(https://themerkle.com/wp-content/uploads/shutterstock_675951556.jpg)
It seems there are a lot more concerns for Bittrex users than just reduced withdrawal limits or lengthy verification times. According to a Russian Telegram group, someone has obtained passport data and other sensitive user information from the exchange. It seems this leak was the result of how Bittrex handles the user verification process. Assuming there is any truth to these allegations, things are not looking great for this particular company.
BITTREX USER DATA POSSIBLY EXPOSED
There are many pitfalls when dealing with centralized Bitcoin and cryptocurrency exchanges. Although it’s understandable these companies have to perform thorough KYC and AML verification, it also means customers expose sensitive personal information to third parties. While most people don’t give this a second thought, it can have major consequences. Personal information is of great value to cybercriminals these days, and cryptocurrency exchanges are prime targets in this regard.
One also has to keep in mind these exchanges may (accidentally) leak sensitive user information. That’s because handling the influx of new users and verifying everyone manually is a tedious process. As the information flow grows larger, there are more risks for users of these platforms. It only takes one mistake to expose personal details to the wrong individuals. Once one’s information is exposed to cybercriminals, things can get very ugly very quickly. It seems a lot of Bittrex users may find that out the hard way in the very near future.
More specifically, a Russian Telegram channel – click at your own risk – claims it has obtained leaked passports, data, and other sensitive information from Bittrex users. It is unclear if this leak is genuine, and if so, how it happened in the first place. Some sources claim the “back office process” employed by Bittrex allowed this data to be exposed. More specifically, users are required to manually send their passport details to the exchange, which are then manually verified by the site’s support team. It is far from an ideal process, mind you, and one that needs to be automated as quickly as possible.
One downside to automating this process, however, is that it would result in sharing customers’ details with even more parties. That is far from secure, mind you, but it may be an option worth exploring for the Bittrex team. It is evident something fishy is going on with this exchange, and it remains to be seen how the company responds to these allegations. No major data leak has occurred just yet, by the look of things, but this situation is still pretty worrisome in general.
As is usually the case, allegations like these need to be taken with a grain of salt. While no one will deny that cybercriminals have gotten craftier over the years, it would be rather shocking if Bittrex didn’t take customer security seriously enough to prevent mishaps like these from happening. It is evident the company has processed a lot of new user registrations and requests to verify existing accounts after its policy changes went into effect a few weeks ago.
This news comes on the heels of other issues affecting the Bittrex exchange as of late. Users have been complaining about accounts being locked, withdrawal delays, and other problems. If the company is actually leaking passport information, that may well be the nail in the coffin for this exchange. It will be interesting to see how this situation plays out, as these allegations are pretty problematic if true. Cryptocurrency exchanges remain prime targets for criminals; that much is evident.
https://themerkle.com/russian-cybercriminals-allegedly-obtain-passport-data-of-bittrex-users/