The 1st day of November did not go as planned for BitMEX, that’s for sure. In one fatal mistake, the platform revealed a large chunk of its users when sending out an email to their mailing list. The short story: due to an error, the recipients were entered into the CC line instead of the BCC line, which would have kept the email addresses confidential. As for the long version – keep on reading!
What does the official statement have to say?
In an attempt to remedy the situation, the webmasters published a post about it on the official BitMEX blog. Among other things, they said they are still trying to get to the root of the problem and identify the reasons that led to this unfortunate series of events. They also noted they will be contacting their user base about it.
How many users were affected?
According to the words of Vivien Khoo, deputy COO at BitMEX, the majority of the users were affected, with the exact numbers still being a mystery.
Who is to blame?
It seems like human error was not to blame for this one – the addresses being entered into the wrong place was due to a misconfigured script that was used for sending out the emails.
Their Twitter account got compromised as well
Unfortunately, revealing the email addresses of so many of their users seems to be the least of their worries. Roughly around the same time it happened, their Twitter account had gone out of hand due to being compromised. They’ve already deleted the weird tweet that warned their users to “take their crypto money and run”, but according to the Twitter archive, this is exactly what happened.
In an effort to de-escalate the panic and calm down their users, they posted a tweet of their own afterward, reassuring them there is no reason to worry and that their funds are in safe hands. They also blamed the trolls for sending out the controversial message.
Is there a reason to panic?
Due to events that transpired, it’s hard to speak in the company’s favor. While true that no funds were stolen from their users, the platform now has a stain that’s going to be quite difficult to wash away, even as time goes on.
In other words, even though no funds were stolen, tons of email addresses were revealed to the general public and it doesn’t take long to start worrying about potential phishing attacks they are now at an increased likelihood to be targeted with. That’s not to mention the brute-forcing attempts, malware campaigns, and all the other consequences that can follow.
Another reason to worry about is that, now that the hackers know these email addresses, cross-referencing them with other email dumps in an effort to gain unauthorized access to user accounts is on the table as well.
Other cryptocurrency platforms have already responded
Since many people tend to use the same email address for other web platforms similar to BitMEX, in a way, these platforms are in danger as well. Binance, for example, sent a warning to their users, prompting them to change their registered email address immediately if they’re also registered at BitMEX. The latter has responded as well and disabled all withdrawals, with changing the email address being the condition for enabling them again for any given user.
What can the users do to shield their privacy and funds?
Apart from following the recommended cybersecurity practices like coming up with a strong password, there is little that can be done if one has chosen to trust the wrong service provider. Therefore, doing your due diligence is a must. If there’s a new kid on the block, it’s best to steer clear until the provider develops at least a somewhat favorable reputation online.
Then there is the school of thinking that no online wallets or marketplaces are 100% safe. In that spirit, it’s probably best to stick to hardware wallets exclusively if you’re concerned. Or, better yet, split your crypto funds between multiple different wallets. That way, even if something were to happen to any one of them, you’d still have the other ones to fall back on. Putting it another way, it’s the concept of not carrying all of your eggs in one basket (applied to the digital world). You get the idea.
Don’t forget to follow the industry blogs to see how it all pans out
Be sure to subscribe to a crypto blog here or another example of your choice to stay in tune with the latest crypto news, stories, and various tips to get the most of your crypto money’s worth. As for the BitMEX mess up, we’ll see how much of an impact this will end up having on their user base and the company’s image. If there’s anything to be learned, it’s probably this: never let a script run its course without testing it in a safe environment first (especially if sensitive user data is at stake).