In a recent security update, an unprotected MongoDB database belonging to crypto trading platform NCX has been discovered by the Cybernews research team. The unprotected database leaks massive amounts of sensitive information, which has been reportedly accessible for months.
2025 witnessed a series of data leaks that impacted the cryptocurrency industry, exposing sensitive information and shaking customer trust. These incidents highlight how attackers exploit weak links to perpetrate their atrocities.
The largest single incident reported this year was ByBit’s $1.5B hack in February 2025. The attack relied on exploiting compromised IT personnel or leveraging breached credentials or other sensitive data.
A more recent event is the NCX crypto trading platform data leak, showcasing several data collections that, when combined, reveal over five million records.
NCX Crypto Trading Platform Exposes Millions of Sensitive Data
NCX, a CEx/DEx crypto exchange and trading platform, has accidentally leaked users’ records, raising the risk of cyber attacks.
As reported by the research team on Tuesday, October 28, 2025, NCX revealed millions of users’ records, ranging from two-factor authentication codes and hashed passwords to wallet addresses. Worse still, this sensitive data has been accessible online for months.
These data leaks undermine NCX’s commitment to user privacy and operational security, and may affect customers’ trust in the crypto trading platform.
NCX uses MongoDB to handle its data. However, the platform seemed to have accidentally left the database unprotected, possibly due to human error.
According to the team,
NCX claims to offer secure, fast, and transparent crypto trading services. However, this leak casts serious doubt on those claims, especially regarding user privacy and operational security.
What are the leaked NCX data?
The team revealed that over 1 gigabyte of NCX users’ data was leaked worldwide. The leaked data includes several sensitive information that could be exploited for criminal purposes. The leaked NCX data includes:
- Full names, usernames, and dates of birth
- Email addresses
- Links to user-uploaded identity documents (KYC)
- Two-factor authentication (TFA) codes and URLs
- Internal API keys
- IP addresses
- Hashed passwords
- Profile photo URLs
- Secret keys (obfuscated or encoded)
- Wallet addresses and related blockchain transaction info
- Deposit/withdrawal history, currency types, block statuses
- Admin support logs and Help Center communications
According to the team,
This leak exposes NCX users to multiple threat vectors, including identity theft, account takeovers, and crypto wallet exploitation. The presence of KYC documents and internal keys points to a critical infrastructure security failure.
The research team noted that the exposed data appear to be up to date, indicating the validity of the data. Immediately after discovering the leak, NCX was contacted to disclose the issue. However, the trading platform did not respond to the reachout.
NCX users are urged to employ extra caution regarding any communications about crypto or investment.
The research team explained that,
Users should be aware that their private data, including KYC documents, such as copies of IDs, has been exposed. Therefore, they should employ extra caution regarding any communications about crypto or investments, and potentially sign up for a credit monitoring service to help detect some forms of identity theft.
