A cryptocurrency wallet service provider serving more than 2 million users worldwide and managing about $3 billion worth of Bitcoin was found to contain API vulnerabilities tied to how external authentication logins were implemented.
The bugs are fixed, but the discovery illustrates the high stakes involved in implementing APIs securely, researchers say — and the difficulties in doing so.
According to a report shared with Dark Reading from Salt Labs, the research division of Salt Security, a series of vulnerabilities (CVEs were not assigned) could have allowed actors take over a large portion of a user’s account in the system.
