Earlier in the day, Coinfomania reported that the Seychelles-based crypto derivatives platform, BitMEX, experienced an email privacy leak requiring that users change their passwords and email addresses associated with other cryptocurrency exchanges.
However, Twitter user and apparent BitMEX trader, TheMask, reportedly took some burden off the affected users by running a search for some of the compromised email addresses on a database he owns. As TheMask noted following several searches, the database returned clear text passwords for some 229 of the leaked BitMEX mails.
Total mails+pass found: 229
Im going to get me a coffee now(15min) and i will start the mass personalized email sending to everyone with a leaked pass.
The leaked passwords i found will be included in the mail for each one of you.
— TheMask (@TheCrypt0Mask) November 1, 2019
As shown in the Tweet above, the BitMEX trader who at first was undecided about mailing the affected users, finally decided to send them personalized emails containing the discovered passwords.
Armed with such information, there is no doubt the BitMEX affected users would be better equipped to protect themselves from phishing attempts linked to either the derivatives platform and any other exchanges where they use the same mail or password.
Meanwhile, BitMEX has since the email breach, taken responsibility for the incident, and promised to resolve it as soon as possible amid other now-deleted content showing that the exchange’s Twitter account was even briefly compromised.
Updated: We are aware of an email privacy issue impacting our customers. We have identified the root cause and will be in touch with any users affected by the issue. See our blog for details: https://t.co/BMble9jueb
— BitMEX November 1, 2019
Undoubtedly, the current development (whether hoax or sincere) highlights the counterparty risks associated with using centralized exchanges.
In June, Coinfomania reported that leading cryptocurrency exchange, Binance lost 7000BTC ($40 million) to hackers in a security breach, albeit the exchange refunded affected users.