Back to the list

BitMEX Accidentally Sends Out User Emails Raising Security Concerns

www.cryptoglobe.com 04 November 2019 11:32, UTC
Reading time: ~3 m

Crypto exchange BitMEX accidentally sent out user email addresses, raising concern over the exchange’s security.

On Nov. 1, BitMEX sent out multiple emails containing a list of clients addresses in the “to” field, marking one of the biggest security gaffs in crypto exchange history.  Twitter users were quick to alert the community about the exchange’s mistake, posting screencaps of the emails to warn other clients that their addresses may have been compromised. 

looks like bitmex just fucked up big time.....

I'd reccomend people change their bitmex account email addresses, (atleast ensure you have 2fa enabled and change the password, your email address is now compromised and hackers may use databases and similar passwords to hack) pic.twitter.com/cLKTS35aDU

— Crypto Loomdart (@loomdart) November 1, 2019

One Twitter user claimed to have received the erroneous email three times in the span of two minutes. 

I received this not once, not twice, but 3 times within 2 minutes! Thanks for spreading my email to as many people as possible @BitMEXdotcom.

— Emptybeerbottle (@Fullbeerbottle) November 1, 2019

Because client emails are used for logins, BitMEX’s security has now come under question. The general consensus is that users of the exchange should change their account email address immediately, including updating their password and ensuring they have two-factor-authentication enabled. 

BitMEX addressed the error in an official blog post published Nov. 1.

According to the exchange, user emails were revealed as the result of a software error that has reportedly been fixed. BitMEX says that no other personal data was compromised, 

BitMEX takes the privacy and security of our users very seriously. Rest assured that in this instance, beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent. The error which has caused this has been identified and fixed, ensuring our usual high standards of privacy are upheld.

The exchange published a list of steps for clients that may have been affected by the erroneous emails, including being on the lookout for phishing attempts and utilizing a two-factor authenticator. 

Despite BitMEX addressing the issue, not everyone in the community of crypto is pleased with their handling of the situation.  Larry Cermak explained the severity of BitMEX’s screwup, 

There is already a 30k email dump selling on darknet. For any user that was involved in this leak, get ready for constant phishing attempts and emails from competitors. Be careful

— Larry Cermak 🦁 (@lawmaster) November 1, 2019

He also chastised BitMEX for complicating the process of users’s switching their email addresses by making them complete an ID verification. 

What's perhaps the most ridiculous is that BitMEX is currently requiring users to complete an ID verification in order to change their email address. No idea why. I'd recommend just burning that account and starting a new one with a burner email.

— Larry Cermak 🦁 (@lawmaster) November 1, 2019

As if the situation was not bad enough for BitMEX, the exchange’s official Twitter account was also briefly hacked on Nov. 1 

As if it was not enough, @BitMEXdotcom twitter account was also briefly compromised... pic.twitter.com/FeyGletKOU

— Larry Cermak 🦁 (@lawmaster) November 1, 2019

Changpeng Zhao, CEO of rival crypto exchange Binance, weighed in on the situation recommending that all crypto users create a unique email address for each trading platform, thereby protecting themselves in the event of a compromise. 

Use a unique email address and unique password for each exchange. Use a password manager to remember the strong passwords for you. https://t.co/hWjDldPRLN

— CZ Binance (@cz_binance) November 1, 2019

Featured Image Credit: Photo via Pixabay.com

Back to the list