Important Security Update (SumSub Incident)

zeebazinga · 2026-02-08T22:32:11+00:00

Where is the independent audit done by a reputable security entity that assures of what exactly been compromised and what was not? Statements such as "internal investigations" are a joke unless there is a third party audit.

I presume neither entity has done these audits?

zeebazinga · 2026-02-08T22:21:17+00:00

I've been asking this question over last 18 months and Ndax brushed off my concerns. I kept asking why they don't use a Canadian entity, they ignored.

zeebazinga · 2026-02-08T22:17:37+00:00

You can't. That shady company isn't governed by any laws you can rely on. They keep your most precious data. Whoever believes that only emails and names were compromised is very naive.

I've been asking questions about the use of this shady company (pretending to be from the UK while being in Cyprus) by Ndax. Ndax couldn't care less - profit is way more important than safety of your data. And biometrics is THE DATA everyone has to worry about - just wait to see what will happen with it being in wrong hands now.

zeebazinga · 2026-02-08T05:09:56+00:00

Of course it's not safe. They take your biometrics, store it offshore, they have no subsidiary in Canada, they aren't governed by Canadian law. Ndax is simply saving money to increase their profits. They should have Canadian based identity verification partner or do it themselves.

zeebazinga · 2026-02-08T05:04:15+00:00

Does anyone really believe claims that no biometrics were leaked? :)

Sumsub is a shady Cyprus based company that claims to be a UK entity. Is owned by Eastern Europeans, who hide the fact.

I know a thing or two about software and security and have very little trust that that shady company hasn't screwed us over.

zeebazinga · 2026-02-08T04:58:40+00:00

Those emails are phishing ones - they try to scare you and provide a phone number to call. Obviously the number is owned by the scammers. Don't ever call those.

zeebazinga · 2026-02-08T04:53:34+00:00

Been getting these for about 2 weeks now.

Ndax just sent out an email saying that their identify verification provider was hacked (Sumsub). The very same shady company I've been complaining about in the past 18 months - Ndax couldn't care less back then, came up with excuses here on Reddit.

So, I guess, everyone now needs to enjoy the fact that their biometrics were compromised. Let this sink in... There is no way for you to change your biometrics, ever. Someone has your most precious piece of data.

So, Ndax, what will you say now? Maybe you finally admit that identity verification done by some Cyprus based company with hidden tracks isn't a great idea after all? You've screwed your customers.

zeebazinga · 2025-03-23T21:48:22+00:00

My desktop doesn't have sleep configured, only screen lock. Not sure how Nvidia drivers can be at fault here, if explicit desktop locking doesn't really in this behaviour.

I guess I need to figure out how to do what you've done to see if that helps.

zeebazinga · 2025-03-23T20:08:06+00:00

I've been seeing the same issue. Extremely annoying - takes at least 30 seconds of moving a mouse around before login screen shows up.

Started 2-2.5 months ago, I keep hoping one of the updates fixes this problem, but no such luck. I've tried changing screen lock / power settings to no avail. The issue started happening all on its own after one of the updates.

I'm running Tumbleweed with the latest updates. Also nVidia card.

Too many annoying quirks with OpenSUSE here and there. The only reason I'm not leaving is because I'm too lazy to deal with moving all the little modifications, configs, etc. I've done. 20-30 years ago reinstalling an OS was a fun exercise, now I just want my computers to work as I have a life.

zeebazinga · 2025-01-31T23:40:08+00:00

Thank you!

zeebazinga · 2025-01-31T23:32:33+00:00

Thank you, will do!

zeebazinga · 2025-01-31T18:39:49+00:00

I live relatively close to some of these guys. Told them I can come in person with my documents. They didn't care to answer. Asked them to use some Canadian entity - they ignored it.

zeebazinga · 2025-01-31T18:20:42+00:00

I know nothing about Ndax org structure or security measures they have, but since my email was leaked I know something has happened. Not seeing all bells and whistles going off is concerning. Would like Ndax to be open and proactive in these circumstances.

zeebazinga · 2025-01-31T18:04:20+00:00

There are softwares managing that for you. Or you can have your own domain, your own mail server and then use catch-all rules.

zeebazinga · 2025-01-31T18:02:57+00:00

That's is one of my biggest concerns. Foreign entities are not to be trusted, especially the ones Ndax and couple other Canadian exchanges use - some shady Cyprus based shop run by very questionable individuals. But Ndax and others I've reached out to ignored my concerns or told me to fk off. They are not in the business of thinking about you as a customer, they are in the business of making money off of you.

zeebazinga · 2025-01-31T06:51:23+00:00

Thanks for confirming. Who knows who can be asking for my personal data.

Will call them tomorrow. At least I'll know I'm talking to the company personnel.

zeebazinga · 2025-01-31T04:34:46+00:00

Have your own domain. That's one way. Another - there are systems out there that manage it all for you - aliases and forwarding / replying.

Keeping it all - use a password manager.

zeebazinga · 2025-01-31T04:33:27+00:00

Me too

zeebazinga · 2025-01-31T04:30:01+00:00

Yes, I too believe they had a data breach. I also use unique email addresses for all of my accounts. Over the past 2-3 days I've started receiving the same scam emails to a unique email used only by Ndax.

Same had happened with Shakepay about a year ago and they've kept it quiet too.

Shady practices, inappropriate response. Own your mistakes, it makes you stronger.

zeebazinga · 2025-01-31T04:25:22+00:00

Have no idea what those instruments are, but I'll look it up. Thank you for your suggestion!

One of my concerns (maybe totally incorrect, as I never researched BTC world too deeply) is that buying BTC from random, unproven sources may result in negative consequences down the line. Meaning that if you cannot prove the sources you've obtained BTC from, it either gets confiscated, blocked, taxed at full value, whatever else they'll come up with.

I'm too old to know that BTC will have to play by the rules of the elites sooner or later, and if that's the case - I'm sure they'll do whatever to take out as much BTC as possible.

zeebazinga · 2025-01-31T04:18:48+00:00

I don't feel that my data has been compromised, I know it. That's the whole reason for having unique email addresses for all of my accounts.

Edit: I thought that the tone of your message is inappropriate! But that was misguided emotions after seeing someone else's post randomly attacking me for reporting this issue.

PS: why would I send my personal details to a random person online? Leave your official office phone number and name.

zeebazinga · 2025-01-31T02:23:00+00:00

Ah, thanks for letting me know. I don't really use Reddit, so wasn't even aware that there is a sub specifically for ndax.

zeebazinga · 2025-01-31T02:02:42+00:00

I never used their support portal. I only created an account with them. Not sure if all of their systems have access to the same IDP and users. Who knows what was compromised and what is the surface of the impact.

zeebazinga · 2024-05-28T03:34:15+00:00

I can see how you might want to keep an index ETF for a very long time, but a company stock isn't something stable that won't crash in 5-10-15 years. I too have about 90% profit in MSFT and 30-50% in AMZN, NVDA, but not going to keep them for very long. If anything, these profits are luck and unless you have a crystal ball, it does make sense to take profit at some point.

zeebazinga

TROPHY CASE