Things have gone from bad to worse for BitMEX today as a mass leak of user emails has seemingly turned into a full-blown crisis for the world’s most significant bitcoin trading platform.
As CCN.com reported, the maligned derivatives trading platform came under intense scrutiny after it leaked thousands of users’ email addresses. The compromise was revealed by a pseudonymous Twitter user named “@sakuraricebird.”
The leak was apparently due to blatant incompetence. The exchange purportedly forgot to use blind carbon copy (bcc) to send an email. Instead, an email addressed to the entirety of subscribed users exposed a trove of personal information, creating a data protection nightmare for the exchange.
This, as it turns out, was just the beginning of the horror story. Several hours later, the official BitMEX Twitter account began posting a series of strange messages, including one that warned users to “take your BTC and run.”
For most observers, this was a clear sign of a compromise. Supposedly, according to crypto trader, @IamNomad, the Twitter “hack” was actually just a parting shot from the disgruntled former BitMEX employee responsible for the email leak.
As if this wasn’t enough, shortly after the ominous Twitter “hack,” users started reporting that withdrawals had been disabled.
Alistair Milne, CIO of Altana Digital Currency Fund, was among the first to note this.
Others, however, started relaying conflicting reports, suggesting that withdrawals were still operational. Milne later clarified on this point, adding:
“[disabled withdrawals] only applies to those who changed security settings or password following the email leak.”
As it stands, there is still a fervor of panic washing over the crypto community about whether more revelations could follow. For now, only the Twitter account of BitMEX has been exploited for sure.
Worryingly, however, there has been a further rumor – albeit unsubstantiated – of BitMEX hackers springing up in the wake of the leaks. According to one bitcoin advocate known as @ameero1, there is already a BitMEX “hack group” on Telegram, which has allegedly appropriated 113 BTC by cracking the passwords associated with the leaked emails.
While the aforementioned could easily be an elaborate troll, one crypto whitehat, dubbed @TheCrypt0Mask, apparently uncovered almost 200 passwords from BitMEX affiliated emails.
As of writing, no reports of BitMEX exploits have been corroborated. Regardless, the incident serves as yet another important reminder: not your keys, not your bitcoin.
Last modified: January 11, 2020 2:31 PM UTC