Potential breaches of fintech's client accounts have sparked a debate about the security of deposits held with trading firms.
2FA is often the only line of defense used by CFD brokers, and their security measures lag significantly behind those of the banking sector.
While two-factor authentication, for example, is mandatory at Plus500, Robinhood merely “encourages” users to enable it.
The recent
XTB security breach that allegedly cost a Polish client approximately 150,000
zlotys ($38,000) has ignited a fierce debate about whether optional
security measures are sufficient for CFD brokers and retail trading
platforms in 2025.
Following
the incident, where hackers reportedly executed thousands of rapid trades to
drain a client's account, cybersecurity experts are calling for fundamental
changes to how financial companies protect client assets.
As it turns
out, the XTB case is not isolated, and when it comes to retail trading
companies, the saying “you can bank on it” doesn’t always hold true.
The Anatomy of a Modern
Financial Hack
Rather than
attempting direct fund transfers, which can only be executed on a verified
account, hackers opened simultaneous buy-sell transactions on low-liquidity
securities, consistently profiting on one side while draining the victim's XTB account
on the other. The client had not enabled two-factor authentication (2FA),
a detail that has become central to the broader security debate.
Mate Ivanszky, Founder & CEO of Matworks.
“2FA
isn't just recommended, it's a must. Even the strongest password is still a
single point of failure. A simple password combined with enforced 2FA is far
safer than forcing users into complex ones they'll end up writing down,”
commented Mate Ivanszky, Founder & CEO of Matworks.
What makes
this case particularly concerning is the apparent lack of automated fraud
detection. The attack exhibited multiple red flags that should have triggered
immediate security responses: an unfamiliar IP address, extraordinarily high
trading volumes, and behavior completely outside the client's historical
patterns.
If a trader
typically performs two or three operations per month and suddenly executes
hundreds in a single day, the system should catch that. XTB, however, takes a
different view, citing the specific nature of the market as its explanation.
“Due to the
nature of the market and the speed at which investment decisions are made, we
do not apply automatic restrictions based on changes in investor preferences, such
as the initiation of trading in different instruments,” XTB’s PR department explained.
Expert
Consensus:
Optional Security is No Longer Acceptable
Jon Bellard, Head of Product at Rootshell Security
Jon
Bellard, Head of Product at Rootshell Security, argues that the incident
exposes fundamental gaps in modern fintech security. “While the user not enabling 2FA is a
clear risk factor, platforms like XTB carry a responsibility to protect users
even when they make mistakes,” he states. “In 2025, it's not enough to offer
2FA, it should be mandatory, particularly for high-risk platforms.”
And while 2FA
might seem like a legal requirement today, XTB explains that this is not always
the case: “PSD2 regulations and payment services laws apply to companies
providing payment services, not brokerage firms like XTB. Therefore, these
regulations only apply to our eWallet payment service provided by DiPocket,
where we implemented strong authentication in August 2024.”
This
highlights that brokerage activities do not face the same mandatory security
requirements as traditional banking services, even though they involve similar
financial risks.
However, in
an interview with FinanceMagnates.com, XTB’s CEO noted that 80% of the
company’s new clients invest in stocks and ETFs rather than CFDs. He also
reiterated XTB’s ambition to become an “all-in-one financial super app.” Given
this shift toward more bank-like services, shouldn't the company prioritize
stronger security measures?
A Mixed Picture of Industry
Standard
While XTB's
approach appears questionable, it seems that CFD broker and retail trading
apps security standards across the industry remain inconsistent. The reality is
that many don't implement significantly more security measures than XTB's original setup, suggesting this is an industry-wide challenge rather than an
isolated problem.
FinanceMagnates.com
has verified that Robinhood also offers only optional 2FA. While Plus500 does
require 2FA, when it comes to additional protections, such as IP blocking or
geo-restrictions, these are generally lacking. Whether it's a large publicly
listed broker or a fintech focused on retail trading, most rely on fraud
detection systems, login alerts, and manual reviews.
Marijus Breidis, the CTO at NordVPN
“Security
cannot be a user's responsibility when entrusted with client money,” commented
Marijus Breidis, the CTO at NordVPN. “Behavioral risk detection should be
enabled by default, not buried in settings menus. Platforms prioritize
convenience over fundamental security and then blame their customers when the
inevitable happens. That approach is irresponsible and completely surrenders
their duty to protect client assets.”
Ivanszky agrees with his statement, adding that regulated financial institutions have a clear and enforceable duty to safeguard client funds. “This responsibility
begins with ensuring that access to client accounts is properly authenticated,
and continues through every transaction that could affect the security or
disposition of those funds.”
XTB Does Not Confirm
Incident, but Increases Security Measures
XTB neither
confirms nor denies that such an incident occurred, but emphasizes that no
similar breach has ever taken place involving clients with 2FA enabled.
Moreover, following
the public outcry, XTB may end up being more secure than industry standard. The
company’s press office outlined its current approach: “In recent weeks, we
have significantly simplified and expanded 2FA. Extended testing has already
been completed, and as of July 14, clients will have two options: SMS codes or
an authenticator app.”
The firm will also begin automatically enabling 2FA for existing clients, and
starting in Q4 2025, all new users will be required to activate it. The company
has also introduced additional monitoring systems.
“We
continuously monitor information about password leaks published online and
cross-check them with our database. If a match is found, we notify clients to
change their password,” the spokesperson said. “We have also built
and continue to expand our internal database of suspicious IP addresses, logins
from such locations trigger enhanced security protocols.”
The recent
XTB security breach that allegedly cost a Polish client approximately 150,000
zlotys ($38,000) has ignited a fierce debate about whether optional
security measures are sufficient for CFD brokers and retail trading
platforms in 2025.
Following
the incident, where hackers reportedly executed thousands of rapid trades to
drain a client's account, cybersecurity experts are calling for fundamental
changes to how financial companies protect client assets.
As it turns
out, the XTB case is not isolated, and when it comes to retail trading
companies, the saying “you can bank on it” doesn’t always hold true.
The Anatomy of a Modern
Financial Hack
Rather than
attempting direct fund transfers, which can only be executed on a verified
account, hackers opened simultaneous buy-sell transactions on low-liquidity
securities, consistently profiting on one side while draining the victim's XTB account
on the other. The client had not enabled two-factor authentication (2FA),
a detail that has become central to the broader security debate.
Mate Ivanszky, Founder & CEO of Matworks.
“2FA
isn't just recommended, it's a must. Even the strongest password is still a
single point of failure. A simple password combined with enforced 2FA is far
safer than forcing users into complex ones they'll end up writing down,”
commented Mate Ivanszky, Founder & CEO of Matworks.
What makes
this case particularly concerning is the apparent lack of automated fraud
detection. The attack exhibited multiple red flags that should have triggered
immediate security responses: an unfamiliar IP address, extraordinarily high
trading volumes, and behavior completely outside the client's historical
patterns.
If a trader
typically performs two or three operations per month and suddenly executes
hundreds in a single day, the system should catch that. XTB, however, takes a
different view, citing the specific nature of the market as its explanation.
“Due to the
nature of the market and the speed at which investment decisions are made, we
do not apply automatic restrictions based on changes in investor preferences, such
as the initiation of trading in different instruments,” XTB’s PR department explained.
Expert
Consensus:
Optional Security is No Longer Acceptable
Jon Bellard, Head of Product at Rootshell Security
Jon
Bellard, Head of Product at Rootshell Security, argues that the incident
exposes fundamental gaps in modern fintech security. “While the user not enabling 2FA is a
clear risk factor, platforms like XTB carry a responsibility to protect users
even when they make mistakes,” he states. “In 2025, it's not enough to offer
2FA, it should be mandatory, particularly for high-risk platforms.”
And while 2FA
might seem like a legal requirement today, XTB explains that this is not always
the case: “PSD2 regulations and payment services laws apply to companies
providing payment services, not brokerage firms like XTB. Therefore, these
regulations only apply to our eWallet payment service provided by DiPocket,
where we implemented strong authentication in August 2024.”
This
highlights that brokerage activities do not face the same mandatory security
requirements as traditional banking services, even though they involve similar
financial risks.
However, in
an interview with FinanceMagnates.com, XTB’s CEO noted that 80% of the
company’s new clients invest in stocks and ETFs rather than CFDs. He also
reiterated XTB’s ambition to become an “all-in-one financial super app.” Given
this shift toward more bank-like services, shouldn't the company prioritize
stronger security measures?
A Mixed Picture of Industry
Standard
While XTB's
approach appears questionable, it seems that CFD broker and retail trading
apps security standards across the industry remain inconsistent. The reality is
that many don't implement significantly more security measures than XTB's original setup, suggesting this is an industry-wide challenge rather than an
isolated problem.
FinanceMagnates.com
has verified that Robinhood also offers only optional 2FA. While Plus500 does
require 2FA, when it comes to additional protections, such as IP blocking or
geo-restrictions, these are generally lacking. Whether it's a large publicly
listed broker or a fintech focused on retail trading, most rely on fraud
detection systems, login alerts, and manual reviews.
Marijus Breidis, the CTO at NordVPN
“Security
cannot be a user's responsibility when entrusted with client money,” commented
Marijus Breidis, the CTO at NordVPN. “Behavioral risk detection should be
enabled by default, not buried in settings menus. Platforms prioritize
convenience over fundamental security and then blame their customers when the
inevitable happens. That approach is irresponsible and completely surrenders
their duty to protect client assets.”
Ivanszky agrees with his statement, adding that regulated financial institutions have a clear and enforceable duty to safeguard client funds. “This responsibility
begins with ensuring that access to client accounts is properly authenticated,
and continues through every transaction that could affect the security or
disposition of those funds.”
XTB Does Not Confirm
Incident, but Increases Security Measures
XTB neither
confirms nor denies that such an incident occurred, but emphasizes that no
similar breach has ever taken place involving clients with 2FA enabled.
Moreover, following
the public outcry, XTB may end up being more secure than industry standard. The
company’s press office outlined its current approach: “In recent weeks, we
have significantly simplified and expanded 2FA. Extended testing has already
been completed, and as of July 14, clients will have two options: SMS codes or
an authenticator app.”
The firm will also begin automatically enabling 2FA for existing clients, and
starting in Q4 2025, all new users will be required to activate it. The company
has also introduced additional monitoring systems.
“We
continuously monitor information about password leaks published online and
cross-check them with our database. If a match is found, we notify clients to
change their password,” the spokesperson said. “We have also built
and continue to expand our internal database of suspicious IP addresses, logins
from such locations trigger enhanced security protocols.”
Damian's adventure with financial markets began at the Cracow University of Economics, where he obtained his MA in finance and accounting. Starting from the retail trader perspective, he collaborated with brokerage houses and financial portals in Poland as an independent editor and content manager. His adventure with Finance Magnates began in 2016, where he is working as a business intelligence analyst.
CFD Brokers Can Now Manage Client Engagement as DXtrade Mobile Integrates BrokerIQ
Hannah Hill on Innovation, Branding & Award-Winning Technology | Executive Interview | AXI
Hannah Hill on Innovation, Branding & Award-Winning Technology | Executive Interview | AXI
Recorded live at FMLS:25, this executive interview features Hannah Hill, Head of Brand and Sponsorship at AXI, in conversation with Finance Magnates, following AXI’s win for Most Innovative Broker of the Year 2025.
In this wide-ranging discussion, Hannah shares insights on:
🔹What winning the Finance Magnates award means for AXI’s credibility and innovation
🔹How the launch of AXI Select, the capital allocation program, is redefining industry standards
🔹The development and rollout of the AXI trading app across multiple markets
🔹Driving brand evolution alongside technological advancements
🔹Encouraging and recognizing teams behind the scenes
🔹The role of marketing, content, and social media in building product awareness
Hannah explains why standout products, strategic branding, and a focus on innovation are key to growing visibility and staying ahead in a competitive brokerage landscape.
🏆 Award Highlight: Most Innovative Broker of the Year 2025
👉 Subscribe to Finance Magnates for more executive interviews, industry insights, and exclusive coverage from the world’s leading financial events.
#FMLS25 #FinanceMagnates #MostInnovativeBroker #TradingTechnology #FinTech #Brokerage #ExecutiveInterview #AXI
Recorded live at FMLS:25, this executive interview features Hannah Hill, Head of Brand and Sponsorship at AXI, in conversation with Finance Magnates, following AXI’s win for Most Innovative Broker of the Year 2025.
In this wide-ranging discussion, Hannah shares insights on:
🔹What winning the Finance Magnates award means for AXI’s credibility and innovation
🔹How the launch of AXI Select, the capital allocation program, is redefining industry standards
🔹The development and rollout of the AXI trading app across multiple markets
🔹Driving brand evolution alongside technological advancements
🔹Encouraging and recognizing teams behind the scenes
🔹The role of marketing, content, and social media in building product awareness
Hannah explains why standout products, strategic branding, and a focus on innovation are key to growing visibility and staying ahead in a competitive brokerage landscape.
🏆 Award Highlight: Most Innovative Broker of the Year 2025
👉 Subscribe to Finance Magnates for more executive interviews, industry insights, and exclusive coverage from the world’s leading financial events.
#FMLS25 #FinanceMagnates #MostInnovativeBroker #TradingTechnology #FinTech #Brokerage #ExecutiveInterview #AXI
Executive Interview | Dor Eligula | Co-Founder & Chief Business Officer, BridgeWise | FMLS:25
Executive Interview | Dor Eligula | Co-Founder & Chief Business Officer, BridgeWise | FMLS:25
In this session, Jonathan Fine form Ultimate Group speaks with Dor Eligula from Bridgewise, a fast-growing AI-powered research and analytics firm supporting brokers and exchanges worldwide.
We start with Dor’s reaction to the Summit and then move to broker growth and the quick wins brokers often overlook. Dor shares where he sees “blue ocean” growth across Asian markets and how local client behaviour shapes demand.
We also discuss the rollout of AI across investment research. Dor gives real examples of how automation and human judgment meet at Bridgewise — including moments when analysts corrected AI output, and times when AI prevented an error.
We close with a practical question: how retail investors can actually use AI without falling into common traps.
In this session, Jonathan Fine form Ultimate Group speaks with Dor Eligula from Bridgewise, a fast-growing AI-powered research and analytics firm supporting brokers and exchanges worldwide.
We start with Dor’s reaction to the Summit and then move to broker growth and the quick wins brokers often overlook. Dor shares where he sees “blue ocean” growth across Asian markets and how local client behaviour shapes demand.
We also discuss the rollout of AI across investment research. Dor gives real examples of how automation and human judgment meet at Bridgewise — including moments when analysts corrected AI output, and times when AI prevented an error.
We close with a practical question: how retail investors can actually use AI without falling into common traps.
Brendan Callan joined us fresh off the Summit’s most anticipated debate: “Is Prop Trading Good for the Industry?” Brendan argued against the motion — and the audience voted him the winner.
In this interview, Brendan explains the reasoning behind his position. He walks through the message he believes many firms avoid: that the current prop trading model is too dependent on fees, too loose on risk, and too confusing for retail audiences.
We discuss why he thinks the model grew fast, why it may run into walls, and what he believes is needed for a cleaner, more responsible version of prop trading.
This is Brendan at his frankest — sharp, grounded, and very clear about what changes are overdue.
Brendan Callan joined us fresh off the Summit’s most anticipated debate: “Is Prop Trading Good for the Industry?” Brendan argued against the motion — and the audience voted him the winner.
In this interview, Brendan explains the reasoning behind his position. He walks through the message he believes many firms avoid: that the current prop trading model is too dependent on fees, too loose on risk, and too confusing for retail audiences.
We discuss why he thinks the model grew fast, why it may run into walls, and what he believes is needed for a cleaner, more responsible version of prop trading.
This is Brendan at his frankest — sharp, grounded, and very clear about what changes are overdue.
Elina Pedersen on Growth, Stability & Ultra-Low Latency | Executive Interview | Your Bourse
Elina Pedersen on Growth, Stability & Ultra-Low Latency | Executive Interview | Your Bourse
Recorded live at FMLS:25 London, this executive interview features Elina Pedersen, in conversation with Finance Magnates, following her company’s win for Best Connectivity 2025.
🔹In this wide-ranging discussion, Elina shares insights on:
🔹What winning a Finance Magnates award means for credibility and reputation
🔹How broker demand for stability and reliability is driving rapid growth
🔹The launch of a new trade server enabling flexible front-end integrations
🔹Why ultra-low latency must be proven with data, not buzzwords
🔹Common mistakes brokers make when scaling globally
🔹Educating the industry through a newly launched Dealers Academy
🔹Where AI fits into trading infrastructure and where it doesn’t
Elina explains why resilient back-end infrastructure, deep client partnerships, and disciplined focus are critical for brokers looking to scale sustainably in today’s competitive market.
🏆 Award Highlight: Best Connectivity 2025
👉 Subscribe to Finance Magnates for more executive interviews, industry insights, and exclusive coverage from the world’s leading financial events.
#FMLS25 #FinanceMagnates #BestConnectivity #TradingTechnology #UltraLowLatency #FinTech #Brokerage #ExecutiveInterview
Recorded live at FMLS:25 London, this executive interview features Elina Pedersen, in conversation with Finance Magnates, following her company’s win for Best Connectivity 2025.
🔹In this wide-ranging discussion, Elina shares insights on:
🔹What winning a Finance Magnates award means for credibility and reputation
🔹How broker demand for stability and reliability is driving rapid growth
🔹The launch of a new trade server enabling flexible front-end integrations
🔹Why ultra-low latency must be proven with data, not buzzwords
🔹Common mistakes brokers make when scaling globally
🔹Educating the industry through a newly launched Dealers Academy
🔹Where AI fits into trading infrastructure and where it doesn’t
Elina explains why resilient back-end infrastructure, deep client partnerships, and disciplined focus are critical for brokers looking to scale sustainably in today’s competitive market.
🏆 Award Highlight: Best Connectivity 2025
👉 Subscribe to Finance Magnates for more executive interviews, industry insights, and exclusive coverage from the world’s leading financial events.
#FMLS25 #FinanceMagnates #BestConnectivity #TradingTechnology #UltraLowLatency #FinTech #Brokerage #ExecutiveInterview
In this video, we take an in-depth look at @BlueberryMarketsForex , a forex and CFD broker operating since 2016, offering access to multiple trading platforms, over 1,000 instruments, and flexible account types for different trading styles.
We break down Blueberry’s regulatory structure, including its Australian Financial Services License (AFSL), as well as its authorisation and registrations in other jurisdictions. The review also covers supported platforms such as MetaTrader 4, MetaTrader 5, cTrader, TradingView, Blueberry.X, and web-based trading.
You’ll learn about available instruments across forex, commodities, indices, share CFDs, and crypto CFDs, along with leverage options, minimum and maximum trade sizes, and how Blueberry structures its Standard and Raw accounts.
We also explain spreads, commissions, swap rates, swap-free account availability, funding and withdrawal methods, processing times, and what traders can expect from customer support and additional services.
Watch the full review to see whether Blueberry’s trading setup aligns with your experience level, strategy, and risk tolerance.
📣 Stay up to date with the latest in finance and trading. Follow Finance Magnates for industry news, insights, and global event coverage.
Connect with us:
🔗 LinkedIn: /financemagnates
👍 Facebook: /financemagnates
📸 Instagram: https://www.instagram.com/financemagnates
🐦 X: https://x.com/financemagnates
🎥 TikTok: https://www.tiktok.com/tag/financemagnates
▶️ YouTube: /@financemagnates_official
#Blueberry #BlueberryMarkets #BrokerReview #ForexBroker #CFDTrading #OnlineTrading #FinanceMagnates #TradingPlatforms #MarketInsights
In this video, we take an in-depth look at @BlueberryMarketsForex , a forex and CFD broker operating since 2016, offering access to multiple trading platforms, over 1,000 instruments, and flexible account types for different trading styles.
We break down Blueberry’s regulatory structure, including its Australian Financial Services License (AFSL), as well as its authorisation and registrations in other jurisdictions. The review also covers supported platforms such as MetaTrader 4, MetaTrader 5, cTrader, TradingView, Blueberry.X, and web-based trading.
You’ll learn about available instruments across forex, commodities, indices, share CFDs, and crypto CFDs, along with leverage options, minimum and maximum trade sizes, and how Blueberry structures its Standard and Raw accounts.
We also explain spreads, commissions, swap rates, swap-free account availability, funding and withdrawal methods, processing times, and what traders can expect from customer support and additional services.
Watch the full review to see whether Blueberry’s trading setup aligns with your experience level, strategy, and risk tolerance.
📣 Stay up to date with the latest in finance and trading. Follow Finance Magnates for industry news, insights, and global event coverage.
Connect with us:
🔗 LinkedIn: /financemagnates
👍 Facebook: /financemagnates
📸 Instagram: https://www.instagram.com/financemagnates
🐦 X: https://x.com/financemagnates
🎥 TikTok: https://www.tiktok.com/tag/financemagnates
▶️ YouTube: /@financemagnates_official
#Blueberry #BlueberryMarkets #BrokerReview #ForexBroker #CFDTrading #OnlineTrading #FinanceMagnates #TradingPlatforms #MarketInsights
