Exchange QuickBit Confirms Data Breach May Impact 300K Users

The crypto exchange left a database open on the internet and leaked data for up to 300,000 users.

AccessTimeIconJul 22, 2019 at 11:30 a.m. UTC
Updated Sep 13, 2021 at 11:13 a.m. UTC

QuickBit, a Swedish cryptocurrency exchange listed on the NGM Nordic MTF market, allegedly leaked 300,000 customer records via an unprotected MongoDB database. The exchange confirmed the event in a series of updates on their investor relations board.

The leak, detailed by security researcher Paul Bischoff, first came to light after security aggregator Shodan noted the existence of the open database. QuickBit said that an outside contractor left the data unprotected while attempting a security upgrade.

A translated excerpt from their report:

QuickBit has recently adopted a third-party system for supplementary security screening of customers. In connection with the delivery of this system, it has been on a server that has been visible outside QuickBits firewall for a few days, and thus accessible to the person who has the right tools.

During the delivery period, a database has been exposed with information about name, address, e-mail address and truncated (not complete) card information for approximately 2% of QuickBit's customers.

Bischoff wrote that the QuickBit team pulled the database on or about July 3 after receiving notice that it was open. The records contained full names, addresses, email addresses, user gender, and dates of birth. QuickBit said it exposed no passwords or social security numbers and that no cryptocurrency keys leaked.

CoinDesk - Unknown

Image via Comparitech.

"In addition to those records, we also discovered 143 records with internal credentials, including merchants, secret keys, names, passwords, secret phrases, user IDs, and other information," wrote Bischoff.

The company went public on July 11 with a market cap of about $22 million. We reached out to QuickBit for further comment. "Data security is of utmost importance for QuickBit," they wrote. "We will publish a public version of the incident report on our website shortly."

QuickBit image via Twitter

Read more about


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Investing in the Future of the Digital Economy
October 18-19 | Spring Studio, NYC