In this blog we do not try to hurt the reputation of any companies or falsely accuse them, but this issue has to be brought to light before CoinMX becomes the next MtGox and causes another crash in Bitcoin.
What is CoinMX
CoinMX is a site that allows you to instantly buy and sell Bitcoins using your credit card. It is similar to coinbase and virwox in that it allows you to instantly purchase Bitcoins. It also has an affiliate program if you want to make some extra cash by referring your friends.
What happened?
A picture is worth 1000 words, so take a look for yourself (taken form reddit):
Let us take our focus away from the rude customer support and focus our attention on the real issue here – security. The representative blocked a user’s account without verifying ANY information. The problem with that is now any person can ask a representative to lock a certain account by only providing an email address. If you are currently using CoinMX I suggest you withdraw your funds immediately and stop using them. If someone with the wrong intent gains access to your email address he will be able to block your account and any pending orders you might have will be disabled. Besides, Bitcoin is rising like crazy right now so it would not be in the best of your interests to sell. The flaw here is the support center, CoinMX is using a third party as their customer support and a poorly paid representative will not care about your account or the company’s reputation.
Here is a word from CoinMX after what happened, the following response is quoted from reddit:
We can assure you that our security features and support are our top priority.
We are an association and are governed by our own members, so negligence like GOX will never happen.
We appreciate your comments and for this specific scenario we are looking into the situation as we do have mechanisms put in place to protect a users account from being disabled if they have open trades or are using our API.
We will update the thread once we research throughly into the users account and discuss with our technical team to see if our systems failed protecting against this situation.
The support staff is usually notified by a pop up window stating “Disable Rejected! Please make sure the member closes all orders prior to disabling their account” or ” Disable Rejected! Please make sure the user deactivates their API prior to disabling their account”
Thank you for your comments.
They mentioned that they will update the thread once they research thoroughly (they misspelled it) into the user’s account and discuss with their technical team. That is a meaningless statement that will not result in any action, instead what they should have done is said that they will implement higher security verification processes before representatives can take action on accounts. Remember the Ebay hack which happened a couple weeks ago and resulted in the second largest database hack in history. The vulnerability in that hacking attack were the Ebay representatives. Their login credentials were stolen or compromised and hackers were able to gain access to the servers. This is a similar situation where once again the representatives are the weak link in the company. Since it is such a repetitive issue other startups that are looking at creating customer support should take into consideration any security flaws that the CS department might create.
Here is another reply on the reddit thread form CoinMX this one is referring to Ashley, the representative who was featured on reddit:
We will speak with her. We understand your frustrations but we have systems in place so harm cannot be done on anyones account. Our back end system for support is full proof. We are researching this specific scenario as we have systems in place to protect against this.
One sentence does not make sense: “we have systems in place so harm cannot be done on anyones account.” That is clearly not true because we saw a great example how simply giving the customer support an account’s email can lead to the account being blocked. We also see further spelling mistakes in their responses, this time they spelled foolproof wrong.
Given the fact of how flawed CoinMX’s security system is for such a big exchange we clearly see that CoinMX’s interest is not about their customer but about their profits. Hiring cheap customer service call centers might increase the profit margin but it does not take in prespective the customer’s security and their funds. I advise you to stay away from CoinMX there are plenty if similar services just like CoinMX who do not have such security flaws, check out Virwox and Coinbase if you are looking to buy Bitcoins with a credit card, paypal, or a bank account. If you liked this article follow us on twitter @themerklenews and don’t forget to subscribe to our newsletter.
No Responses