News
Iranian crypto exchange Bit24 disputes claims of KYC data leak incident Iranian crypto exchange Bit24 disputes claims of KYC data leak incident

Iranian crypto exchange Bit24 disputes claims of KYC data leak incident

Data breach incidents are quite common in the crypto sector due to some of the platform's lax security measures.

Iranian crypto exchange Bit24 disputes claims of KYC data leak incident

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Receive, Manage & Grow Your Crypto Investments With Brighty

Bit24.cash, an Iranian cryptocurrency exchange, denied claims that it exposed the personal information of its platform users due to a misconfigured storage system.

Alleged KYC data exposure

Earlier today, Cybernews researchers reported that a security flaw on the platform led to the unintended exposure of its users’ Know Your Customer (KYC) data, including IDs, passports, and credit card details, accessible to anyone due to misconfigured cloud storage containers.

The researchers warned that the leak exposes the platform users to threats of identity theft, phishing attempts, and fraudulent transactions.

Cybernews said the vulnerability has been addressed, with the storage now secured and inaccessible as of press time.

Bit24 is one of the leading crypto trading platforms in Iran. The Asian country is one of the few countries that has adopted a pro-crypto stance as part of efforts to circumvent the sanctions imposed against it by Western superpowers.

Bit24 counters claims

In an email response to Cybernews, Bit24 denied the occurrence of the vulnerability following an internal investigation.

Hossein Amini, a security engineer at Bit24, asserted that the mentioned misconfiguration is false and inconsistent with the platform’s system architecture and security protocols.

“The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our system architecture or security protocols. We can confirm that our MinIO setup and cloud storage containers remain secure, and there has been no unauthorized access to any sensitive user data,” Amini reportedly said.

Bit24 has yet to respond to CryptoSlate’s request for additional commentary as of press time.

Data breaches in crypto

Meanwhile, incidents of data breaches are prevalent in the crypto sector because regulated platforms gather personal data during registration. While these Know Your Customer protocols aim to curb illicit activities, safe storage remains a significant challenge.

Last year, CryptoSlate reported about several crypto entities, including Bitcoin-based payment platform Strike and bankruptcy claims agent Kroll, suffering breaches that revealed their users’ information.

Mentioned in this article