Crypto Exchange BitMEX Under Investigation by CFTC: Bloomberg (#GotBitcoin?)
Seychelles-based cryptocurrency exchange BitMEX is reportedly being probed by the U.S. Commodity Futures Trading Commission (CFTC). Crypto Exchange BitMEX Under Investigation by CFTC: Bloomberg (#GotBitcoin?)
The news appeared in brief on Bloomberg Terminal soon before press time on Friday. That was soon followed by a report from Bloomberg citing sources who said the regulator is investigating whether the exchange has allowed U.S. traders to use its platform.
The CFTC considers cryptocurrencies like bitcoin commodities and has jurisdiction over derivatives such as futures based on cryptos. As such, BitMEX would need to be registered with the agency to allow Americans to trade such products in the U.S.
According to its website, BitMEX offers trading of cryptocurrencies with up to 100-times leverage and other products such as futures and swaps.
Bloomberg said the CFTC investigation is “ongoing” and may not lead to misconduct allegations.
The report adds that the CFTC declined to comment when contacted.
Just days ago, noted economist and crypto skeptic Nouriel Roubini attacked BitMEX, saying it “may be openly involved in systematic illegality,” again according to Bloomberg.
Roubini argued that, in providing such high leverage, the platform is exposing traders to too much risk.
Reportedly citing an anonymous blog, he also allaged that the exchange trades against its own clients and “skirts” anti-money laundering regulations.
BitMEX CEO Arthur Hayes has previously said it never trades against clients.
Hayes Also Told Bloomberg This Week:
“We continue to monitor all legal and regulatory developments around the world and will comply with all applicable laws and regulations; we reject any allegations of criminality, manipulation or unfair treatment of our customers, who are at the center of everything we do.”
Hackers Take Over BitMEX Twitter, But Customer Funds Reportedly Safe
Hackers took over the Twitter account of cryptocurrency exchange BitMEX after the previously reported leak of customer email details on Nov. 1. The exchange claims that, although its Twitter account was hacked, all user funds are safe.
“Hackers” tease individual IDs and take over BitMEX Twitter
Since the update was published, hackers briefly gained control of the BitMEX Twitter account, posting two messages which were swiftly deleted.
The first message read “Take your BTC and run. Last day for withdrawals,” followed by another reading simply, “Hacked.”
Following this a Twitter account named “Bitmexdatabaseleak” sprang up, leaking individual user IDs and emails.
It also posted messages such as “Did you pay tax on your bitmex gains” and “So many obvious US customers on the BitMEX database hack.”
30K Email Dump Selling On Darknet, And Passwords Found From Previous Hacks
An email dump of 30,000 addresses is for sale on the dark web, with about 50% of these “trivially easy to doxx,” according to The Block’s director of research Larry Cermak.
In addition, Twitter user TheCryp0Mask, has been running database searches on the email addresses, allegedly finding nearly 200 passwords from previous hacks of other companies.
BitMEX withdrawals have currently been disabled, but only for customers who have changed their password or security details since the email address leak.
BitMEX has since tweeted that: “while the trolls may target our Twitter account, you may rest assured that all funds are safe.”
BitMEX Investigating ‘Extent of Impact’ After Mass Email Leak
Crypto derivatives exchange BitMEX has accidentally leaked user emails by forgetting to use blind copy (bcc) on a mass email.
The incident was acknowledged by BitMEX in an official statement published today, Nov. 1. Cointelegraph’s editorial team in Japan have independently revealed that a staff member was the recipient of the BitMEx newsletter in question.
In a tweet posted on Nov. 1, crypto-focused lawyer Jake Chervinsky characterized BitMEX’s accidental public sharing of user email data as a simple error committed in the “outrageously incompetent way imaginable.”
Concerned community members have pointed out that the leak makes BitMEX account holders vulnerable targets to potential hackers, with the data serving as a “puzzle piece” for attackers.
Some voiced their concern that the nature of the error could mean that each email includes just a section of the total leaked data: “while most people received about 1,000 [other user emails] per email — they dumped their *entire* user database.”
On Twitter, user “kevin mcsheehan” outlined the risks, including the potential for:
“all email addresses x-referenced w/ public breaches to associate universal passwords. from there attackers will use xx,xxx proxies to try to break into email inboxes, exchange accounts, github, dropbox, etc.”
“The privacy of our users is a top priority”
In its statement, BitMEX has written:
“Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.”
“The privacy of our users is a top priority,” the exchange added.
Following news of the leak, Binance crypto exchange advised all affected BitMEX users who also hold an account on Binance to change their Binane account email immediately.
Earlier today, BitMEX revealed plans to implement major changes to the weights of its cryptocurrency price indices later this month.
BitMEX Says Quality Check ‘Failure’ Led to Email Privacy Breach
BitMEX says its internal processes “failed” last week, subsequently exposing thousands of the exchange’s clients to privacy risks.
In a company blog posting on Monday, the crypto-derivatives exchange said its mass emailing operation failed causing “most BitMEX users” to have their email addresses publicly exposed via carbon copy (CC) on Nov. 1.
Data provider Skew says BitMEX has some 22,000 daily users, though the number of email addresses exposed is likely significantly higher.
With Major Email Servers Imposing Restrictions On Bulk Emailing, The Firm Said:
“To remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email.”
The exchange said it sends emails to all users very rarely, the last one of this size shipping in 2017. To expedite the process, the exchange’s email systems API was changed at the last minute, but did not undergo the typical checking process.
“BitMEX is a global business that sends emails to many different email providers,” said deputy chief operating officer Vivien Khoo in the blog posting. “Unfortunately, this makes the job of large services such as BitMEX difficult at times.”
The exchange says it stopped further batches of emails being sent out upon recognition of the issue.
In response to the leak, BitMEX says they employed password resets and human review on endangered accounts. All users lacking two-factor authentication (2FA) and also holding account balances had passwords reset after the exchange noted hostile attempts to access accounts.
In an email to CoinDesk last Friday, Khoo reiterated that no other personal information was divulged.
“Beyond email addresses, at no point during this issue has any personal data or account information been disclosed.”
BitMEX Ends Year With Additional 13K BTC in Its Insurance Fund, Up 61%
The BitMEX Insurance Fund has added nearly 13,000 BTC in 2019, reaching a total of just over 33,491 BTC as of Dec. 30. This is equivalent to 0.19% of the total Bitcoin in circulation, based on the data available at Blockchain.com.
The fund, which the cryptocurrency exchange set up to ensure that liquidation orders related to leveraged positions are filled, ended 2018 with almost 20,800 BTC. This means that the fund has seen a 61% increase since the start of 2019.
How Does The Bitmex Insurance Fund Work?
Crypto derivatives exchange BitMEX set up the fund to give margin traders more certainty that they will receive their winnings. Here’s the logic behind the fund.
In leveraged trading, market participants are allowed to make bets that the price of an asset will either rise or fall in multiples (that could be as high as 100x) of the amount they deposited. The idea is to amplify the potential profit for making the correct bet.
In the oversimplified example above, Trader A, who has made the winning trade expects to make a profit of $5,000 based on the $500 rise in Bitcoin price multiplied by the 10 times leverage. However, since the losing trader’s actual position is worth only $4,000, there’s a $1,000 deficit for the winning trader.
As pointed out in a previous Cointelegraph article about a flash crash event on Poloniex, traders in the traditional leveraged market are required to pay for the loss or risk facing legal actions from the brokerage firm that offered access to the derivatives trading exchange.
For trading activities involving large financial institutions, in which the event of a default would significantly jeopardize the financial system, there are several layers of security. Traditional derivatives exchanges have large insurance funds that run into the billions.
CME, the world’s largest derivatives exchange, has roughly $22 billion in its safeguard system. And in cases where the safeguard fund isn’t sufficient to cover the defaulted amount, the exchange can exert its power to ask participating clearing members to help finance the defaulting members. And in extreme situations, the government could issue a bailout to the defaulting institutions, especially when the event threatens economic stability.
Various financial experts and commentators have claimed that derivatives played a major role is the 2008 financial crisis, a period in which there were government bailouts to large financial institutions.
The detachment of the crypto market from the traditional financial space means that such robust security is unavailable to crypto margin traders. Therefore, different crypto exchanges have developed different mechanisms to offer some level of security. For BitMEX, this is the insurance fund.
Why Has The Fund Been Growing?
BitMEX has developed a system whereby the insurance fund grows in a liquid market, signaled by a narrow bid/ask spread. Crypto derivatives analytics platform Skew found BitMEX to be the most liquid among the top crypto exchanges offering derivatives trading.
Skew has been tracking the main perpetual swap bid/ask spread for $1 million, $5 million and $10 million. The other exchanges being tracked include Binance, bitFlyer, Deribit, FTX, Huobi, Kraken and OKEx.
Major Events Around The Fund In 2019
The high liquidity enjoyed by BitMEX, per Skew’s research, presents a plausible explanation for why the fund has been growing. According to BitMEX:
“The Insurance Fund grows from liquidations that were able to be executed in the market at a price better than the bankruptcy price of that particular position.”
Still, there have been a few small day-to-day declines in the balance of the fund. The largest drawdown since the fund began over three years ago happened on April 12, 2018, involving about $5.1 million worth of Bitcoin.
BitMEX has been widely criticized for the lack of transparency of its insurance fund. Criticism has ranged from how the exchange doesn’t fully disclose all the trade variables, such as bankruptcy price, to traders.
Crypto publication The Block also noted that the BitMEX Insurance Fund lacks a known breakdown of how drawdowns are made per contract. This all has led some to suggest that BitMEX considers the fund an asset on its balance sheet.
Competitor Deribit mentioned in a blog post that large insurance funds like that of BitMEX could indicate an overly aggressive liquidation mechanism, which may reduce the incentive to pursue other market security innovations.
Other Derivative Insurance Funds
At least three other top derivative exchanges have an insurance fund as well: Deribit, Huobi and OKEx. Unlike BitMEX, which uses auto deleveraging to account for losses that its insurance fund can’t cover, these other exchanges use socialized loss mechanisms to account for losses higher than their insurance fund balances.
The BitMEX Insurance Fund, however, dwarfs the fund balances of these three other exchanges.
As of Dec. 24, the OKEx Insurance Fund is worth nearly $46.3 million, much lower than the $100 million increase seen by the BitMEX fund in 2019. Deribit said in June that its insurance fund had increased to 150 BTC, while Huobi’s fund details are inaccessible.
Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under,Crypto Exchange BitMEX Under