Turkish Crypto Exchange Sistemkoin’s Disturbing Security Flaw Reveals Major Withdrawal Complaints
发布时间:2019-01-21 11:00:45 发布人:TokenString

By CCN.comTurkish crypto exchange Sistemkoin had done $68 million in volume over the 24-hour period at time of writing. However, according to a report from a user and security researcher, there are significant security problems with the exchange.

The exchange did over $10 million in Bitcoin trades alone. Source: coinmarketcap.com

There are two aspects to our anonymous tipster’s report. First, anyone with a program called Burpsuiteand a Sistemkoin account to compromise the support tickets of other users. Our tipster has spent well over a week trying to notify the exchange of the problem, with no response.

Support Ticket Vulnerability: A Major Problem

Some might wonder what the problem actually is if others can see your support ticket. Big deal, right? Well, imagine if someone posing as support staff requests you to disable two-factor authentication. Or, reveal private information to “verify your account.” There are many imaginable attack vectors that become possible when has the ability to pose as staff.

The other aspect of the vulnerability is that most of the tickets our source saw were related to problems with withdrawals. This should be cause for concern for obvious reasons.

1) Basic security practices are not followed.

2) Users are veritably having problems making withdrawals.

Withdrawals are perhaps the single most important aspect of crypto exchanges. Any well-made scam can process a deposit. Only legitimate exchanges can reliably and consistently process withdrawals. An annual event called “Proof of Keys” tests the validity of exchanges by creating what amounts to a bank run.

Legitimate exchanges like Binance have literally no problem on days like this. When the business model is sound and the software is properly written, its only potential effect is a temporary drop in trading volume.

Today Sistemkoin tweets: