Bit24.cash Reportedly Exposes Data Belonging to 230K Users

Iranian crypto exchange Bit24.cash has reportedly exposed sensitive data belonging to 230,000 users.

Guy in a black hoodie contemplating infront of a big swirling portal in space.
Created by Gabor Kovacs from DailyCoin
  • Bit24.cash has reportedly exposed the data of some of its users.
  • The allegation stems from a report by Cybernews researchers.
  • The exchange dismissed the allegation as “wholly untrue.”

According to a Monday report by researchers, Iranian cryptocurrency exchange Bit24.cash has “apparently inadvertently” exposed sensitive data belonging to thousands of users.

Founded in 2019, Bit24.cash operates as an over-the-counter (OTC) crypto exchange supporting over 300 coins and tokens. Last year, Bit24.cash and other Iranian crypto exchanges facilitated transactions totaling nearly $3 billion.

Bit24.cash Accused of Exposing User Data

According to a report dated January 8, Cybernews researchers have discovered a misconfigured MinIO (a high-performance object storage system) instance, “inadvertently granting access to the cloud storage containers” containing Bit24.cash’s KYC data.

Typically, Bit24.cash runs a stringent Know-Your-Customer (KYC) process that requires users to confirm their identities by uploading various official documents, including passports, IDs, and credit cards.

Per the report, the misconfiguration has compromised the KYC data of nearly 230,000 Iranian citizens and their written consent to regulations.

“With access to such comprehensive personal and financial data, malicious actors could impersonate individuals, gain unauthorized access to accounts, execute fraudulent transactions, and potentially cause substantial financial and personal harm to the affected users,” the researchers wrote.

In response to the allegation, the Bit24.cash team wrote to Cybernews researchers, dismissing their claims as “inaccurate and misleading.”

Bit24.cash Assures Users of Data Security

The report clarified that Bit24.cash “investigated Cybernews’ claims” and found no evidence of a data breach or unauthorized access of sensitive user data.

Specifically, the exchange labeled the reference to a misconfigured MinIO instance granting access to its cloud storage containers as “wholly untrue,” stating that it didn’t align with its system architecture or security protocols.

While Bit24.cash reiterated that its “cloud storage containers remain secure,” the exchange urged concerned users to contact its support team.

Read about Upbit’s recent win in Singapore:
Upbit Secures Singapore’s Major Payment Institution License

Stay updated on Bitget’s plans for 2024:
Here’s How Bitget Plans to Build on Its 2023 Milestones

This article is for information purposes only and should not be considered trading or investment advice. Nothing herein shall be construed as financial, legal, or tax advice. Trading forex, cryptocurrencies, and CFDs pose a considerable risk of loss.

Author
Brian Danga

Brian Danga, a Kenyan crypto reporter, is dedicated to delivering breaking news and updates from the cryptocurrency world. With a background as a Web3 writer and project manager, he recognizes the importance of unbiased reporting. Holding an LLB degree from the University of Nairobi, Brian's analytical skills contribute to his accurate news reporting. His personal interests include cooking, watching documentaries, reading, and engaging in intellectual discussions.