BitMEX: Only User Emails Were Leaked as They Update Clients on the New Indices
BitMEX crypto exchange released an apology on its blog post after email data was disclosed from their system over the weekend. The firm has assured its clients that their team is working 24/7 to ensure all security concerns are addressed.
BitMEX Email System Leak
Crypto trader emails were recently leaked when BitMEX was ending an index weighting upgrade update to its users. The digital exchange has come out to say that they rarely send emails and the recent disclosure was unfortunate. BitMEX found themselves in this situation after their internally designed email distribution system included a concatenated “To” function which resulted in the leak.
Basically, the email recipients can see other users’ addresses under the “To” function. BitMEX further defended themselves noting that their engineers were not to blame but the processes. According to the publication by its Deputy Chief Operating Officer, Vivien Khoo, the firm had not done a proper QA for the single SendGrid API.
The leak has affected most BitMEX users and the firm recommended self-diagnosis for its users to determine whether their emails were leaked. Users who received an email addressed to them only are not victims but those who “To” contained other addresses are at the risk of exposure. Some BitMEX clients, however, did not get any emails as the process was stopped immediately when they detected a leak.
Security Steps Taken by BitMEX
Since the disclosure was discovered, BitMEX employees have been working round the clock to minimize the risk affiliated with the event. Most notably, they have taken the initiative to flag accounts with suspicious activity between now and when the disclosure occurred. This includes those that do not have a 2FA or may have requested to withdraw BTC to an unfamiliar address.
In addition, BitMEX urged its clientele to be vigilant against phishers who intend to scam them online using their “name”. They should also make sure that they have enabled two-factor authentication and rely only on BitMEX’s official communication channel.