Online safety has never been as important as it is today, and users of the crypto derivatives exchange platform BitMEX, more than anyone, know that they should update their security preferences as soon as possible given the most recent events.
On Friday evening, more precisely at 8:00 UTC, the exchange let its customers know via a blog post and a tweet that it had incurred in an accident: it revealed the email address of a sizable portion of its users in the CC:field.
The episode was unfortunate because it could expose many people to phishing attacks: spammers and companies with this in mind likely beefed up their email address databases thanks to BitMEX’s data slippage.
Adding the Platform’s Support Email
Feeling responsible for what happened, BitMEX prompted users to add the platform’s support email to their contact lists in order to reduce the number of phishing emails, whilst also asking to add two-factor authentication (2FA) as an extra security measure.
According to the exchange, a bug was responsible for the mishap. The firm’s blog post read that “the error which has caused this has been identified and fixed,” but damage was inflicted and people are now worried about the safety of their data and information.
“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users. Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact,” the company explained in the blog.
The platform’s deputy COO, Vivien Khoo explained to a specialized crypto news site that most of the exchange users got an email with the email addresses of fellow users in the “to” field, which was a “general email update” regarding changes to the weighting of their indices. She stated that the company is “sorry” about what happened, and explained that the problem was originated by an “error in the software used to send emails.”
Besides the users’ email addresses, no other important bits of personal data were disclosed in the episode.
“BitMEX takes the privacy and security of our users very seriously. Rest assured that in this instance, beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent,” they wrote.
No Stranger to Controversy
The unwanted reveal of the users’ email addresses is, sadly, not the first time that BitMEX has been in the news for the wrong reasons. The exchange is, according to report, being probed by an American financial watchdog (the Commodity Futures Exchange Commission, or CFTC) over whether it has let United States-based traders to use its ecosystem.
The issue is explained by the platform’s geo-block, which is used to prevent users from specific countries (including those in the United States of America) from having access to the site and the services offered. The use of Virtual Private Networks, or VPNs, as anonymizers has allowed users to circumvent the geo-block and enter the platform whilst being in the USA.
BitMEX is worldwide known as one of the most prominent crypto derivatives markets. It is famous around the industry for its leverage rates of up to 100x. It operates in the Seychelles islands. Its largest offering to the user base is the XBT/USD trade pair, which had a $2.8 trading volume in the last day, per data from CoinGecko.
By Andres Chavez