Foxbit, a really popular cryptocurrency exchange in Brazil, just revealed the fact that through the BlinkTrade platform, the login process was updated so user safety is increased. This is an update that was really necessary but it does seem that it came too late. According to various reports, the company had poor security that allowed hackers to steal 58 BTC from users.
Leandro Trindade, cybersecurity expert, made the estimate. He did warn Foxbit about the fact that something is wrong with the security practices used. This happened on March 29 as Trindade saw different complaints listed on a local complaint portal in relation to Foxbit.
Trindade investigated the reports and found that users were complaining about missing funds from what they had in the platform. The hackers basically took advantage of a big cyber security flaw with Foxbit that allowed the user to change 2FA (two factor authentication) by just using 1 password.
Through phishing the hacker changed 2FA settings for accounts and the actual user was locked out of his own account. Because of the fact there was no extra security feature included like a secret question or email confirmation, the hacker simply withdrew user funds without him being aware of it.
After Trindade figured out there was a problem, he tried to contact the exchange. In an interview he said he sent 2 emails, started a support ticked and even sent messages on Facebook. BlinkTrade only responded after two weeks and said the security fix will take 7 days.
After some time both BlinkTrade and Foxbit declared that they did know about the security issue. Reports showed that it took 25 days for the firm to solve it, which is quite unacceptable according to modern security standards.
What Can Users Do?
Since we are talking about cryptocurrency and an exchange, many users simply decided not to do anything about their losses. However, some did fight back. One user, Evando Conceicao Oliveira, supposedly lost $10,300 on Foxbit and was eventually offered $5,700 back, after negotiations.
Foxbit did admit that they are taking care of different cases but some are now taken to court. In Brazil there was a similar case related to online banking. In that situation the authorities ruled for the user. If this happens with Foxbit, a very important precedent in the country would be set.
We have to acknowledge the fact that this is not the first time the Brazilian cryptoexchange is faced with security problems and bugs. The last one allowed users to actually withdraw funds two times. This caused a loss of $270,000 and a downtime for the platform of 2 weeks.
Since there are reports that XP Investimentos, a large investment firm in Brazil, wants to launch a new cryptocurrency exchange, Foxbit may lose ground. Also, BlinkTrade did say it has no part in the hack because it was a phishing activity in which it was the user that actually offered the password. This is not the type of response people want to hear.