Simple Mistake With Large Consequences
The crypto sector sadly has its own Halloween horror story this weekend. Due to an accident by crypto derivatives exchange BitMEX, thousands of users’ emails were LEAKED in what should have been a normal update email.
Making this more frustrating for people, the mistake was a simple one that could have been avoided. Rather than putting the recipients’ email addresses in the “blind copy (Bcc)” field, the users’ addresses were included in the “to” field, meaning that thousands of emails are now exposed.
Many of the email addresses were made up of first and last names, so potential bad actors not only got someone’s email, but also their full name as well. This is where it becomes a major problem!
BitMEX made an announcement shortly afterwards on Twitter and its Website in an attempt to reassure its users, stating that the cause was a software issue.
“Earlier today, some of our users received an email which contained the email addresses of other users in the ‘to’ field. We apologise for the concern this communication may have caused. This was the result of a software error which has now been addressed.” – BitMEX Email Leak Announcement
Compromised users using the same email and passwords for BitMEX and multiple Website logins are urged to change their passwords, 2FA, and email addresses immediately.
The aftermath of this can get incredibly complicated. Not only have people’s data and accounts been breached, but it also raises concerns on just how secure people’s sensitive information is on cryptocurrency exchanges, which have largely been operating without any strict guidelines. Data breaches of people’s identification documents have also occurred in the not so distant past.
Hackers Running Wild!
The imbedded Tweet below shows a video explaining just how easy it is to gain access to a user’s account with just a email address…
Just woke up and threw on a robe. Forgive me for not being as beautiful as you’re used to. I haven’t even put on my face yet!#BitMex email leak, advice so you don’t get hacked.
Quick explanation on HOW an attacker can use this limited information. Easier than you think. pic.twitter.com/j3CGClJIb7
— Jesse Feinberg (Darth Crypto) (@ToolFreeCrypto) November 1, 2019
Sadly, hackers are seizing the opportunity to gloat! A BitMEX hack group on Telegram has appeared and is making claims of gaining access to accounts and ultimately stealing the users’ funds due to poor diligence in online security. This is mainly from using the same emails and passwords across different Website logins.
There is a Bitmex hack group on telegram already. They claim be cracking emails, have 113 bitcoin already and laughing at people who have profiles on dating sites with same email they have for exchanges pic.twitter.com/Nf9L0FILcj
— Ameero (@ameero1) November 1, 2019
BitMEX’s Twitter was also hacked for some time, compounding an already terrible situation.
In response to the incident, Binance has also issued warnings to its users that hold BitMEX accounts, which can have a knock-on effect of further breaches occurring.
“If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email immediately.” – Binance Twitter
This is an unfortunate reminder that cryptocurrency users and investors must be alert and take essential precautions to secure and have complete control over their funds. There are simple steps to protect your funds that can greatly reduce the chances of your security being compromised.
There is still no official announcement from BitMEX or CEO Arthur Hayes on whether users that have been affected will get compensated. As we speak, bad actors are using the leaked data to access other exchanges and logins, so expect more horror stories over the next few days…
This post is for educational purposes. All information used is referenced accordingly. This is not investment advice; please always do thorough research and only invest what you are willing to lose, especially in times of uncertainty.