The Brazilian currency exchange Foxbit recently discovered that through the BlinkTrade trading platform, it has updated its logon process, making it more secure for users. The update may be too late, however, as recent reports show, the company’s low security allowed hackers to phish users from about 58 BTC (about $540,000).
The score of 58 BTC comes from cyber security expert Leandro Trindade, who warned Foxbit that something was wrong with his security methods on March 29. A cybersecurity expert realized that something happened when he noticed that the local complaint portal Reclame Aqui was flooded with content related to Foxbit.
When he dug deeper, he found that most users complained that the tools they had on the platform were missing. The Trindade study showed that on Foxbit users can change the settings for two-factor authentication (2FA) using only one password.
This allowed hackers phishing users and change their settings 2FA to block them from their own accounts. Since there was no confirmation by e-mail, no security issue or any other level of security, all that they then needed to do was continue the allocation of the user’s funds.
Speaking at the local edition of Portal do Bitcoin, Trindade stated (approximately):
“I can be rich right now. But my code of ethics will not allow me.
He added that he was trying to warn about the exchange that their users were subjected to. He sent the company two letters, left a ticket for support and sent it to Facebook. It took BlinkTrade about two weeks to get back to it. In his answer he insulted, seven days would be needed to solve the problems.
Per Portal do Bitcoin took 25 days to get rid of this vulnerability. Both later, both Foxbit and BlinkTrade showed that they know about the problem before Trindad approached it, and added that a new procedure for registering and withdrawing funds is planned from the beginning of February.
Fokbit’s statement says (roughly):
The company was informed of the first events in December and has since worked with BlinkTrade to improve security and user management, as shown in our blog post in this regard.
Some users lost $10,300
Evando Conceicao Oliveira, user of Foxbit, claims that on January 22 he lost $10,300 on the platform. First he was contacted by the legal department of Foxit, who tried to offer him 50% of what he had lost. Oliveira tried to negotiate a little more, and eventually received $5,700 from the exchange.
According to Fokbit, several other cases were taken care of, some of which were brought to trial. In a court. A similar case in Brazil, concerning online banking, ruled in favor of a user potentially creating a precedent.
This is not the first time the Foxbit platform has released headlines. According to CCN, a mistake on the exchange platform of crypto-currencies allowed users to withdraw their funds twice, which resulted in a loss of $270,000. Due to the fact that Foxbit decreased by 14 days, it processed withdrawals for a long period of inactivity.
As you can see, the competition can be toughened in the country, as the largest investment company in Brazil XP Investimentos, is reportedly going to begin exchanging crypto-currencies.
BlinkTrade showed that it “does not bear any responsibility in cases, since in cases of phishing, users provide (directly or indirectly) their personal information to third parties.” CEO of the company Rodrigo Souza has since published a video that challenges the criticism of Trindade.