BitMEX, on the largest crypto derivative trading platforms in the world, has leaked the email addresses of thousands of its users. According to reports, the addresses were leaked in an email update sent to users, in which the exchange used carbon copy (CC) instead of blind carbon copy (BCC) when listing recipients.
BitMEX doxxes clients in “in the most outrageously incompetent way imaginable”
While revealing private information is most often the result of malicious attacks, one of the largest crypto derivative trading platforms in the world proved that leaks could also come from the inside. BitMEX, a crypto exchange that offers 100x leverage trading, has accidentally revealed emails of thousands of its users by selecting the wrong email tool.
On Nov. 1, the exchange sent out a routine update about the changes to the indices on its products, in which they shared emails of thousands of its users. Numerous reports quickly began circulating on Twitter, with BitMEX users saying they could clearly see everybody else on BitMEX’s mailing list.
Lawyer Jake Chervinsky shared screengrabs of the email with the addresses blurred out, saying BitMEX doxxed its users “in the most outrageously incompetent way imaginable.”
The exchange quickly issued an apology, saying that its team has reacted “immediately” to contain the issue.
“The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users,” the company said in a blog post.
Human error has the potential to threaten the security of thousands of BitMEX users
However, almost nobody seemed touched by BitMEX’s apology, with many users saying that the exchange’s whole email database was vulnerable. BitMEX’s mailing list seemed divided into multiple groups,