The Twitter account of Bitmex, one of the biggest crypto derivatives exchange, was briefly hacked today.
The hackers were kind enough to let everyone know the account was hacked before stating “last day for withdrawals.”
The exchange was quickly able to recover the account, stating:
“We would like to reassure our users that while the trolls may target our Twitter account, you may rest assured that all funds are safe.”
Questions are being raised on whether that is indeed the case at the user level because thousands of emails have apparently been leaked following a security breach.
There are reports of individuals receiving the email addresses of 1,000 accounts.
Others say they have not received any email from Bitmex. Bitmex itself said:
“Earlier today, some of our users received an email which contained the email addresses of other users in the ‘to’ field. We apologise for the concern this communication may have caused. This was the result of a software error which has now been addressed.
BitMEX takes the privacy and security of our users very seriously. Rest assured that in this instance, beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent. The error which has caused this has been identified and fixed, ensuring our usual high standards of privacy are upheld.”
That suggests they claim there was no security breach, just an error. However an account that purports to be the hackers claims to know the user ID, meaning they claim to have gained access to the database itself.
If that is the case, then presumably the primary motive would be profit, but in that case you’d think they would have gone after the hot wallet or would have engaged in a sophisticated attack like for the Binance hack.
Instead they appear to have gone for the database, a far less harmful “breach,” if there has been one, and a breach that might suggest they’re more after information.
What sort? Well presumably they want to know whether there has been any manipulation at the exchange, something they’ve been accused of before.
We are speculating, however. They may well want the actual emails for some unclear reason. Some 87 GB of email addresses and passwords are out there already . If it was about crypto holdings, the MT Gox database is still out there.
Obviously plenty has changed since 2014, but futures are on the firing line in regards to potential manipulation which may have been more of a motive for this security breach, if indeed there was any, with presumably profit motives there too, somehow.