Security researchers have announced that in two crypto exchanges, users have identified vulnerabilities that lead to easy access to $ 18 million crypto money.
It was determined that two crypto exchanges that accidentally exposed their users ‘private keys and personal data also endangered users’ over $ 18 million crypto money.
As reported by CyberNews , one of the two exchanges identified by security researchers was Swedish-based Lykke. It was found that there are $ 16.5 million cryptocurrencies in hot wallets in a public database of this exchange.
The researchers browsing the database easily accessed Lykke’s API keys and provided unlimited access to the platform. They could trade, deposit and withdraw with API keys. Later, they accessed customers’ private keys. With these private keys, they could directly access the customer’s wallet and do many things, including spending, transfer and trading.
The researchers were able to see the transactions and balances of each customer in the database they accessed.
Lykke was not the only stock market to seriously jeopardize the security of its users’ money.
A similar situation was discovered in Hubdex, the China-based decentralized stock market. This platform, which claims to have more than 160 thousand users, could be easily entered into the database, and in addition to the private keys and passwords, the special documents given by the users for authentication were also reached. Over 1 million private keys were found in Hubdex that are accessible. Researchers estimate that the user presence on the stock exchange is $ 1-2 million.
According to the news, Lykke quickly responded to hackers with white hats, verifying that there was a security vulnerability in their databases and fixed the problem. The vulnerability in Hubdex was also quickly removed.