Crypto Exchanges Risk Losing $18 Million Due to Negligence

As the popularity of Bitcoin and cryptocurrencies continues to grow, the number of crypto exchanges is also increasing. According to Cryptimi, there are currently around 18,988 cryptocurrency trading platforms, and Bloomberg reports that crypto exchanges generate $3 million in daily revenue and $1 billion annually. This surge has led to the emergence of many smaller exchanges that often pay insufficient attention to security.

The research team at CyberNews set out to determine how secure these crypto exchanges really are. During their investigation, experts scanned the internet for open MongoDB databases and matched them with relevant keywords. After filtering the results, the researchers manually checked each database for sensitive information.

The study revealed that one of the largest crypto exchanges holds about $16.5 million in hardware (“cold”) wallets and has approximately 80,000 leaked private keys. Additionally, the mainnet RPC keys, with a balance of $25,000, were also found to be exposed.

The investigation also found that the Chinese exchange Hubdex, whose clients hold up to $52,000 in their accounts, does not encrypt KYC data—meaning anyone can easily access identification cards and driver’s licenses. The Swiss exchange Lykke also fails to encrypt KYC data and API keys from other exchanges, which could allow attackers to withdraw funds from user accounts with ease.

The total balance on all the unsecured platforms discovered by the researchers amounts to at least $18 million.

The researchers attempted to contact the two “problematic” exchanges. Representatives from Lykke responded immediately and warned their clients about the data breach. However, the email address for Hubdex was found to be invalid.

Glossary

• Mainnet – A blockchain that processes real cryptocurrency transactions, transferring funds from senders to recipients. While a testnet is a prototype demonstrating a project’s potential, the mainnet is a fully functional product ready for use.
• KYC (Know Your Customer) – A term used in banking and exchange regulation for financial institutions, betting companies, and other businesses dealing with personal funds. It means they must identify and verify the identity of their clients before conducting financial transactions.