Over the past few days, news of a KYC breach at Digitex has been emerging. Some media outlets decided to run with the story, most without having all the facts at hand. This is an extremely difficult situation for everyone to deal with and we are deeply distressed over the impact that it is causing those who have had (or are concerned about having) their data revealed. Let’s discuss what we know and what steps are being taken.
An Internal Security Breach Not a Hack
As Adam mentioned in a previous podcast, we were aware of a major data breach earlier last month. We were also aware of the perpetrator as we had 100% proof from a login trail and export from our KYC provider as well as proof from Facebook. Adam stated that no sensitive data had been taken, only emails. This, unlike reported by some media, is the truth.
At that point, we were only aware of the email data that had been taken. With the second breach, however, it is our great regret to say that sensitive data was compromised. We have not yet been able to verify the amount of user data taken and if it was, in fact, as many as 8,000 Digitex users. This data is kept in a different system. We do not hold it at Digitex, it is held with a third-party provider to which Adam and one other person had access.
We apologize profusely for this security flaw. It was a gross oversight and lapse of judgment. Again, it was not a hack but orchestrated by the same person as the previous leak. We are crushed by the incident and have come to the realization that we need an extensive overhaul of our security practices.
After much thought, we are in discussion with the developers to turn over the management of our in-house cybersecurity and access to portals, social media sites, panels, etc. to them from now on. They hold an unblemished reputation as cybersecurity experts and they will be able to advise us on best practices moving forward.
Please be advised that the developers are still currently reviewing everything now to ensure that they are able to curtail the situation. It may take some time before they are fully aware of the extent of the breach and as such, cannot currently guarantee safety as they have only just started the investigation from the KYC side.
So far, we are aware that four documents have been leaked. We are unable to guarantee that more documents will not be leaked since we are unwilling to engage in the demands of a bad actor.
What Are We Doing?
We have sought counsel with several legal professionals. Due to the nature of our company, it is difficult to know which channels to turn to when it comes to reporting a breach or pressing charges. We are still working on this. Digitex Futures is a Seychelles company and there is no mandatory breach notification procedure in Seychelles. We are still working on how to best report the crime as well since it appears that we need to report the case to the Seychelles local police so that they may take up the matter with INTERPOL international internet crimes bureau. We will keep you updated on the steps that we take.
The developers have blocked all admin access to the portal (including Adam’s) which was compromised and they are investigating all logs. We will have full confirmation about who still had access in due course as all portals and access are tightened up as well.
In the meantime, we strongly advise anyone affected by the breach to take all necessary steps to secure themselves, this includes changing their passwords and being extremely aware of the possibility of phishing attacks. We also offer our sincerest apologies and regret over this.
Adam is mortified over the event and has these words for the community, “I’m deeply sorry about what happened. We’re taking steps now to make sure this can never happen again. To me, it’s just another reminder of the high cost of KYC and the extra risks it creates for us and our users as it has opened up an attack vector.”
We are therefore also investigating the possibility of removing the need for KYC on our exchange entirely. Such a decision needs to be scrutinized from every angle. However, we believe that this move would not only free up Digitex in terms of cost and obligations but it would also encourage more users and allow us to grow faster.
In the meantime, we will continue to advance to the mainnet. You will have noticed that we have dropped some new interface designs and that the product is looking more solid and robust every day. You can still expect new updates every week and so much to look forward to as we progress to the launch. Thank you for your continued support.