Bitcoin
$64,147.59+1.28%
Ethereum
$3,090.81+0.95%
Binance Coin
$560.52+1.88%
Solana
$144.52+3.39%
XRP
$0.50626908+0.77%
Dogecoin
$0.15335417+1.84%
Toncoin
$6.17-5.26%
Cardano
$0.47107630+4.06%
Shiba Inu
$0.00002276+0.47%
Avalanche
$35.07+0.78%
Wrapped Bitcoin
$64,282.43+1.39%
Tron
$0.11018202+1.00%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Consensus 2024Price Increase Extension Ends In
00
DAYS
23
HR
49
MIN
59
SEC
Markets

BitMEX Says Quality Check 'Failure' Led to Email Privacy Breach

The crypto-derivatives exchange says poor internal checks caused most of the exchange's clients to be exposed to privacy risks.

By William Foxley
AccessTimeIconNov 4, 2019 at 3:25 p.m. UTC
Updated Sep 13, 2021 at 11:40 a.m. UTC
Arthur Hayes, BitMEX founder and CEO (Credit: BitMEX)
Arthur Hayes, BitMEX founder and CEO (Credit: BitMEX)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

BitMEX says its internal processes "failed" last week, subsequently exposing thousands of the exchange's clients to privacy risks.

In a company blog posting on Monday, the crypto-derivatives exchange said its mass emailing operation failed causing “most BitMEX users” to have their email addresses publicly exposed via carbon copy (CC) on Nov. 1.

Data provider Skew says BitMEX has some 22,000 daily users, though the number of email addresses exposed is likely significantly higher.

With major email servers imposing restrictions on bulk emailing, the firm said:

"To remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email."

The exchange said it sends emails to all users very rarely, the last one of this size shipping in 2017. To expedite the process, the exchange's email systems API was changed at the last minute, but did not undergo the typical checking process.

“BitMEX is a global business that sends emails to many different email providers,” said deputy chief operating officer Vivien Khoo in the blog posting. “Unfortunately, this makes the job of large services such as BitMEX difficult at times.”

The exchange says it stopped further batches of emails being sent out upon recognition of the issue.

In response to the leak, BitMEX says they employed password resets and human review on endangered accounts. All users lacking two-factor authentication (2FA) and also holding account balances had passwords reset after the exchange noted hostile attempts to access accounts.

In an email to CoinDesk last Friday, Khoo reiterated that no other personal information was divulged.

“Beyond email addresses, at no point during this issue has any personal data or account information been disclosed.”

BitMEX CEO Arthur Hayes image via BitMEX

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.