered.

Cybernews researchers were able to independently verify the authenticity of the user data leaks of the following crypto exchanges:

  • Sova[.]gg
  • coinstart[.]cc
  • pocket-exchange[.]com
  • onemoment[.]cc
  • cripta[.]cc
  • metka[.]cc
  • alt-coin[.]cc
  • ferma[.]cc
  • in-to[.]cc

While the exchanges are relatively small, the estimated number of affected individuals is more than 500,000 customers.

The data collection comprises very sensitive user information, including full names, credit card numbers, emails, IP addresses, the amounts for payment or withdrawal requests, descriptors, such as BTCRUB, and other authentication information, such as software used (user agents).

In total, the leaked data included more than 615,000 payment requests and more than 28 thousand withdrawal requests.

Russian crypto exchanges are often used to hide illicit activities. Therefore, this leak might be helpful to law enforcement agencies and cybersecurity researchers worldwide.

“For some, this may be an “I didn’t see that coming” moment, which will require dusting off the storytelling skills and looking for alibis,” researchers noted.

First discovered on October 10th, the server with the leak could still be accessed and interacted with at the time of writing. However, while the IP was operational, all the data was already destroyed by a malicious script. It’s unclear who is responsible for the leak and the consequent destruction of the data.

Exposed Russian stock exchange

“The data was handled using MongoDB, which, when properly implemented, is a powerful database software. However, a misconfiguration allowed unrestricted access, enabling third parties to access and expose the crypto exchange data,” the researchers noted.

MongoDB stores data in a flexible format similar to JSON, which allows developers to expand data structures on the fly.

The users of such crypto exchanges should stay informed. The leak leaves them vulnerable to fraudulent activities, such as identity theft, phishing and other social engineering attacks, and unauthorized transactions.

The reused passwords should be changed immediately, together with enabling multi-factor authentication.