Compile: Bluemountain Labs
Editor's Note: The original title is " We may have a small impact on the impact of BitMEX email data leakage."
- European Central Bank: Central bank digital currency will be issued without efficient pan-European payment solution
- Ling listening to the notice | What is the bottom of the ant Jinfu layout blockchain?
- QKL123 market analysis | Featured indicators show that Bitcoin price is undervalued (1128)
- Getting Started | From the three cases of Bitcoin, EOS, and MakerDao, what is a smart contract?
- Xiao Zawan never imagined that the days of Libra’s “rebellion” came so fast.
- Liberation Army Daily: The military application of blockchain is not yet mature, and there are still four major risks.
On the first day of November, it was discovered that BitMEX, the popular cryptographic derivatives exchange, accidentally leaked sensitive data related to users because the company failed to properly apply its large-capacity mail server and blindly replicated the protocol. Caused.
In just a few hours, BitMEX acknowledged the mistake, and BitMEX's deputy chief operating officer Vivien Khoo issued a statement saying that BitMEX unexpectedly sent a message to most users containing other users in the "To" field. The email address, the statement says:
"We apologize for the resulting user concern, which was caused by a software error used to send emails. As soon as we discovered the problem, we immediately blocked further emails and resolved the issue to ensure This is no longer the case."
To make matters worse, after the leak, unknown hackers can control BitMEX's official Twitter account. Under control, these criminals can post several messages, such as "take BTC and transfer, the last day of the company's withdrawal," and block the company's real-time data.
In response, BitMEX's PR team quickly deleted the news and issued a statement claiming that the hacking did not harm the security of the client's funds. In this regard, a Twitter account called "Bitmexdatabaseleak" was suspended due to the above hacking, and the account was allegedly leaked, revealing a lot of customer data, such as the personal user ID and email of many BitMEX customers.
According to Larry Cermak, research director at The Block, BitMEX's recent data breach coincides with the sending of about 30,000 emails in the dark network, which leads people to believe that some or all of the leaked customer data may have been sold online to illegal ones. Third party.
BitMEX continues to temporarily waive withdrawals for customers who change their account password or security details due to email address leakage. At the time of this writing, the exchange has not yet responded to Cointelegraph's enquiry to comment on the situation.
Bitcoin withdrawals on BitMEX are still unaffected
After a major security breach, it is reasonable to assume that BitMEX will have to face some kind of loss from the customer. However, based on data obtained online, the total BTC withdrawals of the trading platform on November 1 (the second day after the email leak) appear to be largely unaffected.
Jeffery Liu Xun, CEO of the point-to-point legal gateway XanPool, shared with Cointelegraph his thoughts on how BitMEX can allow this kind of error:
" In view of the fact that I have not received an email from Bitmex before, this is most likely due to a huge mistake made by newcomers to internal marketing, or a large number of their mail service providers. I think it is the former because of MailChimp and the like. The service will not make these mistakes, and this problem must not be ignored."
He then continued to add that BitMEX's competitors can now send a large amount of email to their customers in the hope of poaching due to the privacy risks caused by the leak. In addition, Xun believes that the second, more dangerous risk is that the vast majority of people using the trading platform do not use complex passwords, so powerful hackers can now choose to use their password store to try to obtain passwords through multiple permutations. Access the unsuspecting user's wallet with a combination-based penetration technology. On this topic, he added:
"Encrypting a user's email is often as damaging as encrypting a user's password, because hackers have a large number of password stores that people tend to use. Finally, releasing users' emails also makes them vulnerable to spam and the web. Phishing attack."
Cigar's owner, Craig Russo, responded to Xun's point of view. Peer is a Boston-based startup, behind the popular media channel SludgeFeed. In Russo's view, this whole situation is a terrible security hole for BitMEX, and BitMEX will question the exchange each time it involves any type of dispute. He told Cointelegraph:
“In this industry, trust is crucial, and the consequences of such troubles may last for a while. I think there will be some investors leaving the platform in the short term, but overall, given their market share and disposables Resources, BitMEX can bounce off events."
What should I do with BitMEX and its users?
Whenever such a large security breach occurs, the most important thing is that the company immediately takes corrective measures to ensure that the trust of its customers remains stable.
In this regard, BitMEX posted a blog post on Monday stating that although its internal processes did make a mistake last week, the situation has been resolved because the company's newly designed internal error detection system can handle the necessary issues.
According to data provider Skew, personal information belonging to 22,000 BitMEX users may have been made public online. According to Dovey Wan of Primitive Crypto, this could lead to the US government using leaked email addresses to investigate tax returns for many individuals associated with BitMEX. The exchange was not registered with the Commodity Futures Trading Commission, thus limiting the use of the platform by Americans.
In addition, the US Internal Revenue Service (IRS) recently issued a new set of rules requiring cryptocurrency holders to report in detail all their cryptocurrency holdings. Now, cryptocurrency owners must levy taxes on any capital gains (and other forms of income) they receive by exchanging or holding such digital assets.
Finally, regarding the possibility of BitMEX facing any legal action, Aaron Wagener, co-founder and COO of the decentralized global data network MXC Foundation, told Cointelegraph that due to terms and conditions, BitMEX was at the time of customer entry. The proposed recommendations may prove extremely difficult for any potential legal action against the company.
Wagener added that since this situation is clearly due to a lack of human judgment, the bigger issue will now be around BitMEX to ensure the security of its users, especially since the information is now in the public domain, Wagener continues Say:
“It’s hard to simply say that the problem has been solved, and users are facing potential threats from phishing emails, scams and spam from various sources. This problem will continue to plague users for quite some time.”
However, Ray Walsh, a digital privacy expert at education platform ProPrivacy, believes that the company may face huge fines under the General Data Protection Regulations. Not only that, he also pointed out that the Federal Trade Commission can conduct a good investigation, or that BitMEX users can decide to file a class action lawsuit against the company's personal data. Walsh further stressed that it seems that the data has been abused:
“After the leak, BitMEX users did receive unusual emails, and there is no doubt that these emails are the result of a leak. It seems that the leaked email address is already on the web, which means that hackers will now try to fake people Password to steal cryptocurrency. "
English copyright belongs to the original author, please reprint in Chinese.