With a leak of at least 23,000 emails, the recent BitMEX email leak was much heavier than expected. An inadvertent message that included lists of emails made the rounds last week, creating a security break for the largest crypto derivatives exchange.
23,000+ Emails Leaked by BitMEX
Details of the BitMEX email leak were shared a few hours ago by well-known industry researcher Larry Cermak in one of his tweets. Using BitMEX is not entirely illegal, though it has been banned for US citizens.
BitMEX’s, perpetual BTC/USDT swap, is the most active contract linked to Bitcoin (BTC) trades. The exchange, however, operates in a legal gray area, and the leaked emails may point to breaks in excluding some regions. Trading on BitMex has also been seen as highly risky, akin to gambling.
UPDATE: I now have access to 23,000 emails that were leaked by BitMEX. Surprisingly, there is only one person that used a .gov email. There were 66 students/alumni that used .edu email. NYU dominates (7 people), followed by Berkley, and University of Michigan. https://t.co/vmcyVz5Uqe
— Larry Cermak (@lawmaster) November 2, 2019
The analysis of the leaks suggests most users were not highly aware of both internet and identity security. As much as half the emails may be linked to a name, only based on the actual composition of the address.
Some of the leaked emails were also compromised. This means BitMEX or even unrelated accounts can be at risk for exploitation. Taking over an exchange account could empty balances, or cause rogue trades. So far, none of this has affected the markets, though the attack coincided with a hack of the official BitMEX Twitter handle.
The emails, which contain several .gov and .edu extensions, can potentially lead the taxman to various persons. Dovey Wan, the co-founder of Primitive Crypto, commented that the emails may also be the basis for tax investigations.
gonna be a interesting “Ashely Madison” like case for the Bitmex email leaks ..
Anybody using .gov email or .edu email? 👀👀👀 and nice source of tax collection pointer for IRS too if they do a quick scan
— Dovey "Rug the fiat" Wan (hiring) (@DoveyWan) November 1, 2019
Scammers, Phishers, and Taxman Attracted to Email Haul
While the emails have not been linked with transfers to BTC addresses, the new US IRS rules suggest that any BTC owner may have to report balances and be taxed either on capital gains or other forms of revenue.
BitMEX is still investigating the impact of the leaked emails, while telegram groups have been set to further spread the leak. Phishing scams or account thefts are possible with the easily discoverable information.
If you haven’t heard from us, we will be in touch shortly. We are taking all precautionary steps in this staggered approach. In the meantime, updates will be made on our blog. Please contact us if you require immediate support: https://t.co/3XByF1xRdu
— BitMEX (@BitMEX) November 2, 2019
Unfortunately, BitMEX does not offer the option of an email ID change, and may require new KYC for all affected users.
What do you think about the latest BitMEX email leak? Share your thoughts in the comments section below!
Images via Bitcoinist Media Library, Twitter: @lawmaster, @DoveyWan, @BitMEXdotcom
