CoinAdmin security issue
LONDON — December 7, 2018.
CDRX was contacted today by a whitehat hacker who provided evidence of a security hole in CoinAdmin’s platform. CoinAdmin provides the outsourced KYC and crowdsale platform used by CDRX.
07-Dec 14:17 UTC CDRX was contacted by a user on Telegram advising there was a bug in the CoinAdmin platform which could expose uploaded KYC documents
07-Dec 14:19 UTC CDRX requested examples of the breach
07-Dec 14:21 UTC The user provided four unique examples
07-Dec 14:22 UTC CDRX requested details of the bug for immediate investigation
07-Dec 15:26 UTC The user provided details of the bug
07-Dec 15:29 UTC CDRX investigated and confirmed it to be a valid bug on CoinAdmin’s platform — using a particular URL, certain users on the platform were able to view other peoples KYC documents
07-Dec 15:40 UTC CoinAdmin was alerted to the bug and asked to: immediately disable its platform; fix the bug; and inform the EU privacy commissioner/supervisory authority of a breach of its systems
07-Dec 15:47 UTC CDRX identified 423 users that may have been affected
07-Dec 17:18 UTC CoinAdmin confirmed the bug had been fixed
07-Dec 17:41 UTC CDRX confirmed the bug had been fixed
07-Dec 18:33 UTC The Telegram user confirmed the bug had been fixed
Based on information provided by CoinAdmin, no other data, including usernames, passwords or wallets, were exposed.
CDRX does not use CoinAdmin for any other purpose and its own systems are completely independent. CDRX will be contacting potentially affected users individually.
In the interests of those affected, this interim statement has been made. CDRX is awaiting further information from CoinAdmin and an additional statement will be made on Monday 10-Dec-18.
END
###
Telegram: https://t.me/cdrxchange
Website: https://cdrx.io/
Twitter: https://www.twitter.com/cdrxchange
