CDRX ends relationship with CoinAdmin
LONDON — December 10, 2018.
On 7-Dec-18 CDRX was alerted to a serious open security issue in CoinAdmin’s platform that exposed confidential KYC documents via a simple URL. This bug potentially affected all CoinAdmin clients which use (or have used) CoinAdmin’s platform. It is unclear if any other CoinAdmin clients have been informed of this breach.
Immediately upon learning of the bug, CDRX completed a validation, alerted CoinAdmin and asked for its TGE platform to be immediately disabled. Pursuant to EU GDPR rules, it also insisted that CoinAdmin immediately alert its supervisory authority.
David Ward, CEO of CDRX said:
Following contact by a whistle-blower we were horrified to learn of this breach, particularly given CoinAdmin so heavily emphasised its security standards. Our customers are paramount and we will not play Russian roulette with either their privacy or their security. In view of that we’ve discontinued use of CoinAdmin’s platform. We apologise unreservedly to those affected and will be contacting each individual as soon as we have the full list from CoinAdmin. It is unfortunate that CoinAdmin has so far refused to step up and take clear responsibility for its failures.
CDRX stressed that all of its systems operate entirely independently of CoinAdmin, and that CoinAdmin’s KYC module and platform were only ever for use with it’s crowd-sale.
CoinAdmin was never involved in any other aspect of the CDRX business, including but not limited to its pending digital asset exchange and fully regulatory compliant KYC process.
CDRX noted it originally made the decision to use CoinAdmin based on four factors:
- its history as an established platform that claimed to have raised over $70 million for a number of clients
- its explicit claims of being regularly penetration tested by an independent third-party
- its repeated emphasis on its high security standards, including clearly stating it was ‘guaranteed’: “Robust security features”, “Reliable KYC module”, “Safe and reliable” and “How is COINAdmin’s security guaranteed?”
- the backing of parent company, Krypton Capital — an established specialist in the crypto-industry — owner of Cryptovest, ICOBackers and others
Based on all available information, CDRX believes the vulnerability existed before its engagement of CoinAdmin, and strongly recommends careful evaluation of platform providers and third-party penetration testing firms.
END
###
Telegram: https://t.me/cdrxchange
Website: https://cdrx.io/
Twitter: https://www.twitter.com/cdrxchange
