https://www.rastersec.com/blog/exolix-swapper-dump
Exolix vulnerability contains tx history for different swap partners, exposing tens of thousands of XMR transactions.
From blog: "In every case, the JWT key is not scoped or restricted. It grants full read access to the partner’s entire transaction history, including deposit addresses, withdrawal addresses, amounts, timestamps, on-chain transaction hashes, and swap statuses. There is no rate limiting or IP restriction to speak of. Later on, Exolix staff implemented WAF rules using Cloudflare instead of solving the root problem"
