The world’s largest crypto derivatives exchange Bitmex has accidentally doxed tens of thousands of its users. An email newsletter concerning forthcoming updates to Bitmex indices CC’d a large proportion of the company’s mailing list, exposing the addresses of its users to the public. In a second embarrassment, Bitmex had its Twitter account hacked shortly afterward.
Also read: ECB President: ’We Should Be Happier to Have a Job Than to Have Our Savings Protected’
Bitmex Suffers a Day of Reckoning
Bitmex users are being urged to change their details, with hackers and phishers certain to try and crack the leaked email addresses, many of which are likely to be tied to accounts on different crypto exchanges.
Exchanges such as Binance have already advised their users to modify email addresses if they were also linked to Bitmex. The blunder is a stark reminder to traders to use a unique email address and password for each platform, utilizing a password manager if needed.
The PR disaster was compounded when Bitmex’s official Twitter handle was briefly compromised, with tweets reading “Hacked” and “Take your BTC and run. Last day for withdrawals.”
In a statement, Bitmex cited a software error as the cause of the email breach, and stressed that, beyond email addresses, “no other personal data or account information have been disclosed and no further emails have been sent.” The statement also urged users to add official Bitmex email addresses to their contact lists and ensure Two-Factor Authentication (2FA) for all their accounts.
⚠️We are aware of a large-scale user email leak from another exchange.⚠️
If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email immediately using the below steps:https://t.co/sgEr5sqleg
Tens of Thousands of Addresses Exposed
Bitmex deputy COO Vivien Khoo said that while the email was sent to the majority of Bitmex users, not all were affected. According to skew.com, the exchange – which operates out of Seychelles – has 22,000 average daily users. Larry Cermak said on Twitter that “30,000 unique emails in total” were jeopardized.
In the aftermath of the leak, Twitter was aflame with panicked users, some enquiring how to delete their Bitmex account and others claiming to have already received crypto spam emails in the wake of the leak. There was further anger when it emerged that Bitmex requires a user to undergo full KYC, including a selfie with their ID and the word “Bitmex” in order to change their email address.
Well not a good day for @BitMEXdotcom pic.twitter.com/WmZTpRkr3d
— WhalePanda (@WhalePanda) November 1, 2019
The email breach does not come at a good time for Bitmex, which is reportedly being probed by the U.S. Commodity Futures Trading Commission (CFTC) over whether it permits U.S. traders to use its platform. Armed with thousands of user email addresses, the CFTC may well step up its investigation.
The reputational and regulatory cost of the blunder is still to be counted. In the interim, neglecting to use blind copy on a mass email has given Bitmex and its normally ebullient CEO Arthur Hayes pause for thought.
We would like to reassure our users that while the trolls may target our Twitter account, you may rest assured that all funds are safe.
— BitMEX (@BitMEXdotcom) November 1, 2019
Do you think the email leak will permanently damage Bitmex’s reputation? Let us know in the comments section below.
Images courtesy of Shutterstock.
Did you know you can verify any unconfirmed Bitcoin transaction with our Bitcoin Block Explorer tool? Simply complete a Bitcoin address search to view it on the blockchain. Plus, visit our Bitcoin Charts to see what’s happening in the industry.
The post Crypto Traders Rush to Revamp Their Security After Bitmex Dox appeared first on Bitcoin News.
Source: Bitcoin.com