Bitcoin futures exchange BitMEX, known for offering 100x leverage trading, accidentally exposed thousands of user emails today by mistakenly using the wrong email tool. Instead of using blind carbon copy, it used carbon copy, for multiple emails sent to a large portion of its user base, each containing thousands of user emails, according to reports.
In a statement, BitMEX said, “We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.”
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue,” it added.
We have reached out to BitMEX and will update this story if we hear back.
It appears that the email list was divided into groups, with some users receiving one portion of user emails, and others receiving a different portion. As a result, some commentators argued that hackers will try to piece the portions together to get the complete database of leaked emails. The end result could be a swathe of phishing attempts, where hackers pretend to be real users by using their identity information.
Jake Chervinsky, general counsel at Compound Finance, tweeted, “[T]his kind of thing is a massive privacy breach with potentially serious consequences — the last thing a derivatives exchange needs to deal with during a CFTC investigation.”
Only a few months ago, Binance revealed that some of the know-your-customer documents it had stored with a third party had been stolen, and were being released publicly. It offered 300 bitcoins as a reward for information on the hacker. Binance has also witnessed two phishing attacks in its past.