[ad_1]
The DX.Exchange security token exchange platform says it corrected a security vulnerability that allowed anyone to access users' authentication tokens.
DX.Exchange, which went live on Monday, offers encrypted tokens representing shares of a number of Nasdaq-listed companies. The company uses the Nasdaq matching engine and the financial information exchange protocol to facilitate the trading of these digital securities.
However, in its early days, the platform revealed sensitive data, including links to reset the password, as reported by Ars Technica. It is not clear how many user accounts have been compromised, even if an anonymous trader has told the news site that he has collected "about 100 tokens in 30 minutes".
Ars also reported being able to collect "a large number" of authentication tokens.
In an instruction, DX.Exchange attributed the bug to "an authentication token error", but claimed that the problem was solved before any damage occurred.
Daniel Skowronski, managing director of the exchange, stated in a statement that the user's funds were not at risk, explaining:
"We are pleased to report that the vulnerability has been corrected successfully and that no user funds have been compromised … Customer funds have always been secure, our advanced multilevel monitoring and defense mechanism has been able to avoid further problems ".
The statement went on to note that all developers who discover bugs in the future can report them to the exchange directly through a bounty bug program.
Image of the business graph via Shutterstock
[ad_2]Source link
