Crypto Exchange Giant BitMEX Doxxes Thousands of Users’ Emails IDs
- BitMEX leaks customers’ data with a simple mistake.
- The crypto community condemns the incident.
- BitMEX is among the world’s biggest crypto derivatives exchanges.
Cryptocurrency exchange and derivates trading platform BitMEX is under fire after doxxing thousands of user email addresses.
BitMEX’s Data Leak
Today, a Twitter user with the handle @sakuraricebird shared several screenshots of official mass email coming from BitMEX. The images show the crypto derivates platform forgot to use the blind carbon copy (bcc) feature. Consequently, leaking thousands of email addresses belonging to its users.
— 桜文鳥 (@sakuraricebird) November 1, 2019
BitMEX immediately issued a statement about the general user update email that contained the email addresses of other users. The announcement reads:
“Our team has acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
BitMEX also apologized about the incident claiming that privacy is their number one priority.
“The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.”
The Crypto Community Reacts
In a tweet, the General Counsel at Compound Jake Chervinsky stated that BitMEX’s data leak was done in the most “outrageously incompetent way imaginable.”
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk
— Jake Chervinsky (@jchervinsky) November 1, 2019
According to Kevin McSheehan, co-founder and CEO at Envadr, the company may have leaked its entire database or perhaps most of it. Now, bad actors can use these email addresses and reference them with public breaches to associate them with universal passwords. This could allow them to break into email inboxes, exchange accounts, GitHub, Dropbox, or any other account, added Mcsheehan.
bitmex leaked their whole db.
what happens next:
all email addresses x-referenced w/ public breaches to associate universal passwords.
— kevin mcsheehan (@123456) November 1, 2019
As a result, Changpeng Zhao, CEO at Binance, advised customers to use unique email addresses and passwords. Zhao also recommended that users who have the same email address at BitMEX must change them immediately.
Use a unique email address and unique password for each exchange. Use a password manager to remember the strong passwords for you. https://t.co/hWjDldPRLN
— CZ Binance (@cz_binance) November 1, 2019
Along the same line, OKEX, a Malta-based cryptocurrency exchange, release a statement related to the issue. It advised customers to change their emails and passwords in case they were using the same credentials as in their BitMEX accounts. The firm also encouraged its support team to prioritize email change requests to help contain the issue from spreading further.
If you are affected and have an OKEx account with the same email login, we recommend that you change your email for security reasons. Email change requests will be prioritized during this time.
— OKEx (@OKEx) November 1, 2019
It remains to be seen the implication that this data leak will have on BitMEX, which is already involved in a legal probe. In mid-July Bloomberg reported that an investigation led by the U.S. Commodity Futures Trading Commission (CFTC) was open to determine whether BitMEX broke rules by allowing U.S traders onto its platform.