A major data exposure incident has shaken the cryptocurrency sector after a misconfigured database linked to the NCX crypto trading platform was found leaking millions of sensitive user records. The exposed dataset, discovered by independent cybersecurity researchers, revealed full names, hashed passwords, wallet addresses, two-factor authentication codes, and internal administrative logs — leaving users vulnerable to identity theft and account takeovers.
Massive Unsecured Database Contained Sensitive Trading Data
The exposed MongoDB database, containing more than five million records, was discovered accessible without any form of authentication. The researchers found multiple unprotected data collections tied to NCX, suggesting that the exchange’s internal infrastructure had been left open to the internet for an extended period.
According to the analysis, the database contained roughly 1GB of sensitive information belonging to users around the world, including private financial and identity-related data.
The leaked data included:
- Full names, usernames, and dates of birth
- Email addresses and linked KYC (Know Your Customer) documents
- Two-factor authentication (2FA) codes and recovery URLs
- Internal API and secret keys (some obfuscated)
- Wallet addresses, transaction IDs, and deposit/withdrawal history
- Hashed passwords and IP addresses
- Admin logs and Help Center communication records
Researchers noted that the data was stored across eight separate collections, the largest holding over two million entries. Even the smallest sets contained more than 170,000 records, many of which referenced user wallets and blockchain transactions. The data appeared to be active and updated regularly, suggesting that it originated from NCX’s live environment.
“This leak exposes NCX users to multiple threat vectors, including identity theft, account takeovers, and crypto wallet exploitation,” the research team warned. “The presence of KYC documents and internal keys points to a critical infrastructure security failure.”
Potential Attack Vectors and Security Implications
Experts believe the exposure resulted from human error — specifically, a MongoDB instance deployed without authentication controls or network restrictions. Such misconfigurations are a recurring issue across cloud-hosted infrastructures, where administrative oversight often leaves open access to highly sensitive data.
Given the types of data involved, cybercriminals could exploit this breach in multiple ways:
- Using exposed 2FA codes and API keys to hijack trading accounts.
- Leveraging KYC documents to conduct identity fraud or SIM swap attacks.
- Analyzing blockchain addresses to trace and target high-value wallets.
- Using email and support logs for phishing or social engineering campaigns.
The exposure also raises concerns about regulatory noncompliance, particularly regarding financial data protection standards such as GDPR and anti-money laundering (AML) mandates.
Response and Recommended Security Actions
Following discovery, the researchers immediately notified NCX about the exposed database through responsible disclosure channels. However, no official response or mitigation action was reported despite multiple outreach attempts. The database remained publicly accessible for months, worsening potential fallout for affected users.
To mitigate further damage, the researchers recommended urgent steps including:
- Taking the database offline and restricting access via firewall.
- Implementing credential-based access and encryption for all stored data.
- Rotating all exposed 2FA keys and invalidating URLs tied to user sessions.
- Conducting a full forensic audit to identify unauthorized access or data misuse.
- Notifying all affected users and relevant financial regulators.
“Users should be aware that their private data, including KYC documents and wallet information, have been exposed,” the researchers advised. “They should remain alert to unsolicited investment messages and consider credit monitoring to detect potential misuse.”
Broader Lessons for the Cryptocurrency Industry
The NCX leak highlights a systemic issue within the digital asset ecosystem — inadequate security practices around user data and authentication mechanisms. Cryptocurrency exchanges, often processing billions in transactions, remain prime targets for attackers seeking financial gain or insider access through exposed infrastructure.
As the breach continues to unfold, experts emphasize the need for crypto firms to adopt stronger zero-trust security models, routine cloud configuration audits, and encryption-in-transit policies to safeguard user assets.
