Data Breach Reported at Iranian Crypto Platform Bit24.cash

The Iranian over-the-counter cryptocurrency platform Bit24.cash has potentially compromised confidential client data, according to Cybernews.

Journalists from the publication discovered a misconfigured instance of MinIO object storage, which provides access to the cloud containing users’ KYC data.

As an example, they presented a photograph of one client, showing their written agreement to the terms, credit card, and identity document.

Although the instance later disappeared from open access, the potential compromise could have affected around 230,000 Iranian citizens using Bit24.cash.

Researchers described the breach as critical, warning that the personal data obtained could be used by malicious actors for theft and further attacks.

Bit24.cash security engineer Hossein Amini called the publication’s conclusions “inaccurate and misleading.” He noted that the platform’s team found no evidence of an information leak.

“We can confirm that our MinIO setup and cloud storage containers remain secure, and there has been no unauthorized access to any confidential user data,” Amini stated.

The publication recommended that users contact Bit24.cash support.

Earlier, ForkLog reported that restructuring agent Kroll disclosed details of a data breach involving FTX clients.