Nexo

Start Earning Up to 16% Interest Automatically

Learn More
Home » Business » The Curious Case of the “Digitex Leaker”

The Curious Case of the "Digitex Leaker"

by

Who's to blame in the latest data breach?

What is Digitex Futures Exchange

Share this article

One by one, identity cards and passports began flowing into a Telegram channel called “The Digileaker.” The anonymous individual posting the documents claimed to have “unrestricted” access to several thousand more records from the crypto project, Digitex

The reason? 

“I would I would like to see [Digitex’s] problem-solving abilities in identifying the issue,” said the individual in an email with Crypto Briefing.

The Rise of the Digitex Leaker

The slow leak that began on Feb. 28 quickly picked up steam in the crypto media space. 

Although unconfirmed at that time, initial reports indicated that the leaker had full access to all of Digitex’s KYC data and that they were also directly affiliated with the company. Commentators hinted at this affiliation due to a similar breach at the beginning of February. 

On Feb.10, a screenshot of various ETH addresses and their respective emails had been uploaded was posted on the company’s official Facebook page. Each identity was allegedly pulled from Digitex’s KYC portal.

In a Telegram conversation with the Digitex communications lead, Christina Comben, she explained that the culprit’s identity was “not 100% confirmed” at that time. 

Later, the team identified that the source of this particular leak was a disgruntled ex-employee. Comben told Crypto Briefing at that time that:

“It was all arranged by an ex-employee, I can’t say much more about this in terms of motives except that he was let go when it was discovered that he was working with a competing company (conflict of interest), since then he has tried to discredit Digitex and [the CEO, Adam Todd].”

She also explained how this former staff member had trusted access to multiple Digtex accounts, including the KYC portal. 

Last week, it appeared that the same ex-employee had struck again, leaking blurred images of identity cards and passports of various Digitex users. In an email exchange with the leaker, they denied having any relation to Digitex. “I was not tipped off, these findings were my own, and I did not receive help,” they wrote. Adding:

“Digitex has always blamed external people for issues that arise, and I found it strange, so after a little bit of work, I was able to access some of their systems and logins. “

They also explained that they would not reveal their identity other than that they were “not located far from Adam and his developer team [in] Moscow.” As to any clue when the leaks would stop, they responded:

“The leaks will continue for as long as Mr. Adam Todd continues to hide in silence and not be at all bothered by losing the data of his customers. He can have it end now with [five] people, or he can have it end with everyone, the choice is his.” 

The Digitex Leaker’s Demands

Yesterday, however, the Digitex team has confirmed that the leaker was indeed the original poster from earlier last month. They have enlisted the services of a third-party, SmartDec, to block all admin access to the KYC platform. The leaker also indicated in the Telegram channel on Monday that users “should be safe doing KYC now.”

This is not the first time that Digitex has tapped SmartDec. The company has also been helping build out Digitex’s exchange product.

In the post regarding the latest debacle, the Digitex team wrote that the culprit had made specific demands in exchange for a halt to the dissemination of user data. A spokesperson from Digitex said that these demands were not monetary, but could not comment further. 

They added further that “SmartDec is reviewing everything now. We have proof it was internal, I can’t say any more than that.”

Bug bounties are common in the crypto community, especially considering the nascence of many emerging technologies. Indeed, developers can turn a small profit moving from project to project and investigating their code. 

A common practice is then to inform the project of its vulnerability via recommended channels. When done in good faith, projects enjoy higher security standards, and the roving bounty hunter claims a prize for their efforts. 

Based on the evidence provided, it appears that a malicious agent held private data hostage in exchange for a reward. They were able to leverage this position via sensitive, internal access that may or may not have been available to an independent bounty hunter.

Unfortunately, neither Digitex nor the leaker has been willing to confirm or deny the above.

Share this article

The information on or accessed through this website is obtained from independent sources we believe to be accurate and reliable, but Decentral Media, Inc. makes no representation or warranty as to the timeliness, completeness, or accuracy of any information on or accessed through this website. Decentral Media, Inc. is not an investment advisor. We do not give personalized investment advice or other financial advice. The information on this website is subject to change without notice. Some or all of the information on this website may become outdated, or it may be or become incomplete or inaccurate. We may, but are not obligated to, update any outdated, incomplete, or inaccurate information.

Crypto Briefing may augment articles with AI-generated content created by Crypto Briefing’s own proprietary AI platform. We use AI as a tool to deliver fast, valuable and actionable information without losing the insight - and oversight - of experienced crypto natives. All AI augmented content is carefully reviewed, including for factural accuracy, by our editors and writers, and always draws from multiple primary and secondary sources when available to create our stories and articles.

You should never make an investment decision on an ICO, IEO, or other investment based on the information on this website, and you should never interpret or otherwise rely on any of the information on this website as investment advice. We strongly recommend that you consult a licensed investment advisor or other qualified financial professional if you are seeking investment advice on an ICO, IEO, or other investment. We do not accept compensation in any form for analyzing or reporting on any ICO, IEO, cryptocurrency, currency, tokenized sales, securities, or commodities.

See full terms and conditions.