Although bitcoin exchanges are doing what they can to ensure customer data and funds are being kept safe at all times, the same cannot be said for the way they communicate. Emails sent by Bitstamp are not subject to encryption, neither by the exchange owners themselves nor when the email is in transit. Kraken, on the other hand, uses GPG to encrypt all of their email communication. Is this is a situation Bitcoin exchanges will need to address in the future?
Encryption is Important, Bitstamp!
Every time someone receives an email from Bitstamp, the information contained in this message is not encrypted. While this may not be much of an issue for confirmations regarding deposits, it could prove to be a major problem when withdrawing funds from the Bitcoin exchange.
Similar to how most exchange platform in the world, users who withdraw funds will receive a confirmation via email regarding this action. Bitstamp asks users to click a particular link to confirm withdrawal requests. And having this information unencrypted could allow hackers to gain more information about the account holder’s balance and Bitcoin address on Bitstamp. Not the kind of information users wants out in the open.
But there is an even bigger worry regarding this scenario, as this also means password reset emails aren’t encrypted by Bitstamp either. This would allow hackers to use a man-in-the-middle attack and intercept the email. Or if they prefer to do so, they could send fake emails to the account holder redirecting them to an entirely different site in hopes of obtaining account information.
None of these scenarios might take place in the near future, but Bitcoin exchanges will need to step up their communication encryption game sooner rather than later. Not encrypting the information related to one’s account is not acceptable in this day and age, and should be resolved quickly.
Not setting up encryption for emails on behalf of Bitstamp is a threat when sending documents to the company as well. Submitting a scan of an ID or utility bill to the company will have to be unencrypted as well, allowing assailants to intercept this data without spending much effort to see the information contained in the message or its attachments.
Encryption is Important, Bitstamp!
Every time someone receives an email from Bitstamp, the information contained in this message is not encrypted. While this may not be much of an issue for confirmations regarding deposits, it could prove to be a major problem when withdrawing funds from the Bitcoin exchange.
Similar to how most exchange platform in the world, users who withdraw funds will receive a confirmation via email regarding this action. Bitstamp asks users to click a particular link to confirm withdrawal requests. And having this information unencrypted could allow hackers to gain more information about the account holder’s balance and Bitcoin address on Bitstamp. Not the kind of information users wants out in the open.
But there is an even bigger worry regarding this scenario, as this also means password reset emails aren’t encrypted by Bitstamp either. This would allow hackers to use a man-in-the-middle attack and intercept the email. Or if they prefer to do so, they could send fake emails to the account holder redirecting them to an entirely different site in hopes of obtaining account information.
None of these scenarios might take place in the near future, but Bitcoin exchanges will need to step up their communication encryption game sooner rather than later. Not encrypting the information related to one’s account is not acceptable in this day and age, and should be resolved quickly.
Not setting up encryption for emails on behalf of Bitstamp is a threat when sending documents to the company as well. Submitting a scan of an ID or utility bill to the company will have to be unencrypted as well, allowing assailants to intercept this data without spending much effort to see the information contained in the message or its attachments.