- Bit24.cash, an Iranian exchange, faces KYC data breach affecting 230K users.
- Research uncovers misconfiguration, exposing passports, IDs, and credit cards.
- Conflicting claims between Cybernews and Bit24.cash prompt user concerns.
Bit24.cash, a prominent Iranian cryptocurrency exchange, is under scrutiny following reports of a significant security breach.
Cybernews researchers uncovered a misconfiguration in the platform’s cloud storage system, leading to unauthorized access and exposing sensitive Know Your Customer (KYC) data of nearly 230,000 users. The incident raises concerns about user data protection in the cryptocurrency industry, as conflicting narratives emerge between the research findings and Bit24.cash’s official response.
Passports, IDs, and credit cards info compromised
The research by Cybernews exposed a misconfiguration in the exchange’s cloud storage system, providing unauthorized access to KYC data.
The compromised information includes passports, IDs, credit cards, and written consent to regulations for approximately 230,000 users. This breach underscores the vulnerability of user data and prompts users to question the safety of their personal information.
Conflicting claims and reassurances
In response to Cybernews’ allegations, Bit24.cash spokesperson and security engineer Hossein Amini refuted the claims, stating the report was inaccurate and misleading. Amini asserted that there was no evidence of a data breach or unauthorized access to user information.
Contrary to the research findings, Amini confidently declared the security and integrity of the MinIO instance and cloud storage containers, emphasizing their commitment to user security.
Ramin Moradi, the Bit24.cash CTO, also stated on X that Cybernews has not given any evidence on the security breach and as such he cannot I can’t confirm their claim.
Unfortunately Cybernews has spread this article without giving any evidence to us. As https://t.co/uz9oRkpVgH's CTO I can't confirm their claim.
— Ramin Moradi (@sudoramin) January 8, 2024
Bit24.cash also stated that after “careful investigation, our technical team found the claims to be false and misleading.” They also went ahead to give a number of reasons through a thread of X (formerly Twitter) supporting their conclusion.
Impact on the Iranian crypto market
Bit24.cash, alongside other Iranian crypto exchanges, has been a significant contributor to the country’s crypto market. In 2022, these platforms accounted for 12% of all funds flowing to Iranian exchanges.
The reported security breach not only raises concerns for individual users but also highlights potential repercussions for the broader cryptocurrency ecosystem in Iran. Users are now urged to seek clarification from Bit24.cash support amid the conflicting narratives.