C-CEX.com Trusted, Secure & Friendly Exchange Since 2013. 200+ Alts,USD,Low Fees

[Japan500]

Moй aккayнт пoдключили, вce paбoтaeт xopoшo, cпacибo пoддepжкe c-cex

[jhenfelipe]

I tried access to support in twitter and everyone can see it:

What I have to do ? Send again btc or not?

NO, not again. You shouldn't have sent any amount in the first place. Aside from being a shady action (asking for BTC), afaik, C-CEX is not replying in any tweets on twitter, they are just using the account for announcements. If ever you talked to someone from there saying that they are part of C-CEX, they are probably scammers taking advantage of the situation.

If the twitter username isn't @CryptoCurrEncyX , DON'T TRUST.

[LCpool]

if u are still missing BTC balance..this is the reason> unsynced BTC wallet ....without any explanation... and that is the most scare thing....any explanation...
https://c-cex.com/?id=ws

p.s. and its sadly that many coins that i 'like' can be ( or was) traded only on this exchange...

[swett]

нy тaк кaк вce жe aктивиpoвaть oпять дeaктивиpoвaнный кaбинeт?

[KroshFun]

I tried access to support in twitter and everyone can see it:

What I have to do ? Send again btc or not?

NO, not again. You shouldn't have sent any amount in the first place. Aside from being a shady action (asking for BTC), afaik, C-CEX is not replying in any tweets on twitter, they are just using the account for announcements. If ever you talked to someone from there saying that they are part of C-CEX, they are probably scammers taking advantage of the situation.

If the twitter username isn't @CryptoCurrEncyX , DON'T TRUST.

Thank you very much!
I will be smart in future 

Still can't access to my account

I think if support of c-cex works with user support scammers could  not do anything

[ArtyomVasenin]

Moй aкк (ArtyomVasenin) c 1гo oктябpя (yжe бoльшe двyx нeдeль) зaблoкиpoвaли.
Cpaзy жe нaпиcaл в тexничecкyю пoддepжкy. Oтвeтa нeт, кaк я пoяcнeний.

Этa биpжa, кoтopaя пoзициoниpyeт ceбя нaдeжнoй?!
Бaлaнc зaблoкиpoвaн, тopгoвaть нe мoгy + биpжa нe пoлyчaeт кoмиccию.

Увaжaeмaя кoмaндa C-Cex, пoмoгитe peшить пpoблeмy, пoжaлyйcтa.

[Ch1ter1]

Petition against fraud C-CEX https://www.change.org/p/together-we-can-stop-fraud-cryptocurrency-exchange-c-cex-com-steals-user-accounts-it-is-necessary-to-stop-fraud?recruiter=906921430&utm_source=share_petition&utm_medium=copylink&utm_campaign=share_petition

[ElPasso]

My Account is also deactivated and it is impossible to create a Support Tickets. Could I place reqeust here?

[ArtyomVasenin]

My account hasn't been activated yet.
Dear C-Cex support, please activate it.

I am a trader, I make your money!

Artyom Vasenin

[ArtyomVasenin]

Dear C-Cex,
The petition was signed too.

Planning to push it to our traders community.

ArtyomVasenin

[milewilda]

Dear C-Cex,
The petition was signed too.

Planning to push it to our traders community.

ArtyomVasenin

3 days since posted but still we do got this numbers.I'll spread this link for the petition.

[John37]

Why I have "User not found or account disabled" when would login ?!?

[chryophase]

Why I have "User not found or account disabled" when would login ?!?

HI, I also have account disabled, and every time I try to post a ticket to report it (trying for 2 weeks now), get the answer "Out support queue is full, try again later"...

Is there an CCEX support email address I can send my issue too? I have not been able to logon since April actually when I first found issue. I want to move some of my balances held on your exchange...

[RitchyRich]

Same f**** problem for almost 2month's!

[rubykim]

I CAN NOT ACCESS MY ACCOUNT

Dear C-cex,

“User not found or account disabled”. I can’t access my account.
Is there any problem with my account?

Please help me solving this problem.

Thanks!

[paully111]

I CAN NOT ACCESS MY ACCOUNT

Dear C-cex,

“User not found or account disabled”. I can’t access my account.
Is there any problem with my account?

Please help me solving this problem.

also, i try to get lost password and never get an email to change it.
my email is support@balancedhealthtoday.com

[zthomasz]

When is the next 3-month vacation?  

[Bitbobb]

criminal scam exchange.

[Saulich_Fedorovich]

Sorry c-cex, but you don't seems to care about bug reports tickets.

Normally, even when you go on coinexchange.io, it's hard to find something vulnerable.
But with c-cex, it's hard to find something protected on client side. For starting, everything is vulnerable to CSRF even with 2FA enabled:

Wanna change the user's chatname of someonelse? It's possible to do it by making cliking a link which trigger a POST to http://c-cex.com/?id=profile&rett=chat_b.
Wanna write a chat message with an account you don't own?  It's possible to do it by making cliking a link which simply works through a GET request.
You hacked the e-mail account linked to a c-cex account? Just make the target user click a link and you'll receive the confirmation link. You also don't need to login to confirm the withdrawal (an other vulnerability combined).

In that case, the only thing protected against CSRF I found is posting limit orders. And even then it's still performed through GET requests.
I also found making someone losing all funds through clicking https://c-cex.com/?id=funds&dump=btc requires an origin matching c-cex.com. Though that’s still possible to hide and trigger the target through a redirect.

There is also their internal captcha systemhttps://c-cex.com/cp.html?s=385353503 which is easy to solve fully automatically through things like IBM Watson or Google Cloud vision with high sucess rates.

There are many ways to bypass users completely and steal funds directly from servers like with the recent attack (though I failed to see the vulnerabilty recently used by the attacker).

The exchange is definitely less secure than Mt.Gox. There are even known bugs used in the past elsewhere that aren't fixed on the exchange (1 task when you are in charge of security is to read the news about recent discovered attacking methods). Maybe they also run outdated third party libraries else too, but that's something to invastigate.
The only thing postive over Mt.Gox is funds are correctly managed manually outside the lack of fund audits: they can't "find" a forgotten wallet like it happened with Mt.Gox since no wallet are susceptible to be forgotten.

In some way, the bugs users are noticing with unexecuted withdrawals or disappearing deposits as well as disabled account is only the top of the iceberg.

[milewilda]

But with c-cex, it's hard to find something protected on client side. For starting, everything is vulnerable to CSRF even with 2FA enabled:

Wanna change the user's chatname of someonelse? It's possible to do it by making cliking a link which trigger a POST to http://c-cex.com/?id=profile&rett=chat_b.
Wanna write a chat message with an account you don't own?  It's possible to do it by making cliking a link which simply works through a GET request.
You hacked the e-mail account linked to a c-cex account? Just make the target user click a link and you'll receive the confirmation link. You also don't need to login to confirm the withdrawal (an other vulnerability combined).

In that case, the only thing protected against CSRF I found is posting limit orders. And even then it's still performed through GET requests.
I also found making someone losing all funds through clicking https://c-cex.com/?id=funds&dump=btc requires an origin matching c-cex.com. Though that’s still possible to hide and trigger the target through a redirect.

There is also their internal captcha system which is easy to solve fully automatically through things like IBM Watson or Google Cloud vision with high sucess rates.

These are indeed serious bypass that you had mentioned but it doesnt really matter at all yet this exchange do already fallen to scam anyone.Im reading once in a while
into this thread.I havent seen any response of OP on whats happening and also reading up continuous complaints about account disabled and lost funds.
Remembering C-cex glory days but they do end up like this after on that 3 months vacation alibi.