BitMEX Accidentally Sends Out User Emails Raising Security Concerns

Michael LaVere
  • BitMEX compromised user email addresses as the result of a software error on Nov. 1.
  • Users are being warned to update their address and password and enable 2FA. 

Crypto exchange BitMEX accidentally sent out user email addresses, raising concern over the exchange’s security.

On Nov. 1, BitMEX sent out multiple emails containing a list of clients addresses in the “to” field, marking one of the biggest security gaffs in crypto exchange history.  Twitter users were quick to alert the community about the exchange’s mistake, posting screencaps of the emails to warn other clients that their addresses may have been compromised. 

One Twitter user claimed to have received the erroneous email three times in the span of two minutes. 

Because client emails are used for logins, BitMEX’s security has now come under question. The general consensus is that users of the exchange should change their account email address immediately, including updating their password and ensuring they have two-factor-authentication enabled. 

BitMEX addressed the error in an official blog post published Nov. 1.

According to the exchange, user emails were revealed as the result of a software error that has reportedly been fixed. BitMEX says that no other personal data was compromised, 

BitMEX takes the privacy and security of our users very seriously. Rest assured that in this instance, beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent. The error which has caused this has been identified and fixed, ensuring our usual high standards of privacy are upheld.

The exchange published a list of steps for clients that may have been affected by the erroneous emails, including being on the lookout for phishing attempts and utilizing a two-factor authenticator. 

Despite BitMEX addressing the issue, not everyone in the community of crypto is pleased with their handling of the situation.  Larry Cermak explained the severity of BitMEX’s screwup, 

He also chastised BitMEX for complicating the process of users’s switching their email addresses by making them complete an ID verification. 

As if the situation was not bad enough for BitMEX, the exchange’s official Twitter account was also briefly hacked on Nov. 1 

Changpeng Zhao, CEO of rival crypto exchange Binance, weighed in on the situation recommending that all crypto users create a unique email address for each trading platform, thereby protecting themselves in the event of a compromise. 

Featured Image Credit: Photo via Pixabay.com