Iranian crypto exchange exposes KYC data of 230,000 users, investigation reveals


Iranian crypto exchange exposes KYC data of 230,000 users, investigation reveals

Iranian crypto trading platform has apparently inadvertently exposed the sensitive data of nearly 230,000 users, according to recent research.

According to an investigation conducted by Cybernews, the Iranian crypto exchange misconfigured a high-performance object storage system instance, inadvertently granting access to cloud storage containers containing the platform’s Know Your Customer (KYC) data.

The researchers learned that approximately 230,000 Iranian citizens have fallen victim to a misconfiguration, which led to the exposure of their written consent to regulations, along with sensitive details such as passports, IDs, and credit cards. In a commentary to Cybernews, a spokesperson for called the claims “inaccurate and misleading,” emphasizing that there is no evidence of a data breach or unauthorized access to sensitive user information.

You might also like: Israel seized crypto worth millions of dollars from accounts linked to Iran and Hezbollah

“The reference to a misconfigured MinIO instance granting access to S3 buckets containing KYC data is wholly untrue and does not align with our system architecture or security protocols. We can confirm that our MinIO setup and cloud storage containers remain secure, and there has been no unauthorized access to any sensitive user data.”

Hossein Amini, a security engineer at

Although Amini reassured that user data is safe and secure, Cybernews encouraged concerned users to reach out to the platform’s support regarding the matter.

As earlier reported,, along with other Iranian crypto exchanges like, Excoino, and Aban Tether, accounted for 12% of all funds, both domestic and international, that flowed to Iranian exchanges in 2022. Based on the TRM Labs report, approximately 90.3% of counterparty funds sent to Iranian exchanges originated from external exchanges, 4.9% from smart contracts, and 4% via unhosted wallets.


Leave A Reply

Your email address will not be published.