The world’s largest crypto derivatives exchange Bitmex has accidentally doxed tens of thousands of its users. An email newsletter concerning forthcoming updates to Bitmex indices CC’d a large proportion of the company’s mailing list, exposing the addresses of its users to the public. In a second embarrassment, Bitmex had its Twitter account hacked shortly afterward.
Bitmex Suffers a Day of Reckoning
It’s been a rough 24 hours for derivatives exchanges. Shortly before Bitmex CC’d in its mailing list, Deribit was forced to reimburse traders who were liquidated due to an error in its price index. Bitmex users are now being urged to change their details, with hackers and phishers certain to try and crack the leaked email addresses, many of which are likely to be tied to accounts on different crypto exchanges. The leaked and then aggregated Bitmex database is now up for sale on the darknet.
Deribit will reimburse over $1.3 million in losses from the BTC index calculation data issue around 21:00:00 UTC on October 31, 2019.
The Deribit Insurance fund will not be used to cover these losses, but compensation will be covered by Deribit.
— Deribit (@DeribitExchange) October 31, 2019
Exchanges such as Binance have already advised their users to modify email addresses if they were also linked to Bitmex. The blunder is a stark reminder to traders to use a unique email address and password for each platform, utilizing a password manager if needed.