XTB, the
Warsaw-listed investment app, announced today (Tuesday) it has rolled out an
emergency lock feature that lets clients freeze all financial activity on their
account with a single tap if they suspect unauthorized access, the company
said.
Activating
the lock simultaneously halts trading in all financial instruments, freezes
withdrawals from every currency account, and cuts off eWallet transactions
entirely, XTB said. Getting back in requires a password change followed by a
facial recognition scan, the company’s way of verifying that the person
restoring access is the account’s rightful owner, not an attacker who may still
have hold of a device.
“Digital
and cybersecurity threats are rising fast, and still, too many people feel
powerless when something looks wrong,” CEO Omar Arnaout said. “We
wanted to give our clients a way to take back control in seconds.”
XTB’s โHackโ Looms in the
Background
The new
feature follows months of public pressure over the firm’s account security.
Last year, a Polish client alleged losing roughly 150,000 zlotys ($38,000) in
what appeared to be a sophisticated breach, describing how an attacker executed
thousands of rapid trades on low-liquidity securities to drain a portfolio
without ever triggering a direct withdrawal.
[#highlighted-links#]
The case
spread quickly across local financial forums and prompted XTB to tighten
security protocols and make two-factor authentication mandatory, moves that only came after the
story reached national media.
The fallout
was immediate. XTB pledged to
reimburse all clients who suffered losses from cyberattacks, while insisting the total payout
would not materially affect its finances. The company’s own data showed that
cybercriminal attacks hit just 0.017% of its client base and that every
affected account had been left without 2FA at the time of the breach.
How the Lock Works
The
sequence is straightforward. A client who notices an unfamiliar login or an
unexpected transaction can hit a single button, cutting off all trades,
withdrawals, and card payments at once. Restoring access requires both a
password reset and a facial scan, which XTB says guarantees only the legitimate
account holder can unlock the platform.
The
coverage extends to eWallet transactions, a detail that matters more now than
it might have a year ago. XTB has been pushing hard to evolve beyond CFD
trading, with Arnaout previously saying he wants spot crypto to
reduce CFD revenue dominance from 95% to around 70%.
As the
platform increasingly handles multi-currency payments, ATM withdrawals, and
eWallet activity, the stakes attached to account-level security rise with it.
Retail Broker Security
Under the Microscope
The alleged hack
last year reignited a broader industry debate about whether optional security measures
are sufficient for platforms holding retail investors’ funds. Cybersecurity
experts argued that 2FA should be mandatory across the board, not buried in
settings that many users never touch. Other major brokerages, including
Robinhood, were found at the time to rely on optional 2FA as well, pointing to
a gap that ran across the industry.
XTB, which
holds licenses from the FCA, CySEC, and Poland’s Financial Supervisory
Authority, now serves more than 2.1 million clients across 17 global offices.
Arnaout had signaled for some time that the firm saw no ceiling
on its path to two million annual clients, and the company has been extending its
footprint into new geographies to reach that target, with Arnaout recently
describing Indonesia as a market with a
question mark that must prove itself within six months.
This article was written by Damian Chmiel at www.financemagnates.com.
Source link
