Security Alert: BitMEX Doxxes About 30,000 Users in Mass Email, Watch For Phishing Attempts – UPDATE
- Derivative exchange BitMEX leaks the data of thousands of its users
- Change your email address, enable 2FA
- This Halloween has been scary for the cryptocurrency community this time.
First, derivatives cryptocurrency platform Deribit liquidated all the positions due to a glitch in one of the exchanges (Coinbase) used for its Bitcoin Index that cost the company 150 BTC (approximately $1.3 million).
Now, another crypto derivatives platform BitMEX has doxxed its users in what Jake Chervinky, General Counsel at Compound Finance calls “the most outrageously incompetent way imaginable.”
We are aware of an email privacy issue impacting our customers. We have identified the root cause and will be in touch with any users affected by the issue. See our blog for details: https://t.co/FNp2Fdyxdn
— BitMEX (@BitMEXdotcom) November 1, 2019
In its official statement released on Nov 1, the exchange acknowledges that some of its users have received a general user update email that contained the email address of other users as well.
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue,”
The mistake has been a stupid one. Instead of using the BCC (blind carbon copy), the person who must be an employee of the exchange CC'd the email to the users.
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk
— Jake Chervinsky (@jchervinsky) November 1, 2019
“This kind of thing is a *massive* privacy breach with potentially serious consequences — the last thing a derivatives exchange needs to deal with during a CFTC investigation. This can't possibly be intentional.”
Now, all BitMEX users are recommended to change their email address and take extra precaution by enabling 2FA for their email service.
Cryptocurrency exchange OKEx also recommended the affected users to change their email addresses if they use the same login on OKEx.
If you are affected and have an OKEx account with the same email login, we recommend that you change your email for security reasons. Email change requests will be prioritized during this time.
— OKEx (@OKEx) November 1, 2019
This isn't the first time something like this has happened. A few months ago, the leading cryptocurrency exchange Binance revealed that some of know-your-customer (KYC) documents of its users, stored with a third party, were stolen and made public. The exchange offered a reward of 300 BTC for information on the hacker.
BitMEX Email Blunder – UPDATE
Email Leak Update: After the email mishap, trader and crypto enthusiast @TheCrypt0Mask ran a search on the leaked BitMEX emails that got him a hit on 229 ones while others have already started exploiting this mishap to shill reference links.
Unsurprisingly the exposed Bitmex mail list is being used for referral link shilling, because well it's a list of degenerate gamblers. pic.twitter.com/BJGc2ViREa
— WhalePanda (@WhalePanda) November 1, 2019
Meanwhile, Bitmexdatabaseleak, who joined Twitter on Nov. 1 just to announce “Whose account do we leak next?” is claiming to be behind this blunder.
There is no clarification of the account behind this but he/she/they have been trying to convince with tweets like:
However, the leak reportedly has been an accident that used carbon copy instead of blind carbon copy.
BitMEX Twitter Hack/Troll: On another note, according to the screenshots shared on Twitter, BitMEX might have lost control of its Twitter account as well.
Stay safe guys. pic.twitter.com/2IXufUPtkl
— Crypto Rand (@crypto_rand) November 1, 2019
These tweets other users claim to have been deleted shortly after so there is no evidence of the same on BitMEX’s official account.
BitMEX however, took to Twitter to reassure its users stating, “while the trolls may target our Twitter account, you may rest assured that all funds are safe.”
Withdrawal Disabled Update: Bitcoin investor and crypto trader Alistair Milne took to Twitter to share that amidst the ongoing chaos withdrawals on the derivative exchange has been disabled.
BitMex withdrawals disabled
— Alistair Milne (@alistairmilne) November 1, 2019
We will keep you updated as the story develops.