nullc has access to the same facts as me. His post is more into the actual technical details of the exploit. The intention of my post is to bring this topic to higher level because the concept itself is a real problem that exchanges should be aware of.