Cryptocurrency derivatives trading platform BitMEX appears to have accidentally revealed a number of its users’ personal email addresses, according to a statement from the company. And indeed, images from Twitter show that BitMEX failed to use blind copy on a mass email to its users.
“We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users,” the platform wrote in a blog post.
We are aware of an email privacy issue impacting our customers. We have identified the root cause and will be in touch with any users affected by the issue. See our blog for details: https://t.co/FNp2Fdyxdn
— BitMEX (@BitMEXdotcom) November 1, 2019
“Our team have (sic) acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users,” the post concluded.
Crypto Twitter was quick to pick up on the incident
BitMEX’ mistake has already been picked up by crypto twitter.
At roughly 07:30 GMT, a twitter user operating under the handle @sakuraricebird posted an image of the BitMEX users’ revealed email addresses.
About 15 minutes later, self-described “Lawyer, but not yours” and General Counsel at Compound Finance Jake Chervinsky wrote that “BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already.”
BitMEX just doxxed its users in the most outrageously incompetent way imaginable: forgetting to use blind copy on mass email. Someone must be cleaning out their desk already. https://t.co/KmARzImxnk
— Jake Chervinsky (@jchervinsky) November 1, 2019
Other exchanges advise users to change their email addresses
Binance and OKEx also tweeted about the incident without naming BitMEX specifically out of apparent concern for their users--after all, hackers who target cryptocurrency hodlers could see the leaked email addresses as an opportunity to use those addresses on other exchanges to try and gain access to accounts.
⚠️We are aware of a large-scale user email leak from another Exchange .⚠️
If you are one of the affected users and you also have a Binance account under the same email address, we recommend changing your email immediately using the below steps:https://t.co/sgEr5sqleg — Binance (@binance) November 1, 2019
If you are affected and have an OKEx account with the same email login, we recommend that you change your email for security reasons. Email change requests will be prioritized during this time.
Here's how: https://t.co/TEuctizZou https://t.co/D8tNQt2OcX — OKEx (@OKEx) November 1, 2019
Finance Magnates reached out to BitMEX, but did not hear back before press time.