Crypto Exchange BitMEX Under Investigation by CFTC: Bloomberg (#GotBitcoin?)
Seychelles-based cryptocurrency exchange BitMEX is reportedly being probed by the U.S. Commodity Futures Trading Commission (CFTC). Crypto Exchange BitMEX Under Investigation by CFTC: Bloomberg (#GotBitcoin?)
The news appeared in brief on Bloomberg Terminal soon before press time on Friday. That was soon followed by a report from Bloomberg citing sources who said the regulator is investigating whether the exchange has allowed U.S. traders to use its platform.
The CFTC considers cryptocurrencies like bitcoin commodities and has jurisdiction over derivatives such as futures based on cryptos. As such, BitMEX would need to be registered with the agency to allow Americans to trade such products in the U.S.
According to its website, BitMEX offers trading of cryptocurrencies with up to 100-times leverage and other products such as futures and swaps.
Bloomberg said the CFTC investigation is “ongoing” and may not lead to misconduct allegations.
The report adds that the CFTC declined to comment when contacted.
Just days ago, noted economist and crypto skeptic Nouriel Roubini attacked BitMEX, saying it “may be openly involved in systematic illegality,” again according to Bloomberg.
Roubini argued that, in providing such high leverage, the platform is exposing traders to too much risk.
Reportedly citing an anonymous blog, he also allaged that the exchange trades against its own clients and “skirts” anti-money laundering regulations.
BitMEX CEO Arthur Hayes has previously said it never trades against clients.
Hayes Also Told Bloomberg This Week:
“We continue to monitor all legal and regulatory developments around the world and will comply with all applicable laws and regulations; we reject any allegations of criminality, manipulation or unfair treatment of our customers, who are at the center of everything we do.”
Hackers Take Over BitMEX Twitter, But Customer Funds Reportedly Safe
Hackers took over the Twitter account of cryptocurrency exchange BitMEX after the previously reported leak of customer email details on Nov. 1. The exchange claims that, although its Twitter account was hacked, all user funds are safe.
“Hackers” tease individual IDs and take over BitMEX Twitter
Since the update was published, hackers briefly gained control of the BitMEX Twitter account, posting two messages which were swiftly deleted.
The first message read “Take your BTC and run. Last day for withdrawals,” followed by another reading simply, “Hacked.”
Following this a Twitter account named “Bitmexdatabaseleak” sprang up, leaking individual user IDs and emails.
It also posted messages such as “Did you pay tax on your bitmex gains” and “So many obvious US customers on the BitMEX database hack.”
30K Email Dump Selling On Darknet, And Passwords Found From Previous Hacks
An email dump of 30,000 addresses is for sale on the dark web, with about 50% of these “trivially easy to doxx,” according to The Block’s director of research Larry Cermak.
In addition, Twitter user TheCryp0Mask, has been running database searches on the email addresses, allegedly finding nearly 200 passwords from previous hacks of other companies.
BitMEX withdrawals have currently been disabled, but only for customers who have changed their password or security details since the email address leak.
BitMEX has since tweeted that: “while the trolls may target our Twitter account, you may rest assured that all funds are safe.”
BitMEX Investigating ‘Extent of Impact’ After Mass Email Leak
Crypto derivatives exchange BitMEX has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email.
The incident was acknowledged by BitMEX in an official statement published today, Nov. 1. Cointelegraph’s editorial team in Japan have independently revealed that a staff member was the recipient of the BitMEx newsletter in question.
In a tweet posted on Nov. 1, crypto-focused lawyer Jake Chervinsky characterized BitMEX’s accidental public sharing of user email data as a simple error committed in the “outrageously incompetent way imaginable.”
Concerned community members have pointed out that the leak makes BitMEX account holders vulnerable targets to potential hackers, with the data serving as a “puzzle piece” for attackers.
Some voiced their concern that the nature of the error could mean that each email includes just a section of the total leaked data: “while most people received about 1,000 [other user emails] per email — they dumped their *entire* user database.”
On Twitter, user “kevin mcsheehan” outlined the risks, including the potential for:
“all email addresses x-referenced w/ public breaches to associate universal passwords. from there attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.”
“The privacy of our users is a top priority”
In its statement, BitMEX has written:
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
“The privacy of our users is a top priority,” the exchange added.
Following news of the leak, Binance crypto exchange advised all affected BitMEX users who also hold an account on Binance to change their Binane account email immediately.
Earlier today, BitMEX revealed plans to implement major changes to the weights of its cryptocurrency price indices later this month.
BitMEX Says Quality Check ‘Failure’ Led to Email Privacy Breach
BitMEX says its internal processes “failed” last week, subsequently exposing thousands of the exchange’s clients to privacy risks.
In a company blog posting on Monday, the crypto-derivatives exchange said its mass emailing operation failed causing “most BitMEX users” to have their email addresses publicly exposed via carbon copy (CC) on Nov. 1.
Data provider Skew says BitMEX has some 22,000 daily users, though the number of email addresses exposed is likely significantly higher.
With Major Email Servers Imposing Restrictions On Bulk Emailing, The Firm Said:
“To remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email.”
The exchange said it sends emails to all users very rarely, the last one of this size shipping in 2017. To expedite the process, the exchange’s email systems API was changed at the last minute, but did not undergo the typical checking process.
“BitMEX is a global business that sends emails to many different email providers,” said deputy chief operating officer Vivien Khoo in the blog posting. “Unfortunately, this makes the job of large services such as BitMEX difficult at times.”
The exchange says it stopped further batches of emails being sent out upon recognition of the issue.
In response to the leak, BitMEX says they employed password resets and human review on endangered accounts. All users lacking two-factor authentication (2FA) and also holding account balances had passwords reset after the exchange noted hostile attempts to access accounts.
In an email to CoinDesk last Friday, Khoo reiterated that no other personal information was divulged.
“Beyond email addresses, at no point during this issue has any personal data or account information been disclosed.”
Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under