How many times must it be said? If you’re going to run a cryptocurrency exchange, you must make sure that you’re using top-rated security measures to keep everyone safe. This is what BitMEX, based in Seychelles, Africa, is learning right about now.
BitMEX Under Fire
BitMEX was compromised over the weekend, leading to all its customers’ email addresses being exposed. The good news is that this is one of the few instances of a crypto exchange being compromised where money is not taken. That much can be said, but with so many private means of communication out in the open, this presents a serious hazard to the exchange’s traders.
The primary fault lies in the hands of BitMEX itself, which ultimately exposed the email addresses on its Twitter page which was then compromised. If the email addresses hadn’t wound up on social media in the first place, there’s a good chance customers’ data might have stayed private. As it stands, however, a real invasion is going on.
Representatives issued a statement explaining that they had attempted to BCC its customers on a newsletter it was putting out, though ultimately, they all wound up being CC’d. While this doesn’t necessary explain the Twitter fiasco, customers were able to see the private addresses of other clients who may not have wanted that data exposed. An official statement reads:
We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users. Our team has acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.
Since first informing users of the problem, BitMEX representatives say that a “bug” is at fault and that the problem is resolved. Unfortunately, the problems aren’t ending there for the exchange. Jake Cervinsky, the general counsel at Compound Finance, explained that the company is presently under investigation by the United States Commodity Futures Trading Commission (CFTC) for allowing American traders to take advantage of its service without licenses.
Things Could Have Been Worse
This kind of thing is a massive privacy breach with potentially serious consequences. [It’s] the last thing a derivatives exchange needs to deal with during an CFTC investigation.
Still, however, one does have to look at the bright side. While emails may have been exposed, it does not appear that any money has been taken at press time, nor are customers reporting theft of any kind. With all these customers’ funds locked away in the exchange, one must admit that things could have gone much worse.