The trader reportedly lost 75% of his account through hundreds of suspicious transactions executed by a third party.
The fintech stated that it is investigating the situation and is responding by enhancing its security measures.
XTB Headquarter in Warsaw, Poland
Polish
online broker XTB is implementing stronger security protocols after a client
publicly claimed losing approximately 150,000 Polish zloty ($38,000) in what
appears to be a sophisticated hacking scheme that might have affected at least
a few investors across Central Europe.
XTB Faces Security
Scrutiny After Client Loses $38,000 in Alleged Hack
The
controversy erupted over the weekend when a five-year XTB client shared a detailed post on social media describing how hackers allegedly drained his
account through thousands
of rapid-fire trades on obscure financial instruments (including nano-caps
companies like Spruce Power). The client, who had built his portfolio to nearly
200,000 zlotys, discovered 75% of his funds had vanished in what he described as
"programmed slaughter" of his holdings.
A portion of the statement shared by the alleged victim shows hundreds of unusual transactions
The alleged hacker's method was particularly clever. Rather than attempting direct
withdrawals, which XTB restricts to verified customer bank accounts, the
attacker reportedly executed simultaneous buy-sell transactions on low-liquidity
securities. The victim's account consistently lost money on each trade while
the hacker's separate account profited from the other side of the transactions.
"Everything
was sold in minutes: even long-held stocks, ETFs, securities that hadn't been
touched for years," the client wrote in his viral post.
Should Clients Protect
Themselves, or Do Firms Share the Responsibility?
It is worth noting, the client had not enabled two-factor
authentication (2FA), which the broker introduced as an optional security
feature in September last year. However, the action prompted a swift response from the fintech. Hours after the client's story
gained traction across local financial forums and media outlets, the broker announced plans to
enhance its two-factor authentication system and make it mandatory for all
users.
Adam Dubiel, Chief Product & Technology Officer at XTB
"Security
of XTB client funds is our highest priority," said Adam Dubiel, Chief
Product & Technology Officer at XTB. "We have taken action in three
areas: further improvement and development of two-factor authentication
methods, mandatory securing of client accounts through 2FA, and active
communication and education in the field of security."
The
controversy also boosted uncertainty around the company’s stock (WSE: XTB), which
fell more than 6% on Monday, testing the April lows and marking its
sharpest single-day decline of the year. On Tuesday, July 8, 2025, however, XTB
shares rebounded by nearly 3%, climbing back toward 72 zł.
Potential Security Gaps Exposed
The victim claims that when he contacted customer support, he allegedly received what he
described as a dismissive response: "I get calls like yours all day, every
day. Nothing can be done."
According to the client, his complaints filed with XTB were rejected twice, with the company citing
terms of service that place responsibility for password security on the
customers.
"Different
passwords, different computers, different phones, different security measures.
One common denominator, XTB account and complete lack of platform
responsibility," the client wrote.
The
alleged victim we spoke with stated that he would provide contact details for
other affected individuals but had not done so by the time of publication.
XTB Responds with Security
Overhaul
In response
to the mounting criticism, XTB announced several security enhancements.
Starting July 14, customers will be able to use Time-based One-Time Password
(TOTP) authentication through apps like Google Authenticator, moving beyond the
current SMS-based system.
“As a
leader in the investment industry, we are fully aware that cybersecurity issues
are among the greatest challenges in today’s financial world and affect the
entire financial sector,” XTB commented in a statement sent to FinanceMagnates.com. “As for the post on one of the online
forums, we are currently verifying the information presented there. At the same
time, we remind our clients that official complaint procedures are available.
Each case is analyzed individually based on applicable laws and our internal
procedures.”
The broker
revealed that only about 10% of its customers currently use two-factor
authentication. XTB plans to begin automatically enabling 2FA for existing
customers in the second half of July, with all new accounts requiring it by the
fourth quarter of 2025.
The company
also cited broader cybersecurity challenges facing financial technology firms,
noting that Poland recorded 103,449 unique security incidents in 2024, a 29%
increase from the previous year.
Industry Expert Weighs In
Michał Masłowski, Vice President of the Poland’s Individual Investors Association
Michał
Masłowski, Vice President of the Poland’s Individual Investors Association,
emphasized that both financial institutions and clients must collaborate to
combat hacking attempts.
"Such
'details' as 2FA, double authentication using either SMS passwords or one-time
passwords from applications like Google Authenticator, are simply mandatory
when logging into any accounts where we have even small amounts,"
Masłowski said.
Samołyk from Inwestomat.eu
According
to Mateusz Samołyk from Inwestomat.eu, one of the individuals who helped bring
the case to public attention in Polish media, the broker should implement
several key safeguards:
Mandatory
two-factor authentication with no option for users to disable it and real-time
monitoring of suspicious activity, such as sudden spikes in trading volume, from
a few monthly trades to hundreds in rapid succession. New device
and location verification, requiring confirmation via email or phone for logins
from unfamiliar IP addresses or geographic regions and instant
login alerts sent by email and SMS whenever an account is accessed from a new
device.
"All 4
account security methods I have already suggested to XTB and I will be waiting
for developments,” Samołyk commented on X.
XTB has not
indicated whether it will compensate affected customers or take additional
steps to assist ongoing police investigations into the alleged hacking scheme.
Polish
online broker XTB is implementing stronger security protocols after a client
publicly claimed losing approximately 150,000 Polish zloty ($38,000) in what
appears to be a sophisticated hacking scheme that might have affected at least
a few investors across Central Europe.
XTB Faces Security
Scrutiny After Client Loses $38,000 in Alleged Hack
The
controversy erupted over the weekend when a five-year XTB client shared a detailed post on social media describing how hackers allegedly drained his
account through thousands
of rapid-fire trades on obscure financial instruments (including nano-caps
companies like Spruce Power). The client, who had built his portfolio to nearly
200,000 zlotys, discovered 75% of his funds had vanished in what he described as
"programmed slaughter" of his holdings.
A portion of the statement shared by the alleged victim shows hundreds of unusual transactions
The alleged hacker's method was particularly clever. Rather than attempting direct
withdrawals, which XTB restricts to verified customer bank accounts, the
attacker reportedly executed simultaneous buy-sell transactions on low-liquidity
securities. The victim's account consistently lost money on each trade while
the hacker's separate account profited from the other side of the transactions.
"Everything
was sold in minutes: even long-held stocks, ETFs, securities that hadn't been
touched for years," the client wrote in his viral post.
Should Clients Protect
Themselves, or Do Firms Share the Responsibility?
It is worth noting, the client had not enabled two-factor
authentication (2FA), which the broker introduced as an optional security
feature in September last year. However, the action prompted a swift response from the fintech. Hours after the client's story
gained traction across local financial forums and media outlets, the broker announced plans to
enhance its two-factor authentication system and make it mandatory for all
users.
Adam Dubiel, Chief Product & Technology Officer at XTB
"Security
of XTB client funds is our highest priority," said Adam Dubiel, Chief
Product & Technology Officer at XTB. "We have taken action in three
areas: further improvement and development of two-factor authentication
methods, mandatory securing of client accounts through 2FA, and active
communication and education in the field of security."
The
controversy also boosted uncertainty around the company’s stock (WSE: XTB), which
fell more than 6% on Monday, testing the April lows and marking its
sharpest single-day decline of the year. On Tuesday, July 8, 2025, however, XTB
shares rebounded by nearly 3%, climbing back toward 72 zł.
Potential Security Gaps Exposed
The victim claims that when he contacted customer support, he allegedly received what he
described as a dismissive response: "I get calls like yours all day, every
day. Nothing can be done."
According to the client, his complaints filed with XTB were rejected twice, with the company citing
terms of service that place responsibility for password security on the
customers.
"Different
passwords, different computers, different phones, different security measures.
One common denominator, XTB account and complete lack of platform
responsibility," the client wrote.
The
alleged victim we spoke with stated that he would provide contact details for
other affected individuals but had not done so by the time of publication.
XTB Responds with Security
Overhaul
In response
to the mounting criticism, XTB announced several security enhancements.
Starting July 14, customers will be able to use Time-based One-Time Password
(TOTP) authentication through apps like Google Authenticator, moving beyond the
current SMS-based system.
“As a
leader in the investment industry, we are fully aware that cybersecurity issues
are among the greatest challenges in today’s financial world and affect the
entire financial sector,” XTB commented in a statement sent to FinanceMagnates.com. “As for the post on one of the online
forums, we are currently verifying the information presented there. At the same
time, we remind our clients that official complaint procedures are available.
Each case is analyzed individually based on applicable laws and our internal
procedures.”
The broker
revealed that only about 10% of its customers currently use two-factor
authentication. XTB plans to begin automatically enabling 2FA for existing
customers in the second half of July, with all new accounts requiring it by the
fourth quarter of 2025.
The company
also cited broader cybersecurity challenges facing financial technology firms,
noting that Poland recorded 103,449 unique security incidents in 2024, a 29%
increase from the previous year.
Industry Expert Weighs In
Michał Masłowski, Vice President of the Poland’s Individual Investors Association
Michał
Masłowski, Vice President of the Poland’s Individual Investors Association,
emphasized that both financial institutions and clients must collaborate to
combat hacking attempts.
"Such
'details' as 2FA, double authentication using either SMS passwords or one-time
passwords from applications like Google Authenticator, are simply mandatory
when logging into any accounts where we have even small amounts,"
Masłowski said.
Samołyk from Inwestomat.eu
According
to Mateusz Samołyk from Inwestomat.eu, one of the individuals who helped bring
the case to public attention in Polish media, the broker should implement
several key safeguards:
Mandatory
two-factor authentication with no option for users to disable it and real-time
monitoring of suspicious activity, such as sudden spikes in trading volume, from
a few monthly trades to hundreds in rapid succession. New device
and location verification, requiring confirmation via email or phone for logins
from unfamiliar IP addresses or geographic regions and instant
login alerts sent by email and SMS whenever an account is accessed from a new
device.
"All 4
account security methods I have already suggested to XTB and I will be waiting
for developments,” Samołyk commented on X.
XTB has not
indicated whether it will compensate affected customers or take additional
steps to assist ongoing police investigations into the alleged hacking scheme.
Damian's adventure with financial markets began at the Cracow University of Economics, where he obtained his MA in finance and accounting. Starting from the retail trader perspective, he collaborated with brokerage houses and financial portals in Poland as an independent editor and content manager. His adventure with Finance Magnates began in 2016, where he is working as a business intelligence analyst.
Polymarket Rolls Out U.S. App After CFTC Green Light, Starting With Sports Events
Marketing in 2026 Audiences, Costs, and Smarter AI
Marketing in 2026 Audiences, Costs, and Smarter AI
As brokers eye B2B business and compete with fintechs and crypto exchanges alike, marketers need to act wisely with often limited budgets. AI can offer scalable solutions, but only if used properly.
Join seasoned marketing executives and specialists as they discuss the main challenges they identify in financial services in 2026 and how they address them.
Attendees of this session will walk away with:
- A nuts-and-bolts account of acquisition costs across platforms and geos
- Analysis of today’s multi-layered audience segments and differences in behaviour
- First-hand account of how global brokers balance consistency and local flavour
- Notes from the field about intelligently using AI and automation in marketing
Speakers:
-Yam Yehoshua, Editor-In-Chief at Finance Magnates
-Federico Paderni, Managing Director for Growth Markets in Europe at X
-Jo Benton, Chief Marketing Officer, Consulting | Fractional CMO
-Itai Levitan, Head of Strategy at investingLive
-Roberto Napolitano, CMO at Innovate Finance
-Tony Cross, Director at Monk Communications
#fmls #fmls25 #fmevents #FintechMarketing #AI #DigitalStrategy #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
As brokers eye B2B business and compete with fintechs and crypto exchanges alike, marketers need to act wisely with often limited budgets. AI can offer scalable solutions, but only if used properly.
Join seasoned marketing executives and specialists as they discuss the main challenges they identify in financial services in 2026 and how they address them.
Attendees of this session will walk away with:
- A nuts-and-bolts account of acquisition costs across platforms and geos
- Analysis of today’s multi-layered audience segments and differences in behaviour
- First-hand account of how global brokers balance consistency and local flavour
- Notes from the field about intelligently using AI and automation in marketing
Speakers:
-Yam Yehoshua, Editor-In-Chief at Finance Magnates
-Federico Paderni, Managing Director for Growth Markets in Europe at X
-Jo Benton, Chief Marketing Officer, Consulting | Fractional CMO
-Itai Levitan, Head of Strategy at investingLive
-Roberto Napolitano, CMO at Innovate Finance
-Tony Cross, Director at Monk Communications
#fmls #fmls25 #fmevents #FintechMarketing #AI #DigitalStrategy #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Much like their traders in the market, brokers must diversify to manage risk and stay resilient. But that can get costly, clunky, and lengthy.
This candid panel brings together builders across the trading infrastructure space to uncover the shifting dynamics behind tools, interfaces, and full-stack ambitions.
Attendees will hear:
-Why platform dependency has become one of the most overlooked risks in the trading business?
-Buy vs. build: What do hybrid models look like, and why are industry graveyards filled with failed ‘killer apps’?
-How AI is already changing execution, risk, and reporting—and what’s next?
-Which features, assets, and tools gain the most traction, and where brokers should look for tech-driven retention?
Speakers:
-Stephen Miles, Chief Revenue Officer at FYNXT
-John Morris, Co-Founder at FXBlue
-Matthew Smith, Group Chair & CEO at EC Markets
-Tom Higgins, Founder & CEO at Gold-i
-Gil Ben Hur, Founder at 5% Group
#fmls #fmls25 #fmevents #Brokers #Trading #Fintech #FintechInnovation #TradingTechnology #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Much like their traders in the market, brokers must diversify to manage risk and stay resilient. But that can get costly, clunky, and lengthy.
This candid panel brings together builders across the trading infrastructure space to uncover the shifting dynamics behind tools, interfaces, and full-stack ambitions.
Attendees will hear:
-Why platform dependency has become one of the most overlooked risks in the trading business?
-Buy vs. build: What do hybrid models look like, and why are industry graveyards filled with failed ‘killer apps’?
-How AI is already changing execution, risk, and reporting—and what’s next?
-Which features, assets, and tools gain the most traction, and where brokers should look for tech-driven retention?
Speakers:
-Stephen Miles, Chief Revenue Officer at FYNXT
-John Morris, Co-Founder at FXBlue
-Matthew Smith, Group Chair & CEO at EC Markets
-Tom Higgins, Founder & CEO at Gold-i
-Gil Ben Hur, Founder at 5% Group
#fmls #fmls25 #fmevents #Brokers #Trading #Fintech #FintechInnovation #TradingTechnology #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Educators, IBs, And Other Regional Growth Drivers
Educators, IBs, And Other Regional Growth Drivers
When acquisition costs rise and AI generated reviews are exactly as useful as they sound, performing and fair partners can make or break brokers.
This session looks at how these players are shaping access, trust and user engagement, and what the most effective partnership models look like in 2025.
Key Themes:
- Building trader communities through education and local expertise
- Aligning broker incentives with long-term regional strategies
- Regional regulation and the realities of compliant acquisition
- What’s next for performance-driven partnerships in online trading
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Zander Van Der Merwe, Key Individual & Head of Sales at TD Markets
-Brunno Huertas, Regional Manager – Latin America at Tickmill
-Paul Chalmers, CEO at UK Trading Academy
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #BrokerGrowth #FintechPartnerships #RegionalMarkets
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
When acquisition costs rise and AI generated reviews are exactly as useful as they sound, performing and fair partners can make or break brokers.
This session looks at how these players are shaping access, trust and user engagement, and what the most effective partnership models look like in 2025.
Key Themes:
- Building trader communities through education and local expertise
- Aligning broker incentives with long-term regional strategies
- Regional regulation and the realities of compliant acquisition
- What’s next for performance-driven partnerships in online trading
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Zander Van Der Merwe, Key Individual & Head of Sales at TD Markets
-Brunno Huertas, Regional Manager – Latin America at Tickmill
-Paul Chalmers, CEO at UK Trading Academy
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #BrokerGrowth #FintechPartnerships #RegionalMarkets
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
The Leap to Everything App: Are Brokers There Yet?
The Leap to Everything App: Are Brokers There Yet?
As the arms race to bundle investing, personal finance, and wallets under super apps grows fiercer, brokers are caught between a rock and a hard place.
This session explores unexpected ways for industry players to collaborate as consumer habits evolve, competitors eye the traffic, and regulation becomes more nuanced.
Speakers:
-Laura McCracken,CEO | Advisory Board Member at Blackheath Advisors | The Payments Association
-Slobodan Manojlović,Vice President | Lead Software Engineer at JP Morgan Chase & Co.
-Jordan Sinclair, President at Robinhood UK
-Simon Pelletier, Head of Product at Yuh
Gerald Perez, CEO at Interactive Brokers UK
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
As the arms race to bundle investing, personal finance, and wallets under super apps grows fiercer, brokers are caught between a rock and a hard place.
This session explores unexpected ways for industry players to collaborate as consumer habits evolve, competitors eye the traffic, and regulation becomes more nuanced.
Speakers:
-Laura McCracken,CEO | Advisory Board Member at Blackheath Advisors | The Payments Association
-Slobodan Manojlović,Vice President | Lead Software Engineer at JP Morgan Chase & Co.
-Jordan Sinclair, President at Robinhood UK
-Simon Pelletier, Head of Product at Yuh
Gerald Perez, CEO at Interactive Brokers UK
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #Innovation
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
Mind The Gap: Can Retail Investors Save the UK Stock Market?
Mind The Gap: Can Retail Investors Save the UK Stock Market?
As the dire state of listing and investment in the UK goes from a financial services problem to a national challenge, the retail investing industry is taken to task.
Join a host of executives and experts for a candid conversation about the future of millions of Brits, as seen from a financial services standpoint:
-Are they happy with the Leeds Reform, in principle and in practice?
-Is it the government’s job to affect the ‘saver’ mentality? Is it doing well?
-What can brokers and fintechs do to spur UK investment?
-How can the FCA balance greater flexibility with consumer protection?
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Nicola Higgs, Partner at Latham & Watkins
-Dan Lane, Investment Content Lead at Robinhood UK
-Jack Crone, PR & Public Affairs Lead at IG
-David Belle, Founder at Fink Money
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #RetailInvesting #UKFinance
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
As the dire state of listing and investment in the UK goes from a financial services problem to a national challenge, the retail investing industry is taken to task.
Join a host of executives and experts for a candid conversation about the future of millions of Brits, as seen from a financial services standpoint:
-Are they happy with the Leeds Reform, in principle and in practice?
-Is it the government’s job to affect the ‘saver’ mentality? Is it doing well?
-What can brokers and fintechs do to spur UK investment?
-How can the FCA balance greater flexibility with consumer protection?
Speakers:
-Adam Button, Chief Currency Analyst at investingLive
-Nicola Higgs, Partner at Latham & Watkins
-Dan Lane, Investment Content Lead at Robinhood UK
-Jack Crone, PR & Public Affairs Lead at IG
-David Belle, Founder at Fink Money
#fmls #fmls25 #fmevents #Brokers #FinanceLeadership #Trading #Fintech #RetailInvesting #UKFinance
Connect with us at:
🔗 LinkedIn: / financemagnates-events
👍 Facebook: / financemagnatesevents
📸 Instagram: / fmevents_official
🐦 Twitter: / f_m_events
🎥 TikTok: / fmevents_official
