SECURITY PoC — ACCOUNT TAKEOVER
This page is displayed inside BitDelta's own WebView.
Your authentication tokens were stolen and used to fetch your profile below.
Stolen Credentials
access-token:
NONE
refresh-token:
NONE
Request Info
X-Requested-With:
N/A
User-Agent:
Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)
Timestamp:
2026-05-03T16:19:33.270696
Impact
With these tokens an attacker can:
- Read full profile (name, email, phone, country) — demonstrated above
- View wallet balances and transaction history
- Place trades and initiate transfers
- Mint new access tokens via refresh-token (30-day persistence)