What we've done:
- The vulnerability has been identified and fixed
- All user sessions have been invalidated — you will need to log in again and/or reset your password
- Two-factor authentication (2FA) is now required for all withdrawals
- Withdraw email confirmation can no longer be disabled
What you should do:
- Change your password immediately — choose a strong one
- Enable 2FA in your profile settings — this is now required to withdraw
- Review your recent account activity and withdrawal history
- If you notice any unauthorized activity, contact support immediately
Affected users:
- We have preliminary identified all affected accounts
If you believe your account was compromised and you have not been contacted, please open a support ticket with the subject
"Security Incident — April 5" and include:
- Your registered email
- The coins and approximate amounts withdrawn
- Any suspicious activity you noticed
We take the security of your funds seriously and sincerely apologize for the inconvenience. Thank you for your patience and trust.
— CEXSwap Team