BitMEX, a leader in the crypto derivatives and exchange business is amidst a huge predicament right now. The derivatives giant has just leaked the identities of hundreds of its clients in something that seems to be a huge mistake on its part.
The incident was first recorded on November 1, after many users received an email regarding an update from BitMEX. Customers soon realized that they could view the email addresses of other users as well when they checked the Carbon Copy [CC] of the email. The news spread like wildfire after Jake Chervinsky, a well-known lawyer in the crypto industry, took to twitter and shared a tweet from one of the BitMEX customers. He said:
“BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already.“
The problem here according to many was that that person in charge of sending this email listed all the email address in Carbon Copy [CC] instead of blind carbon copy [BCC]. This incident started drawing a lot of attention and the cryptocurrency exchange was compelled to release a statement on their Website. The release said:
“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.
Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.
The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.”
The incident has triggered mild panic within the crypto community with many twitter users suggesting users change their email addresses immediately. Many other exchange platforms have also taken this into notice as well and raised their concerns. OKEx, another cryptocurrency exchange, released a statement asking its clients who use the same email for BitMEX and OKEx to immediately change it. The exchange tweeted:
“If you are affected and have an OKEx account with the same email login, we recommend that you change your email for security reasons. Email change requests will be prioritized during this time.”
Binance, the largest cryptocurrency exchange by volume also sent a tweet out warning its users:
“We are aware of a large-scale user email leak from another exchange. If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email.”
CEO of Binance, Changpeng Zhao, tweeted:
A leak of this nature could be a threat to your funds and could empty your wallets if the data falls in the wrong hands. When handling cryptocurrency it is very essential we take proper precautions in securing our funds. Below are some of the things one can keep in mind to enhance one’s privacy and security.
- Don’t keep your funds in an exchange, rather use a cold wallet. There are plenty of affordable options available in the market and can benefit you in the long run.
- Use a secure password and set up a password manager to save your passwords. Use different passwords for different accounts
- Set up your emails from secure email providers like Protonmail.
- Always use two-factor authentication (2FA) like Google Authenticator to secure your account. To further up the security a notch try to keep your authenticator on a phone that has no Sim card and is not connected to the internet most of the time.