Iranian crypto exchange Bit24 disputes claims of KYC data leak incident Iranian crypto exchange Bit24 disputes claims of KYC data leak incident
Data breach incidents are quite common in the crypto sector due to some of the platform's lax security measures.
2 min read
Updated: Jan. 8, 2024 at 12:55 pm UTC
Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.
Bit24.cash, an Iranian cryptocurrency exchange, denied claims that it exposed the personal information of its platform users due to a misconfigured storage system.
Alleged KYC data exposure
Earlier today, Cybernews researchers reported that a security flaw on the platform led to the unintended exposure of its users’ Know Your Customer (KYC) data, including IDs, passports, and credit card details, accessible to anyone due to misconfigured cloud storage containers.
The researchers warned that the leak exposes the platform users to threats of identity theft, phishing attempts, and fraudulent transactions.
Cybernews said the vulnerability has been addressed, with the storage now secured and inaccessible as of press time.
Bit24 is one of the leading crypto trading platforms in Iran. The Asian country is one of the few countries that has adopted a pro-crypto stance as part of efforts to circumvent the sanctions imposed against it by Western superpowers.
Bit24 counters claims
In an email response to Cybernews, Bit24 denied the occurrence of the vulnerability following an internal investigation.
Hossein Amini, a security engineer at Bit24, asserted that the mentioned misconfiguration is false and inconsistent with the platform’s system architecture and security protocols.
“The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our system architecture or security protocols. We can confirm that our MinIO setup and cloud storage containers remain secure, and there has been no unauthorized access to any sensitive user data,” Amini reportedly said.
Bit24 has yet to respond to CryptoSlate’s request for additional commentary as of press time.
Data breaches in crypto
Meanwhile, incidents of data breaches are prevalent in the crypto sector because regulated platforms gather personal data during registration. While these Know Your Customer protocols aim to curb illicit activities, safe storage remains a significant challenge.
Last year, CryptoSlate reported about several crypto entities, including Bitcoin-based payment platform Strike and bankruptcy claims agent Kroll, suffering breaches that revealed their users’ information.
Mentioned in this article
Author 
Oluwapelumi Adejumo
Oluwapelumi values Bitcoin's potential. He imparts insights on a range of topics like DeFi, hacks, mining and culture, underlining transformative power.
Editor Editor 
Liam 'Akiba' Wright
Also known as "Akiba," Liam is a reporter, editor and podcast producer at CryptoSlate. He believes that decentralized technology has the potential to make widespread positive change.
Latest Iran Stories
In this article
Strike
Strike allows users to send and receive money anywhere, instantly, with no fees.