BitMEX on User Info Leak: No Data Was Disclosed Beyond Emails

Published at: Nov. 4, 2019

BitMEX, the biggest crypto exchange by trade volume to date, says that no other data except email addresses has been disclosed in a recent email leak.

“At no point were any of our core systems at risk”

After the first reports on the accident on Nov. 1, BitMEX released an official statement on the issue Nov. 4, emphasizing that no personal or account information has been disclosed beyond email addresses.

Apologizing for the concern caused by the leak, the exchange added that none of BitMEX’s core systems were at risk at any point.

BitMEX has not sent mass emails since 2017

In the post, written by the firm’s deputy COO Vivien Khoo, BitMEX confirmed that the recent email leak took place on Nov. 1 and was a result of a failure in the company’s internal bulk email service. 

BitMEX stressed that they only send mass emails to all users on a rare occasion and only when absolutely necessary, claiming that the exchange has not sent any bulk emails since 2017.

As such, BitMEX elaborated that the BitMEX Indices Update was important enough to be included in a mass email to customers. “It will impact pricing of all of our products — that we felt it necessary to inform all our users about it,” BitMEX explained.

The exchange further admitted that there was a desire to speed up the delivery of emails as BitMEX found out that the initial send request would have taken up to 10 hours to complete. Instead, the exchange preferred to ensure that customers received the same information “on a more reasonable timescale.”

After the exchange discovered the leak, BitMEX immediately stopped further emails from being sent and initiated a number of measures to mitigate the damage such as forced password resets for all users with balances and without two-factor authentication.

Twitter hack was unrelated, BitMEX says

In the post, BitMEX also mentioned hackers taking over the company’s Twitter right after the email leak issue on Nov. 1. The exchange said that the Twitter accident was unrelated to this action, stating that the account was back under BitMEX control within 6 minutes.

Following the news, lawyer and general counsel at decentralized finance startup Compound Finance Jake Chervinsky outlined that Know Your Client regulatory compliance often exposes the public to hacking, phishing and identity theft risks.

Tags
Related Posts
Binance KYC Breach — Did It Happen, and If So, Who’s to Blame?
On Aug. 7, Binance, the world’s largest cryptocurrency exchange (by daily trade volume), fell victim to a hacking scandal that saw the miscreant allegedly gain possession of a huge chunk of the firm’s Know Your Customer (KYC) data (10,000+ personal photos). The hacker is reportedly demanding a total of 300 Bitcoins (worth around $3.5 million) from the exchange, or else he or she will release all of the data. Also, it bears mentioning that upon commencing his activities, the hacker set up a couple of dedicated Telegram groups (which have since been shut down) that allegedly featured a lot of …
Altcoin / Aug. 10, 2019
BitMEX Investigating ‘Extent of Impact’ After Mass Email Leak
Crypto derivatives exchange BitMEX has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email. The incident was acknowledged by BitMEX in an official statement published today, Nov. 1. Cointelegraph’s editorial team in Japan have independently revealed that a staff member was the recipient of the BitMEx newsletter in question. “Outrageously incompetent” In a tweet posted on Nov. 1, crypto-focused lawyer Jake Chervinsky characterized BitMEX’s accidental public sharing of user email data as a simple error committed in the “outrageously incompetent way imaginable.” Concerned community members have pointed out that the leak makes BitMEX account …
Bitcoin / Nov. 1, 2019
Website Compiles List of KYC-Free Exchanges, Along With Some Warnings
A new website seeking to compile an active list of every cryptocurrency exchange that welcomes traders in some capacity without forcing them to hand over personal information through know-your-customer, or KYC, verification. Kycnot.me is only concerned with exchanges that support Bitcoin (BTC) or Monero (XMR), asserting that BTC is the largest crypto asset with the most adoption and XMR offers the strongest privacy protections. Website tracks KYC-free crypto exchanges The website currently lists 14 KYC-free trading platforms, many of which offer a peer-to-peer marketplace for crypto assets. However, the site has listed warnings concerning more than half of the exchanges …
Bitcoin / June 13, 2020
Noncustodial Technology and Security Is the Inevitable Future
In an increasingly digital world, security is a high-stakes game. The identities of customers along with their privacy and financial information are all in the hands of centralized security systems. We are reliant on these systems, and even though security plays a critical role in our lives, we rarely stop to think about the consequences of these systems failing us. Yet those who trade financial assets like cryptocurrencies think about these consequences all the time. Why? The risk of violations of our financial sovereignty coupled with the potential of theft without an option to recover are two big reasons why …
Decentralization / July 31, 2020
Cryptocurrency Exchange BitMEX Enables Native SegWit Support
Cryptocurrency exchange BitMEX added support for native segregated witness (SegWit) addresses for Bitcoin (BTC) withdrawals, which lets users pay lower transaction fees. According to an announcement on Dec. 12, BitMEX now allows its users to withdraw Bitcoin to Bech32 addresses, the one that natively supports the segregated witness standard. Bitcoin address formats As the announcement explains, the Bitcoin network currently supports three address formats. The first one — Bitcoin’s original address format — is pay to public key hash (P2PKH), which starts with a 1. The second format is the pay to script hash (P2SH), which allows users to send …
Blockchain / Dec. 12, 2019