On the first day of November, it was discovered that BitMEX, the popular cryptographic derivatives exchange, accidentally leaked sensitive data related to users because the company failed to properly apply its large-capacity mail server and blindly replicated the protocol.
In just a few hours, BitMEX acknowledged the mistake, and BitMEX’s deputy chief operating officer Vivien Khoo issued a statement saying that BitMEX unexpectedly sent a message to most users containing other users in the “To” field.
To make matters worse, after the leak, unknown hackers can control BitMEX’s official Twitter account. Under control, these criminals can post several messages, such as “take BTC and transfer, the last day of the company’s withdrawal,” and block the company’s real-time data.
In response, BitMEX’s PR team quickly deleted the news and issued a statement claiming that the hacking did not harm the security of the client’s funds. In this regard, a Twitter account called “Bitmexdatabaseleak” was suspended due to the above hacking, and the account was allegedly leaked, revealing a lot of customer data, such as the personal user ID and email of many BitMEX customers.
According to Larry Cermak, research director, BitMEX’s recent data breach coincides with the sending of about 30,000 emails in the dark network, which leads people to believe that some or all of the leaked customer data may have been sold online to illegal third party.
BitMEX continues to temporarily waive withdrawals for customers who change their account password or security details due to email address leakage. At the time of this writing, the exchange has not yet responded to Cointelegraph’s inquiry to comment on the situation.
“Encrypting a user’s email is often as damaging as encrypting a user’s password, because hackers have a large number of password stores that people tend to use. Finally, releasing users’ emails also makes them vulnerable to spam and the web. Phishing attack.
Whenever such a large security breach occurs, the most important thing is that the company immediately takes corrective measures to ensure that the trust of its customers remains stable.
In this regard, BitMEX posted a blog post on Monday stating that although its internal processes did make a mistake last week, the situation has been resolved because the company’s newly designed internal error detection system can handle the necessary issues.
After the leak, BitMEX users did receive unusual emails, and there is no doubt that these emails are the result of a leak. It seems that the leaked email address is already on the web, which means that hackers will now try to fake people’s passwords to steal cryptocurrencies.