Following a significant email data leak by BitMEX, the biggest crypto exchange by trade volume to date, the exchange has come about to say that no other data but the leaked emails were disclosed. The email leak sent some shudders down many crypto users spines as the fears were things could get a lot worse.
However, in assessing the damage, BitMEX seems to feel as if this mistake, while not ideal, was well contained and should not lead to further problems. In a post titled “Email Privacy Issue: What Is Happening And How Can We Help,” the exchange outlined what happened on November 1, who was affected, and what the exchange is doing to help, also adding some advice on what to do now as a BitMEX user.
According to the firm’s deputy COO Vivien Khoo, the email leak was a result of a failure in the company’s internal bulk email service. BitMEX stressed that they only send mass emails to all users on a rare occasion and only when absolutely necessary, claiming that the exchange has not sent any bulk emails since 2017.
Essentially, BitMEX felt the need to share the news of their Indices Update in a mass email, and with the initial send request scheduled to take upwards of 10 hours, the exchange changed tact ending in this email data lea,
What’s more, BitMEX also took this time to address the poorly timed hack of their Twitter attack that sent out a few tweets indicating that the exchnage was under attack and funds were gone. The exchange said that the Twitter accident was unrelated to this action, stating that the account was back under BitMEX control within 6 minutes.
BitMEX has attempted to own up and address the issue, but in the end, the damage was probably not as bad as it could have been or was first feared. In closing, they put forward some advice for the following days with regards to email security.
“Please be vigilant against phishing attempts. Emails from BitMEX are sent from “firstname.lastname@example.org” and “email@example.com.” We recommend adding these addresses to your contacts list. We will never ask for your password,” explained the exchange.
“Note that BitMEX will never ask you to transfer any funds. The only way to fund your BitMEX account is to send Bitcoin to your unique BitMEX deposit address. Your unique BitMEX deposit address will begin with “3BMEX” or “3BitMEX” and can be found on the deposit page of your BitMEX account.”
“Please take note of our official BitMEX communications channels. Only instructions provided via these avenues should be observed.”
“Protect your account by using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all of your accounts (both BitMEX and personal); and to use a password manager.”