Fintech CEO: The Paxful Data Leak that Wasn’t: A Cautionary Tale in Vendor Selection

Last week,  it was reported that cryptocurrency exchange Paxful released a firm denial of an alleged data leak with 4.8 million entries. The company noted that the data from the supposed leak, which contained employee information among other items, was actually data which was illegally stolen from a third-party vendor.

“If you take Paxful at their word, and I’m not aware of any reason that we shouldn’t at this point, users can be relieved that the exchange wasn’t successfully hacked. But, the issue of incompetent vendors is one which all too often plagues cryptocurrency exchanges,” said Richard Gardner, CEO of Modulus, a US-based developer of ultra-high-performance trading and surveillance technology that powers global equities, derivatives, and digital asset exchanges. “It’s tough because the cryptocurrency space is relatively new, so most vendors are new, too. Those are the vendors who compete on cost, instead of on their industry success.”

“Fundamentally, however, cryptocurrency exchanges are, at their core, financial exchanges. The technology required to ensure they run flawlessly and with appropriate security measures in place — those things require experience in providing technology for exchanges. Building online auction sites or websites, dabbling in development… those kinds of vendors aren’t capable of handling the kinds of stress put onto a cryptocurrency exchange,” explained Gardner.

Modulus is known throughout the financial technology segment as a leader in the development of ultra-high frequency trading systems and blockchain technologies. Over the past twenty years, the company has built technology for the world’s most notable exchanges, with a client list which includes NASDAQ, Goldman Sachs, Merrill Lynch, JP Morgan Chase, Bank of America, Barclays, Siemens, Shell, Yahoo!, Microsoft, Cornell University, and the University of Chicago.

“What happens here is that these technology vendors watched Bitcoin explode, and they wanted to cash in on that opportunity. They built technology that’s shiny and works until put under stress. Then they charge rock bottom prices for it. Crypro-preneurs, looking to get to market fast and cheap, find themselves enamored with the offering. For years, the exchange runs without issue because the exchange never saw peak traffic. Once it’s successful and bringing in significant money, hackers will become interested in it. Even worse, the technology stack that powers the exchange isn’t set up to handle the volume demanded by success. Bad things happen. We’ve watched this movie before,” Gardner continued.

“How does this stop? Our industry needs to stop normalizing sub-par, cheap technology provided by suppliers without any experience in the field in which they’re now practicing. We need to normalize and prioritize security. In this case, if the vendor couldn’t secure their own house, how can they be trusted to work on exchange technology in any capacity? Luckily, Paxful executives noted that the vendor is no longer under contract. But, that vendor is very likely still supplying technology to dozens, or even hundreds, of other exchanges. It’s time to flip the script and value experience over sticker price,” opined Gardner.