BitMEX, an exchange which deals in crypto futures including offering a gnarly 100x lever, gave its client list to the general public today through the oldest user error in the book: reply all without carbon copy.
BitMEX’s Paul Chang: User Security a “Top Priority” for Massive Bitcoin Exchange
The incident will be added to the annals of famous “reply all incidents,” and likely be covered on Gimlet Media’s “Reply All” podcast.
The reader probably needs no explanation, but essentially what BitMEX has done here is accidentally give every mailing list subscriber access to the information of every other subscriber. Users who received that e-mail can hit “reply all” and advertise.
Paul Chang, someone who writes for BitMEX, warned the public almost immediately after the e-mail storm took place. A short blog this morning reads:
“We are aware that the email we sent today includes the email addresses of others.
In this regard, we are taking action to resolve the issue immediately and are working to identify the root cause of such consequences.
We take the security of your account as our top priority and sincerely apologize for this email.”
Not long later, a full explanation surfaced on the same blog.
Phishers Find Goldmine Off the Coast of BitMEX
More concerning than the obvious organic spam that will grow out of this debacle, from a security perspective, is the prospect of more clever phishing attempts.
Phishing is the process of pretending to act in an official capacity in order to victimize someone, usually with a financial incentive. An example is when someone allegedly calls you from Microsoft Tech Support and walks you through installing viruses on your system.
Users of digital financial products are constantly the subject of phishing attacks, and now those who conduct them can be sure they’re barking up the right tree.
BitMEX Says “SAFU”
When Binance was hacked for 7,000 BTC earlier this year, users lost absolutely nothing. The reason? The exchange has a “SAFU” policy in place, which stands for “Secure Access Fund for Users.”
Binance sets aside some of its profits in order to ensure that, in the event the exchange loses money, user accounts can quickly be made whole.
Crypto Twitter is obviously having a field day with the “BitMEX hack.”
Bitmex SCAM ? scam
— Rojo (@Rojo67188483) November 1, 2019
Coinbase having bitcoin trading price issues
Derebit got hacked
Bitmex Twitter handle got hackedHmmm… #bitcoin still not dead….
I smell scams…..
— MMD (@btcvision2024) November 1, 2019
I could not resist! I just replied to all…. 1000 recipients.
Thank you Bitmex— ₿ender (@BitcoinDurp) November 1, 2019
BitMEX responds by stressing that it hasn’t actually been hacked, just exposed.
We would like to reassure our users that while the trolls may target our Twitter account, you may rest assured that all funds are safe.
— BitMEX (@BitMEXdotcom) November 1, 2019
BitMEX CEO Arthur Hayes was epically trolled by crypto comedy site Coin Jazeera earlier this year.