- Following the mammoth BitMEX user data leak, the bitcoin exchange’s Twitter account was allegedly hacked.
- While under the perpetrator’s control, the account tweeted an ominous warning: “Take your BTC and run.”
- BitMEX withdrawals are currently disabled, at least for some users.
Things have gone from bad to worse for BitMEX today as a mass leak of user emails has seemingly turned into a full-blown crisis for the world’s most significant bitcoin trading platform.
As CCN reported, the maligned derivatives trading platform came under intense scrutiny after it leaked thousands of users’ email addresses. The compromise was revealed by a pseudonymous Twitter user named “@sakuraricebird.”
The leak was apparently due to blatant incompetence. The exchange purportedly forgot to use blind carbon copy (bcc) to send an email. Instead, an email addressed to the entirety of subscribed users exposed a trove of personal information, creating a data protection nightmare for the exchange.
BitMEX’ Twitter Account Is Compromised
This, as it turns out, was just the beginning of the horror story. Several hours later, the official BitMEX Twitter account began posting a series of strange messages, including one that warned users to “take your BTC and run.”
BitMEXdotcom deleted after 3 minutes pic.twitter.com/98PL7mbBkt
— Crypto_Deleted_Tweets (@CryptoDeleted) November 1, 2019
What happened here @BitMEXdotcom ?#bitmex hack or just a rogue tweet? pic.twitter.com/petkfUoUIB
— Steven Slicer (@StevenSlicer) November 1, 2019
For most observers, this was a clear sign of a compromise. Supposedly, according to crypto trader, @IamNomad, the Twitter “hack” was actually just a parting shot from the disgruntled former BitMEX employee responsible for the email leak.
Bitcoin Exchange Disables Withdrawals (Partially)
As if this wasn’t enough, shortly after the ominous Twitter “hack,” users started reporting that withdrawals had been disabled.
Alistair Milne, CIO of Altana Digital Currency Fund, was among the first to note this.
BitMex withdrawals disabled
— Alistair Milne (@alistairmilne) November 1, 2019
Others, however, started relaying conflicting reports, suggesting that withdrawals were still operational. Milne later clarified on this point, adding:
“[disabled withdrawals] only applies to those who changed security settings or password following the email leak.”
Have Any BitMEX Users Been Compromised?
As it stands, there is still a fervor of panic washing over the crypto community about whether more revelations could follow. For now, only the Twitter account of BitMEX has been exploited for sure.
Worryingly, however, there has been a further rumor – albeit unsubstantiated – of BitMEX hackers springing up in the wake of the leaks. According to one bitcoin advocate known as @ameero1, there is already a BitMEX “hack group” on Telegram, which has allegedly appropriated 113 BTC by cracking the passwords associated with the leaked emails.
There is a Bitmex hack group on telegram already. They claim be cracking emails, have 113 bitcoin already and laughing at people who have profiles on dating sites with same email they have for exchanges pic.twitter.com/Nf9L0FILcj
— Ameero (@ameero1) November 1, 2019
While the aforementioned could easily be an elaborate troll, one crypto whitehat, dubbed @TheCrypt0Mask, apparently uncovered almost 200 passwords from BitMEX affiliated emails.
So i ran a quick search on the bitmex emails on 1 of my databases and ive gotten quite a few hits( cleartext passwords)
Do you guys think i should email the ppl i found passwords for?
Cc: @inversebrah pic.twitter.com/xK682wWOnO
— TheMask (@TheCrypt0Mask) November 1, 2019
As of writing, no reports of BitMEX exploits have been corroborated. Regardless, the incident serves as yet another important reminder: not your keys, not your bitcoin.
Last modified (UTC): November 1, 2019 3:28 PM