Default featured image

Bitfinex Cache Issue Leaks Non-Identifying User Information

Avatar Jayanand Sagar 5 years ago

Cryptocurrency trading platform Bitfinex experienced an embarrassing issue last night/earlier today that leaked non-identifying user information to other clients using the platform.

User reports indicate that upon viewing the order book, another user’s account may have been listen in addition to their balances. You can view a thread discussing this very issue on here.

That thread reads [in part]:

[blockquote style=”2″]Just a heads up, there doesn’t seem to be any immediate threat of stolen coins, but if you log in to BFX and click on the orderbook you may see someone else’s account listed with their balances. It goes away if you navigate to any other tab. Still really bad of BFX to let this happen.[/blockquote]

But before you panic, there hasn’t been a compromise of any sort, according to Bitfinex.

“The problem stems from Incapsula’s (anti-DDOS service) caching of dynamic pages, which it shouldn’t be doing,” a company spokesperson told me Monday morning. “This appears to be happening intermittently and not in all geographic areas.”

Bitfinex Homepage Screenshot

Bitfinex, in response, has disabled Incapsula’s services, which should immediately remedy the situation for users affected. Bitfinex says they are waiting to here what Incapsula has to say about the issue, and how it will be fixed permanently.

The spokesperson adds, “While this issue may have leaked some info regarding other users, no identifying information was leaked aside from username and, at no time was there a security threat that would potentially allow anyone to interact with someone else’s account.”

Tags: BitStarz Player Lands $2,459,124 Record Win! Could you be next big winner?

Instant loans by local bank transfer using your crypto as collateral without selling it. Earn up to 8% interest per year on your Stablecoins & EUR.


Kucoin is the most trusted crypto exchange with 200 tokens.

Show comments