If you have an account with crypto derivatives exchange BitMEX, there’s never been a better time to update your security preferences.
On Friday at 08:00 UTC, BitMEX alerted its clientele via blog and Twitter that it had accidentally revealed all of its user’s emails via carbon copy (CC). So, if you have an account with BitMEX, anyone obtaining the email has a portion of what’s needed to access your account. It also potentially opens users up to targeted phishing attacks.
According to data tweeted by data analytics firm Skew, BitMEX has around 22,000 users daily.
“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users,” the blog states. “Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact.”
BitMEX has now asked customers to add BitMEX’s support email to their contact lists to decrease phishing emails along with adding 2-factor authentication (2FA). The exchange appeared to suggest a bug caused the incident, saying: “The error which has caused this has been identified and fixed.”
The mishap adds to the woes of the exchange, which is also reportedly being probed by the U.S. Commodity Futures Exchange Commission (CFTC) over whether it has allowed U.S. traders to use its platform. BitMEX geo-blocks multiple countries from participating on its exchange, including the United States. Some users may jump the fence by using virtual private networks (VPNs), however.
One of the largest crypto derivatives markets known for its leverage rates of up to 100x, BitMEX operates out of Seychelles. Its largest product, the XBT/USD trade pair, had a 24-hour trade volume of $2.8 billion as of press time according to CoinGecko.
BitMEX CEO Arthur Hayes image via CoinDesk archives