Bitcoin
$61,719.92-3.95%
Ethereum
$3,016.80-3.16%
Binance Coin
$549.86+0.50%
Solana
$134.75-4.63%
XRP
$0.49646744-0.72%
Dogecoin
$0.14857572-6.36%
Toncoin
$6.04-8.43%
Cardano
$0.44994132-3.12%
Shiba Inu
$0.00002212-3.39%
Avalanche
$34.30-2.92%
Tron
$0.10991633-3.06%
Wrapped Bitcoin
$60,368.92-6.22%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Consensus 2024Price Increase Extension Ends In
02
DAYS
14
HR
47
MIN
09
SEC
Markets

BitMEX Exchange Exposes User Base in Email Mishap

A general email update exposed addresses of possibly up to 22,000 users Friday morning.

By William Foxley
AccessTimeIconNov 1, 2019 at 12:29 p.m. UTC
Updated Sep 13, 2021 at 11:39 a.m. UTC
Arthur Hayes, former CEO of BitMEX

Arthur Hayes, former CEO of BitMEX

10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

If you have an account with crypto derivatives exchange BitMEX, there's never been a better time to update your security preferences.

On Friday at 08:00 UTC, BitMEX alerted its clientele via blog and Twitter that it had accidentally revealed many of its user's email addresses in the CC: field.

The unfortunate email also opens users up to targeted phishing attacks, as  anyone obtaining the email has a portion of what's needed to access the account login.

BitMEX has now asked customers to add BitMEX's support email to their contact lists to decrease phishing emails along with adding 2-factor authentication (2FA). The exchange appeared to suggest a bug caused the incident, saying on the company blog: "The error which has caused this has been identified and fixed."

“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users,” they said on the blog. “Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact.”

In a statement to CoinDesk, BitMEX Deputy COO Vivien Khoo said:

Earlier today, the majority of our users received an email containing the email addresses of other users in the ‘to’ field. This was a general email update about upcoming changes to the weighting of our indices.

We are deeply sorry for the concern this has caused to our users. The issue was caused by an error in the software used to send emails. As soon as we were made aware of the issue, we immediately prevented further emails from being sent and have since addressed the issue to ensure this does not happen again.

BitMEX takes the privacy and security of our users very seriously. We are working around the clock to establish communication with all our users to provide any assistance and to ensure the continued safety of their account.

Beyond email addresses, at no point during this issue has any personal data or account information been disclosed.

According to data tweeted by data analytics firm Skew, BitMEX has around 22,000 users daily.

The mishap adds to the woes of the exchange, which is also reportedly being probed by the U.S. Commodity Futures Exchange Commission (CFTC) over whether it has allowed U.S. traders to use its platform. BitMEX geo-blocks multiple countries from participating on its exchange, including the United States, although some users may have jumped the fence by using virtual private networks (VPNs).

One of the largest crypto derivatives markets, known for its leverage rates of up to 100x, BitMEX operates out of Seychelles. Its largest product, the XBT/USD trade pair, had a 24-hour trade volume of $2.8 billion as of press time according to CoinGecko.

BitMEX CEO Arthur Hayes image via CoinDesk archives

---------

UPDATE (1, November 18:00 UTC): This story was updated to include a statement to CoinDesk from BitMEX Deputy COO Vivien Khoo.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.