It’s been a week since it was revealed that BitMEX had the latest in a series of mishaps, this one potentially affecting most, if not all, of its userbase. The cryptocurrency exchange hasn’t stated exactly what happened, but what is known is that users’ email addresses were inadvertently made public, possibly as many as 22,000, and the fallout of that egregious error is starting to be seen.
BitMEX has tried to place the blame on a “software error,” a standard boilerplate response when a company doesn’t want to admit, or doesn’t know, what truly happened. The exchange’s deputy chief operating officer, Vivien Khoo published a response a few hours after it was revealed. It stated, “We are deeply sorry for the concern this has caused to our users. The issue was caused by an error in the software used to send emails. As soon as we were made aware of the issue, we immediately prevented further emails from being sent and have since addressed the issue to ensure this does not happen again.”
Despite the assertion that the issue was limited to just email addresses, which shouldn´t have been a serious security risk, BitMEX temporarily disabled withdrawals for anyone who tried to change their account passwords or security details. One potential security hole has been made even bigger, as hackers, with their vast lists of passwords, might now be able to put email addresses to those passwords and gain access.
This was apparently confirmed by the CEO of fiat gateway XanPool, Jeffrey Liu Xun, who stated, “Doxing users’ e-mails is oftentimes as damaging as doxing their passwords, as hackers have large repositories of passwords that people tend to use. Finally, releasing your users’ e-mails also opens them up to spam and phishing attacks.”
There is also evidence that the email addresses have already made their way to the dark web.