Russian Cybercriminals Allegedly Obtain Passport Data of Bittrex Users

It seems there are a lot more concerns for Bittrex users than just reduced withdrawal limits or lengthy verification times. According to a Russian Telegram group, someone has obtained passport data and other sensitive user information from the exchange. It seems this leak was the result of how Bittrex handles the user verification process. Assuming there is any truth to these allegations, things are not looking great for this particular company.

Bittrex User Data Possibly Exposed

There are many pitfalls when dealing with centralized Bitcoin and cryptocurrency exchanges. Although it’s understandable these companies have to perform thorough KYC and AML verification, it also means customers expose sensitive personal information to third parties. While most people don’t give this a second thought, it can have major consequences. Personal information is of great value to cybercriminals these days, and cryptocurrency exchanges are prime targets in this regard.

One also has to keep in mind these exchanges may (accidentally) leak sensitive user information. That’s because handling the influx of new users and verifying everyone manually is a tedious process. As the information flow grows larger, there are more risks for users of these platforms. It only takes one mistake to expose personal details to the wrong individuals. Once one’s information is exposed to cybercriminals, things can get very ugly very quickly. It seems that a few Bittrex users may find that out the hard way in the very near future.

More specifically, a Russian Telegram channel – click at your own risk – claims it has obtained leaked passports, data, and other sensitive information from Bittrex users. Some sources claim the “back office process” employed by Bittrex allowed this data to be exposed. More specifically, users are required to manually send their passport details to the exchange, which are then manually verified by the site’s support team. It is far from an ideal process, mind you, and one that needs to be automated as quickly as possible.

One downside to automating this process, however, is that it would result in sharing customers’ details with even more parties. That is far from secure, mind you, but it may be an option worth exploring for the Bittrex team. Here is Bittrex’s statement regarding the incident:

“Bittrex takes user privacy very seriously. We quickly moved to address this isolated incident in which a small handful of user documents were inadvertently merged together into one support ticket. Bittrex took steps to ensure that the erroneous documents were removed from being viewable within the support site, and we plan to reach out to the affected users and offer to pay for identity theft protection for 2 years.”

This news comes on the heels of other issues affecting the Bittrex exchange as of late. Users have been complaining about accounts being locked, withdrawal delays, and other problems. Cryptocurrency exchanges remain prime targets for criminals; that much is evident.