BitMEX Observes Increase in Attacks on Accounts, Stresses Security Measures

Published at: June 11, 2019

This article has been updated to correct that BitMEX is not Hong Kong-based.

Peer-to-peer (P2P) cryptocurrency exchange BitMEX has reported an influx of attacks on user account credentials, according to an official blog post on June 11.

In addition to covering a litany of best practices for user security, the cryptocurrency exchange stressed the importance of using two-factor authentication (2FA) in particular. The report summarizes 2FA as follows:

“2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.”

According to BitMEX, research at Google has shown that virtually all attempts to steal account credentials can be prevented by enabling 2FA. BitMEX concurred that 2FA is the best way to prevent such attacks, and is considering making 2FA authentication mandatory on its platform.

BitMEX also noted that compromised accounts on the exchange are typically associated with weak or reused passwords, hacked emails, or computers infected with malware. Additionally, the exchange discovered some new tactics being deployed in these account hacks, and have updated its policies accordingly.  

First, there is no longer an option to disable email notifications about account logins, since hackers were disabling these notifications in order to further hide their tracks. Second, withdrawal requests must now be verified by email, since attackers were making API keys with the hacked accounts, which could be used on their own to authenticate withdrawals.

As previously reported by Cointelegraph, United States-based crypto exchange Kraken made 2FA mandatory for its platform at the end of March. According to Kraken’s announcement, 2FA has been optional on the platform since its inception in 2013. The exchange particularly supports 2FA programs Google Authenticator and YubiKey, as per the announcement.

Tags
Api
P2P
Related Posts
Binance KYC Breach — Did It Happen, and If So, Who’s to Blame?
On Aug. 7, Binance, the world’s largest cryptocurrency exchange (by daily trade volume), fell victim to a hacking scandal that saw the miscreant allegedly gain possession of a huge chunk of the firm’s Know Your Customer (KYC) data (10,000+ personal photos). The hacker is reportedly demanding a total of 300 Bitcoins (worth around $3.5 million) from the exchange, or else he or she will release all of the data. Also, it bears mentioning that upon commencing his activities, the hacker set up a couple of dedicated Telegram groups (which have since been shut down) that allegedly featured a lot of …
Altcoin / Aug. 10, 2019
Ransomware Gangs Are Teaming Up to Form Cartel-Style Structures
Recent ransomware attacks from well-known cybercriminal groups have been suggesting that gangs are forging cartel-style alliances to pressure their respective victims to pay the ransom requests. Cointelegraph has obtained access to what seems to be a darknet site that belongs to the Maze group. On the site, Maze has been leaking stolen data beginning sometime after Sunday. The central feature to highlight is that the gang notes that Ragnar Locker, another ransomware group, provided the info, as the title of the blog post says: “MAZE CARTEL Provided by Ragnar.” Some of the victims listed are United States-based companies. Speaking with …
Bitcoin / June 9, 2020
Crypto Advertisement Still Unwelcome, How Is the Industry Coping?
The United Kingdom’s Advertising Standards Authority (ASA) recently resolved a complaint regarding advertising of Bitcoin (BTC) from the BitMEX crypto derivatives exchange. According to the ASA, the website showed Bitcoin graphs with misleading price dynamics since January 2019. The ASA received four complaints, each accusing the platform of being misleading about Bitcoin investment profitability. The court satisfied the complaints. However, this was not the first time that a state took a tough attitude toward advertisement of cryptocurrencies. Here is an overview of how cryptocurrencies are advertised — or not — in the world right now. Ban, no freedom The first …
Bitcoin / Aug. 28, 2019
LocalBitcoins Imposes Restrictions on Iranian Accounts
Major peer-to-peer cryptocurrency exchange LocalBitcoins.com has banned users living in Iran, according to their website as of today, May 24. Screenshot of LocalBitcoin Iranian page as of press time A source had previously told Cointelegraph in an email that the impetus for restricting Iranian transactions is to comply with financial regulations in Finland, where the headquarters of LocalBitcoins.com is located. Moreover, exchanges are purportedly cutting off Iranian users due to sanctions previously imposed on other exchanges by the United States. Major crypto exchanges Coinbase and Binance do not currently support users living in Iran. One of the purported advantages of …
United States / May 24, 2019
Ethereum Classic 51% Attackers Allegedly Returned $100,000 to Crypto Exchange
The Ethereum Classic 51 percent attacker has reportedly returned $100,000 to cryptocurrency exchange Gate.io, a post on the official exchange’s blog reports on Jan. 12. The company further noted that they tried contacting the attacker but didn’t get any reply until now, and that they do not know the reason why the funds have been returned. The exchange declared: “If the attacker didn't run it for profit, he might be a white hacker who wanted to remind people the risks in blockchain consensus and hashing power security.” A white hat hacker is a hacker with a strong professional ethic who …
Altcoin / Jan. 13, 2019