NCX crypto trading platform exposes over five million user records in unprotected database

A massive data leak has exposed millions of sensitive records belonging to users of NCX, a global cryptocurrency trading platform that touts itself as “secure, fast, and transparent.” The unprotected MongoDB database, discovered by the Cybernews research team, contained over five million records, including two-factor authentication codes, hashed passwords, wallet addresses, and links to identity verification documents. Researchers say the data has been accessible online for months.

The exposed dataset, more than 1GB in size, revealed a trove of information that could be exploited for identity theft, account takeovers, or crypto wallet breaches. According to Cybernews, the leaked details include full names, usernames, email addresses, dates of birth, KYC document links, internal API keys, IP addresses, secret keys, wallet addresses, and transaction histories. It also contained admin support logs and Help Center communications.

“NCX claims to offer secure, fast, and transparent crypto trading services. However, this leak casts serious doubt on those claims, especially regarding user privacy and operational security,” the research team said.

Cybernews attributed the issue to an unsecured MongoDB instance left open without authentication, a common but serious misconfiguration often caused by human error. The researchers found the data organized into eight collections, with the largest containing over two million records. Three smaller collections, each exceeding 170,000 records, likely corresponded to user wallet, address, and airdrop data—suggesting the leak may have affected the platform’s active users.

Records in all collections appeared to be up to date, indicating that the system was still being actively used while exposed. The researchers immediately notified NCX about the discovery but received no response despite multiple attempts to contact the company.

Cybernews advised the platform to take immediate action, including taking the database offline or restricting access, enforcing authentication and encryption, rotating exposed 2FA keys, and notifying affected users and regulators. The team also recommended that NCX conduct a full forensic audit and migrate to a secure, cloud-managed solution with access controls.

Until the database is secured, users are urged to take precautionary measures. “Users should be aware that their private data, including KYC documents such as copies of IDs, have been exposed,” the researchers warned. “They should exercise caution regarding any communications about crypto or investments and consider enrolling in a credit monitoring service to detect possible identity theft.” As of publication, NCX has not issued a public statement regarding the exposure or whether it has taken steps to secure the compromised data.