Bitcoin Forum>Economy>Marketplace>Service Discussion>Exchanges
Author

Topic: How an exchange can be trusted if it has security flaws by design? [Liqui.io] (Read 170 times)

DomainMagnate
hero member
Activity: 602
Merit: 500
How an exchange can be trusted if it has security flaws by design? [Liqui.io]
March 04, 2017, 05:46:06 PM
#3
Quote from: sachinov on March 04, 2017, 12:54:07 PM
I see security as #1 reason for marking exchanges as trusted in the world of cryptos.

The thing is that you don't really own your coins if you don't have your private key, such scenario happens in all of the exchanges - and the only way to sleep well at night - is the reputation and the security design of the exchanges.

I used liqui for several times until I realized that if they have bad security by design - it may reflect on other things in their company - and I'm not willing to take that chance.

Some things that I found:

- 2FA, can be enables \ disabled from the settings without the need for any email confirmations.
- If 2FA is enabled, it can be disabled without asking for current 2FA token
- Change password is sent to email as reset password ?? (wtf) without the need to reconfirm current password

I didn't want to look deeper than that, but I believe that they have more bad / wrong scenarios in their code.

Why do people continue using them? Why don't they fix that?
These indeed are serious issues and should be fixed on priority basis.Have you informed Liqui staff of this?There is their official thread here https://bitcointalksearch.org/topic/exchange-liqui-trade-and-earn-24-apr-on-btc-eth-1557900 you can bring these issu to their notice by posting it in that thread.
ahmedjamal1998
hero member
Activity: 728
Merit: 537
Re: How an exchange can be trusted if it has security flaws by design? [Liqui.io]
March 04, 2017, 01:09:17 PM
#2
I basically have the habit of not leaving money in any exchange because of what I heard about all the exchanges that run away with the coins.

Quote from: sachinov on March 04, 2017, 12:54:07 PM
- and I'm not willing to take that chance.

Who said that you have to ?
If you don't trust a service for any reason even if it's simple, leave it !

Quote from: sachinov on March 04, 2017, 12:54:07 PM
- 2FA, can be enables \ disabled from the settings without the need for any email confirmations.

Wait what ?!
I have no idea how big or popular this exchange is but someone must have noticed and reported that (right?).

Quote from: sachinov on March 04, 2017, 12:54:07 PM
Why do people continue using them?

I guess because they don't realise what could happen.

Quote from: sachinov on March 04, 2017, 12:54:07 PM
Why don't they fix that?

We will never know Cheesy
sachinov
newbie
Activity: 11
Merit: 0
Re: How an exchange can be trusted if it has security flaws by design? [Liqui.io]
March 04, 2017, 12:54:07 PM
#1
I see security as #1 reason for marking exchanges as trusted in the world of cryptos.

The thing is that you don't really own your coins if you don't have your private key, such scenario happens in all of the exchanges - and the only way to sleep well at night - is the reputation and the security design of the exchanges.

I used liqui for several times until I realized that if they have bad security by design - it may reflect on other things in their company - and I'm not willing to take that chance.

Some things that I found:

- 2FA, can be enables \ disabled from the settings without the need for any email confirmations.
- If 2FA is enabled, it can be disabled without asking for current 2FA token
- Change password is sent to email as reset password ?? (wtf) without the need to reconfirm current password

I didn't want to look deeper than that, but I believe that they have more bad / wrong scenarios in their code.

Why do people continue using them? Why don't they fix that?
Bitcoin Forum>Economy>Marketplace>Service Discussion>Exchanges
Jump to: