28.03.2024

Crypto Traders Rush to Revamp Their Security After Bitmex Dox

Exchanges such as Binance have already advised their users to modify email addresses if they were also linked to Bitmex. The blunder is a stark reminder to traders to use a unique email address and password for each platform, utilizing a password manager if needed.

The world’s largest crypto derivatives exchange Bitmex has accidentally doxed tens of thousands of its users. An email newsletter concerning forthcoming updates to Bitmex indices CC’d a large proportion of the company’s mailing list, exposing the addresses of its users to the public.

In a second embarrassment, Bitmex had its Twitter account hacked shortly afterward.

Bitmex Suffers a Day of Reckoning

It’s been a rough 24 hours for derivatives exchanges. Shortly before Bitmex CC’d in its mailing list, Deribit was forced to reimburse traders who were liquidated due to an error in its price index. Bitmex users are now being urged to change their details, with hackers and phishers certain to try and crack the leaked email addresses, many of which are likely to be tied to accounts on different crypto exchanges. The leaked and then aggregated Bitmex database is now up for sale on the darknet.

The PR disaster was compounded when Bitmex’s official Twitter handle was briefly compromised, with tweets reading “Hacked” and “Take your BTC and run. Last day for withdrawals.”

Crypto Traders Rush to Revamp Their Security After Bitmex Dox

In a statement, Bitmex cited a software error as the cause of the email breach, and stressed that, beyond email addresses, “no other personal data or account information have been disclosed and no further emails have been sent.” The statement also urged users to add official Bitmex email addresses to their contact lists and ensure Two-Factor Authentication (2FA) for all their accounts.

Tens of Thousands of Addresses Exposed

Bitmex deputy COO Vivien Khoo said that while the email was sent to the majority of Bitmex users, not all were affected. According to skew.com, the exchange – which operates out of Seychelles – has 22,000 average daily users. Larry Cermak said on Twitter that “30,000 unique emails in total” were jeopardized.

In the aftermath of the leak, Twitter was aflame with panicked users, some enquiring how to delete their Bitmex account and others claiming to have already received crypto spam emails. There was further anger when it emerged that Bitmex requires users to undergo full KYC, including a selfie with their ID and the word “Bitmex”, in order to change their email address.

The email breach does not come at a good time for Bitmex, which is reportedly being probed by the U.S. Commodity Futures Trading Commission (CFTC) over whether it permits U.S. traders to use its platform. Armed with thousands of user email addresses, the CFTC may well step up its investigation.

The reputational and regulatory cost of the blunder is still to be counted. In the interim, neglecting to use blind copy on a mass email has given Bitmex and its normally ebullient CEO Arthur Hayes pause for thought.

bitcoin.com

Leave a Reply

Your email address will not be published. Required fields are marked *