Categories: Bitcoin News

BitMEX Email Leak – BitMEX Explains How it Messed Up


On November 1, BitMEX sent an email to thousands of its customers informing them about a change in the way it calculated its indices for its products. However, in the process, it ending up exposing 23,000 email addresses of its customers. In a blog post published today, BitMEX has explained that the accident happened because of a new tool that it used without testing it properly. 


What Happened?

On November 1, BitMEX sent an email to its customers. While the news was a good one for its users – it was updating its methodology for calculating indices for making the reference prices more fair, robust and accurate, it botched up the sharing of the news with them. In the email it sent to users, it also ending up sharing the email addresses of thousands of other customers in the “To:” field. No other information was leaked, however.

How it Happened?

BitMEX, in a blog post published today explained how the leak happened. BitMEX wanted to send the update about revamping its indices to all its customers dependably. For that, it has an in-house system dedicated to managing “the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email”. It also clarified that it had not sent an email to all its customers at once since 2017.

According to the blog, when BitMEX initiated the send, it realised that it would take more than 10 hours for the process to complete. The team wanted that all its customers should receive the email within a reasonable time. To enable this, the team rewrote its tool for sending email so that to “send single SendGrid API calls in batches of 1,000 addresses”.

The blog post further explained that since the team was short on time, it deployed the tool without conducting the necessary QA checks. However, it did not immediately realise that the tool would bunch together the addresses in the “To:” field which would then become visible to all their recipients.


To handle this, the tool was quickly rewritten to send single SendGrid API calls in batches of 1,000 addresses. Unfortunately, due to the time constraints, this was not put through our normal QA process. It was not immediately understood that the API call would create a literal concatenated “To:” field, leaking customer email addresses.

As soon as they realised their mistake, they immediately put a halt to the sending of the emails.

How is BitMEX Remedying The Blunder?

BitMEX, on the same day, had shared on its Twitter handle that users’ funds were safe.

Source- BitMEX Official

The exchange has also taken several other measures to ensure that users are not affected by the leak.

  • BitMEX’s support and security team is monitoring access patterns to identify suspicious activity on the platform after the leak. It has done human reviews of several accounts.
  • It has been doing human reviews of withdrawals. It has cancelled requests from accounts that did not have 2-factor authentication, were withdrawing to a previously unseen Bitcoin address, were submitted with a previously unseen IP addresses or were made after the email leak had occurred.
  • BitMEX has forced all users with balances and without 2FA devices to do a password reset.
  • BitMEX has added more agents to its support team to answer questions and address issues related to the incident.

The exchange has also warned their users about possible phishing attempts from hackers who will try to exploit the situation to their gain. Furthermore, it has requested all users to only observe instructions published on official BitMEX communication channels, enable 2FA for their account and use a password manager.

BitMEX’s carelessness in handling user data shows that the crypto industry is in dire need of standardised rules and regulations around handling customer data. Do you think that regulatory bodies across the world need to intervene in the operations of exchanges? Share your views with us in the comments below!


To keep track of DeFi updates in real time, check out our DeFi news feed Here.

Vinnie Singh

All things Blockchain & Crypto. 3 years for writing for Crypto Publications, ICOs and Blockchain cos. Book Junkie. Travel Freak. Food rules my mood. Enough said. Follow me on twitter @vinniesingh7 or mail me at vinnie[at]

Recent Posts

Goldman Sachs Set to Restart Dealing in Bitcoin Futures; Also Exploring Bitcoin ETF Potential

Goldman Sachs, the global investment banking giant has reopened its crypto trading desk, first started…

4 hours ago

Fidelity’s Global Macro Director Says Bitcoin Has Evolved to Become Digital Gold

Jurrien Timmer, Director of Global Macro Fidelity Global Asset Allocation believes Bitcoin has evolved as…

6 hours ago

After Shark Tanks Kevin O’Leary, Hedge Fund Manager Daniel Loeb Does “Deep Dive” In Crypto

Cryptocurrencies continue to entice some of the biggest global investors and even those who were…

7 hours ago

Bitcoin Shoots 7% As MicroStrategy Buys Another $15 Million Worth Bitcoin

After staying under solid pressure over the last weekend, Bitcoin (BTC) is once again back…

8 hours ago

Twitter to Raise $1.25 Billion in Convertible Notes, Many Beleive They Would Buy Bitcoin

Twitter Inc. the social media giant has announced $1.25 billion in convertible notes days after…

9 hours ago

Alfacash Store Lets Users Gain Crypto Exposure without Being Exposed

Cryptocurrencies are becoming mainstream. From Visa’s and Mastercard’s approval to Paypal’s and Revolut’s foray into…

9 hours ago