A few days ago, Odaily reportedDx. Exchange, an exchange where you can buy token stocks with coins, which claims to be powered by Nasdaq, allows users to trade stocks of companies including Apple, Facebook and Tesla. However, not long after the service was launched, an unnamed trader told foreign mediaArs Technica According to the report, there are security loopholes in Dx.Exchange, and if these loopholes are exploited by criminals, they will cause losses to platform users.
The trader said that he created a vest account to test the security and stability of the Dx.Exchange platform. But when he tested it with the development tools of Google Chrome browser, he was surprised to find that the request sent from the browser to Dx.Exchange contained the authenticated token (token) and the detailed information of the accessing user. Like a link to reset your password. These tokens passJSON Web Token (cross-domain authentication solution)This is an open standard for formatting, but for someone versed in it, the user's email address and the token owner's full name are easily accessible.
The trader also stated,
Collected about 100 tokens myself in 30 minutes. If the prosecutor wanted to convict me on that basis, it would make perfect sense.
The trader claimed that if these users were logged in all the time, he could access these accounts and obtain user information leaked by the platform from these tokens. And even if those users are offline, traders can still have access to these accounts.
Dx.Exchange’s security concerns don’t stop there, the trader also said that the token data of employee accounts on the Dx.Exchange platform was also accessible. If a hacker is able to gain access to an employee's administrative account, disaster will ensue.
expressexpressThese bugs will be corrected and updated to patch vulnerabilities.
In addition to the security issues exposed this time, Dx.Exchange has also been questioned by industry insiders about its legal compliance. according toCNBC reports, Dan Doney, co-founder of Securrency, expressed uncertainty and even doubts about Dx.Exchange's approach,Because without the consent of the shareholders of these listed companies, it is not feasible to list the tokenized stocks of these companies on their own platforms. However, Dan Doney also said that if the model can be implemented properly, it can meet regulatory standards。
Applying blockchain technology to stocks and tokenizing stocks is SharesPost, a registered broker-dealer in the United States, which has partnered with Blockchain CapitalIssued BCAP stock tokenssecondary title
Main references:
Hot new trading site leaked oodles of user data, including login tokens
Apple and Tesla shares on the blockchain could be the next big thing in crypto
Dx.Exchange Has Serious Security Weaknesses that Could be Easily Criminalized
Next week, you can use coins to buy Apple's token stock
JSON Web Token Getting Started Tutorial
I am Qi Ming from Odaily, I explore the real blockchain, and I like to chat with various gods every day. For project communication and breaking news, please add WeChat qingmoruoshui, please note your name, company, and position. For reprinting/content cooperation/reporting, please contact report@odaily.com; illegal reprinting must be punished by law.
