By CCN.com: Turkish crypto exchange Sistemkoin had done $68 million in volume over the 24-hour period at time of writing. However, according to a report from a user and security researcher, there are significant security problems with the exchange.
The exchange did over $10 million in Bitcoin trades alone. Source: coinmarketcap.com
There are two aspects to our anonymous tipster’s report. First, anyone with a program called Burpsuite and a Sistemkoin account to compromise the support tickets of other users. Our tipster has spent well over a week trying to notify the exchange of the problem, with no response.
Support Ticket Vulnerability: A Major Problem
Some might wonder what the problem actually is if others can see your support ticket. Big deal, right? Well, imagine if someone posing as support staff requests you to disable two-factor authentication. Or, reveal private information to “verify your account.” There are many imaginable attack vectors that become possible when has the ability to pose as staff.
The other aspect of the vulnerability is that most of the tickets our source saw were related to problems with withdrawals. This should be cause for concern for obvious reasons.
1) Basic security practices are not followed.
2) Users are veritably having problems making withdrawals.
Withdrawals are perhaps the single most important aspect of crypto exchanges. Any well-made scam can process a deposit. Only legitimate exchanges can reliably and consistently process withdrawals. An annual event called “Proof of Keys” tests the validity of exchanges by creating what amounts to a bank run.
Legitimate exchanges like Binance have literally no problem on days like this.