CoinDesk fixes a CMS leak that may have been used for crypto insider trading

Please fol­low and like us:
Pin Share

Coin­Desk has fixed an exploit that allowed any­one to view unpub­lished head­lines, cre­ate drafts, and edit arti­cles on the web­site. In a post on its site, Coin­Desk says the vul­ner­a­bil­i­ty could’ve let “uniden­ti­fied actors” view non-pub­lic infor­ma­tion, allow­ing them to make trad­ing deci­sions they could prof­it from.

“The exploit, which was brought to CoinDesk’s atten­tion by a white-hat hack­er, may have allowed uniden­ti­fied actors to prof­it from non­pub­lic infor­ma­tion by mak­ing trades ahead of the pub­li­ca­tion of at least one arti­cle,” Kevin Worth, CoinDesk’s chief con­tent offi­cer writes in the post. “The issue is now fixed and added safe­guards have been put in place.”

While Coin­Desk says the secu­ri­ty hole just exposed unpub­lished head­lines, the Twit­ter user who ini­tial­ly brought the exploit to CoinDesk’s atten­tion illus­trates how the issue goes much deep­er than that. Bad actors found a way to manip­u­late the appli­ca­tion pro­gram­ming inter­face (API) that Coin­Desk uses to pub­lish con­tent. When­ev­er the API received a bad request, it would return an error stack (or a long error mes­sage), which essen­tial­ly con­tained the means for some­one to access CoinDesk’s back­end pub­lish­ing sys­tem. As a result, users had the abil­i­ty to make changes to exist­ing arti­cles, add fake drafts, and, of course, get an ear­ly look at the infor­ma­tion that could give them a trad­ing advantage.

This type of insid­er trad­ing isn’t unheard of — in the past, hack­ers have tapped into newswire sites like Busi­ness­Wire, gain­ing ear­ly access to press releas­es and oth­er infor­ma­tion that has the pow­er to tip the stock market.

Law enforcement’s response to insid­er trad­ing in the world of cryp­to has been mixed. Last year, the US Com­mod­i­ty Futures Trad­ing Com­mis­sion opened an inves­ti­ga­tion into cryp­tocur­ren­cy exchange Binance over pos­si­ble insid­er trad­ing and mar­ket manip­u­la­tion. Around the same time, Nate Chas­tain, the for­mer prod­uct chief at NFT mar­ket­place OpenSea, was also accused of using inside infor­ma­tion to buy and sell NFTs, but no legal action has been tak­en. As reg­u­la­tors in the US work to clar­i­fy the laws sur­round­ing cryp­tocur­ren­cy, insid­er trad­ing may become less of a gray area.



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *