CoinPayEx: 1.6 GB user data of crypto trading exchange exposed

On Tuesday, a huge database of around 195,000 users of crypto trading exchange CoinPayEx surfaced on Zer0day Lab's Telegram channel.

hidden person
Bildquelle: Tom Sodoge, thx!

We were pointed by a reader to a rather large database of the portal CoinPayEx, which the Zer0DayLab crew offers for public download on their file server.

CoinPayEx: Hack or lack of security measures?

Online portals for trading cryptocurrencies are extremely interesting for cybercriminals. If they actually succeed in penetrating deep enough into the system, the digital assets (wallets) of the users are tempting. Such hacks have worked more often in the past. Often, the hackers managed to transfer large sums to their own wallets before their crime was discovered.

What exactly happened at coinpayex.ltd was unfortunately not disclosed by the distributors of the illegal database. We have contacted them on Twitter and are still waiting for an answer.

Zer0Day Lab Telegram

Screenshot of the Telegram channel Zer0Day Lab.

Currently no new registration possible

Apparently, the operators of CoinPayEx have already noticed that something is not right on their web servers. At the moment, it is no longer possible to register as a new user on this crypto trading exchange. In the absence of the possibility to become a new customer, one does not receive 1,000 CPE coins as a gift after opening an account.

Unfortunately, it is extremely complicated to contact the creators of this online project. Even at second glance, there was no website on the internet that could have been used to contact them. Yesterday we sent a warning e-mail to all available e-mail addresses of the management. One of the addresses is even invalid. We received a reply from the Demon mailer a few minutes later.

We asked CoinPayEx for a statement in our message. It would be exciting, for example, to clarify how the unknown persons were able to get hold of 1.6 GB of their customer data. Customers have the option to open their own wallets there, the details of which are also said to be in the database. Now, 24 hours later, we still have no answer.

coinpayex registrierung

Screenshot of https://coinpayex.ltd – registration for new customers is taking forever.

What can cybercriminals do with this?

Assuming CoinPayEx has already blocked access to the wallets, financially speaking, not much. We do not know whether this is the case. But the data set contains further internal information on crypto trading. The information of the 194.205 users is apparently all unencrypted in the data set, as someone who took a quick look at it told us.

If people use passwords more than once, criminals could log in to other online services with the login data. But that is by far not all. The huge list of emails would certainly also be very welcome by phishers, to name just one example.

Tarnkappe.info

Lars Sobiraj fing im Jahr 2000 an, als Quereinsteiger für verschiedene Computerzeitschriften tätig zu sein. 2006 kamen neben gulli.com noch zahlreiche andere Online-Magazine dazu. Er ist der Gründer von Tarnkappe.info. Außerdem bringt Ghandy, wie er sich in der Szene nennt, seit 2014 an verschiedenen Hochschulen und Fortbildungseinrichtungen den Teilnehmern bei, wie das Internet funktioniert.