Compromised accounts have been traced using email addresses exposed in the recent BitMEX leak. An already known email address was allegedly used to work out login credentials to gain access to less secure accounts.
Leaked Emails Already Tested for Weak or Repeated Passwords
Comments on social media suggest that the leaked email list is also being circulated on hacking forums and darknet sites. Phishing and other forms of fraud may be attempted on these accounts, as BitMEX has warned.
“If you are concerned about your personal exposure, on BitMEX or on any other platform, the best thing you can do is to enable Two-Factor Authentication on all critical services,” warned the BitMEX letter of apology.
BitMEX users could get into serious trouble for using the same passwords for multiple accounts. Thus, previous leaks could make it very easy for hackers to gain entry into a new account associated with the user. The exact measure of the problem is uncertain, though separate users complain of having their BitMEX accounts compromised.
3 days ago had my Bittex, Kraken & Bitmex accounts all hacked at same time. Passwords all changed. Despite all having GA 2fa. Nothing lost, but security on all 3 self evidentially shit. Beware the gate keepers – the fuckers are asleep, drunk or just left the door open
— @BitCon (@BitCon13) November 1, 2019
Another user reports a hack even with 2FA enabled:
I've been hacked. Someone had successfully logged into my Bitmex account even with 2FA enabled? Avoiding this like a plague until you get this sorted and resolved.
— Mike (@Mike__AI) November 1, 2019
While the leak itself is not sharing highly sensitive information – an email can be made public – the connection to a specific exchange and the notion of hacking a valuable account may appear lucrative and extremely appealing to hackers.
How to protect yourself. A short thread…
The truth is your email isn’t hard to find, not much is these days, from Bitmex or anywhere else.
But…
Each email & connected service (exchange) should have a different password and 2FA.
Some tips👇👇
— Birch (@BitcoinBirch) November 1, 2019
In fact, some owners of various leaked email databases have tested the haul of 23,000 emails and found “quite a few” matches. The exploit is still only hypothetical, but it shows that some of the leaked addresses may have had weak password protection.
So i ran a quick search on the bitmex emails on 1 of my databases and ive gotten quite a few hits( cleartext passwords)
Do you guys think i should email the ppl i found passwords for?
Cc: @inversebrah pic.twitter.com/xK682wWOnO
— TheMask (@TheCrypt0Mask) November 1, 2019
BitMEX Operating, as Usual, No Liquidations or Rogue Trades Noted
With BitMEX, withdrawals are not so easy and immediate, but there is a possibility for the hacker to place spurious trades. With the 100X leverage on BitMEX, this may wreak havoc with user accounts.
BitMEX explained the email exposure as an attempt to send out a mass email, which created an unexpected field containing all addresses. Currently, the exchange is going through a process of reaching out to all affected users, while working to provide more options for security keys.
So far, no rogue trading activity has been observed. No liquidations or unusual positions have been noted on social media, and the BTC market price has remained within its usual range. BTC prices recovered to $9,300 on Monday, after last weekend’s failure to regain the $9,500 level.
What do you think about the BitMEX email leak? Share your thoughts in the comments section below!
Images via Shutterstock, Twitter: @BitCon13, @MichaelStoil, @BitcoinBirch, @TheCrypt0Mask