Cryptocurrency exchange and derivates trading platform BitMEX is under fire after doxxing thousands of user email addresses.
Today, a Twitter user with the handle @sakuraricebird shared several screenshots of official mass email coming from BitMEX. The images show the crypto derivates platform forgot to use the blind carbon copy (bcc) feature. Consequently, leaking thousands of email addresses belonging to its users.
BitMEX immediately issued a statement about the general user update email that contained the email addresses of other users. The announcement reads:
“Our team has acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
BitMEX also apologized about the incident claiming that privacy is their number one priority.
“The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.”
In a tweet, the General Counsel at Compound Jake Chervinsky stated that BitMEX’s data leak was done in the most “outrageously incompetent way imaginable.”
According to Kevin McSheehan, co-founder and CEO at Envadr, the company may have leaked its entire database or perhaps most of it. Now, bad actors can use these email addresses and reference them with public breaches to associate them with universal passwords. This could allow them to break into email inboxes, exchange accounts, GitHub, Dropbox, or any other account, added Mcsheehan.
As a result, Changpeng Zhao, CEO at Binance, advised customers to use unique email addresses and passwords. Zhao also recommended that users who have the same email address at BitMEX must change them immediately.
Along the same line, OKEX, a Malta-based cryptocurrency exchange, release a statement related to the issue. It advised customers to change their emails and passwords in case they were using the same credentials as in their BitMEX accounts. The firm also encouraged its support team to prioritize email change requests to help contain the issue from spreading further.
It remains to be seen the implication that this data leak will have on BitMEX, which is already involved in a legal probe. In mid-July Bloomberg reported that an investigation led by the U.S. Commodity Futures Trading Commission (CFTC) was open to determine whether BitMEX broke rules by allowing U.S traders onto its platform.
This article was edited by Samburaj Das.