An anonymous user claims he has found a vulnerability in the crypto exchange code. The bug allegedly allowed to duplicate fiat money on the exchange accounts.

The user shared his finding with The Merkle. According to the report, first, he placed a currency purchase bid for bitcoins. When the transaction was half through, he cancelled it hoping for a better exchange rate. This is a common thing among the exchange users, the publication notes.

However, after the user aborted the transaction and refreshed his account page, he saw that his balance in fiat currency doubled, despite the cancellation. Moreover, the user bought bitcoins with this money and managed to withdraw the funds obtained due to the mistake to his wallet account.

To withdraw funds from BTC-e no ID is required, therefore, even if the exchange detects the mistake later, the company would hardly manage to track the user and return lost funds.

The Merkle has informed BTC-e of the case. At the press time, BTC-e has not provided any official comments regarding the duplication of user assets.

BTC-e is the largest Russian-language bitcoin exchange. From the beginning of the year, its main website has been blocked for users from Russia. But the platform has launched mirror sites available for clients with Russian IPs. In early August, BTC-e celebrated its fifth anniversary.

Elena Platonova