BitMEX Accidentally Sends Out User Emails Raising Security Concerns

Michael LaVere
  • BitMEX compromised user email addresses as the result of a software error on Nov. 1.
  • Users are being warned to update their address and password and enable 2FA. 

Crypto exchange BitMEX accidentally sent out user email addresses, raising concern over the exchange’s security.

On Nov. 1, BitMEX sent out multiple emails containing a list of clients addresses in the “to” field, marking one of the biggest security gaffs in crypto exchange history.  Twitter users were quick to alert the community about the exchange’s mistake, posting screencaps of the emails to warn other clients that their addresses may have been compromised. 

One Twitter user claimed to have received the erroneous email three times in the span of two minutes. 

Because client emails are used for logins, BitMEX’s security has now come under question. The general consensus is that users of the exchange should change their account email address immediately, including updating their password and ensuring they have two-factor-authentication enabled. 

BitMEX addressed the error in an official blog post published Nov. 1.

According to the exchange, user emails were revealed as the result of a software error that has reportedly been fixed. BitMEX says that no other personal data was compromised, 

BitMEX takes the privacy and security of our users very seriously. Rest assured that in this instance, beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent. The error which has caused this has been identified and fixed, ensuring our usual high standards of privacy are upheld.

The exchange published a list of steps for clients that may have been affected by the erroneous emails, including being on the lookout for phishing attempts and utilizing a two-factor authenticator. 

Despite BitMEX addressing the issue, not everyone in the community of crypto is pleased with their handling of the situation.  Larry Cermak explained the severity of BitMEX’s screwup, 

He also chastised BitMEX for complicating the process of users’s switching their email addresses by making them complete an ID verification. 

As if the situation was not bad enough for BitMEX, the exchange’s official Twitter account was also briefly hacked on Nov. 1 

Changpeng Zhao, CEO of rival crypto exchange Binance, weighed in on the situation recommending that all crypto users create a unique email address for each trading platform, thereby protecting themselves in the event of a compromise. 

Featured Image Credit: Photo via Pixabay.com

Cardano (ADA) on Fire: Surges Above $0.10 to Get Into Top 6, Up 206% in 2020

At 16:00 UTC on Friday (July 3), shortly after IOHK, the company developing the Cardano (ADA) protocol, announced a custody agreement with Coinbase, the price of the ADA token went over $0.10 for the first time since October 2018, thereby making ADA the sixth most valuable cryptoasset by market cap.

Yesterday, on day two of the two-day "Cardano Virtual Summit: Shelley Edition", IOHK Co-Founder and CEO Charles Hoskinson announced that from Q4 of this year, Cardano blockchain users would be able to store their ADA holdings at Coinbase Custody "without losing the ability to delegate their stake."

On Tuesday (June 30), IOHK announced that the Shelley codebase had been released to Cardano’s mainnet (but note that the actual hard fork is not expected until around July 29):


Hoskinson had this to say about his company's agreement with Coinbase Custody, which "operates as a standalone, independently-capitalized business to Coinbase, Inc.":

"With Cardano, we believe we can create a revolutionary solution which will be able to offer access to finance and investment to swathes of the population who have previously been shut out of the system.

"This custody agreement allows us to offer the same secure storage solutions that can be found in traditional finance to ada holders, without sacrificing what makes Proof of Stake blockchains special - being able to participate in the network.

"We look forward to this partnership with Coinbase, and to continuing to bring cryptocurrencies closer and closer to mainstream adoption."

As for Sam McIngvale, Head of Product at Coinbase Custody, he said:

"We have been following the success of the Cardano incentivized testnet, with over a thousand registered stakepools during the testing period.

"We are pleased to have been selected as the custodian and we’re proud to be a full-service, regulated, comprehensively-insured, and 100% offline staking provider in crypto.

"The ability to successfully operate within a regulatory framework is essential for the long-term survival of cryptocurrencies.

"We are overseen by the same regulators, and held to similar capital requirements and audit requirements as a traditional financial custodian, which removes many of the perceived barriers to global acceptance of crypto."

IOHK's announcement was made just before 14:00 UTC on Friday (July 3). By 16:00 UTC, the ADA price had broken through the $0.10 resistance level for the first time since October 2018.

Currently (as of 07:34 UTC on July 4), Cardano's token is trading at $0.1003 (up 6.94% in the past 24-hour period), which makes it the sixth most valuable cryptoasset by market cap:

24 Hour CC Chart for ADA-USD on 4 July 2020.png

So far in 2020, Cardano's ADA has gone up over 206% vs. the dollar.