Main navigation

BitMEX Exchange Explains Reasons of Recent Email Leak

Mon, 11/04/2019 - 11:37
article image
Yuri Molchan
The BitMEX crypto exchange shares the details of the recent email leakage and assures that no other user data was disclosed
BitMEX Exchange Explains Reasons of Recent Email Leak
Cover image via
Read U.TODAY on
Google News

On Friday, thousands of BitMEX user email addresses were accidentally disclosed in a mass email in the ‘to’ field.

The Crypto Twitter discussed the issue heatedly. The Binance exchange immediately published a step-by-step guide to help users who hold accounts both on BitMEX and Binance to change their Binance emails to prevent those accounts from hacking.

Now, the problem seems to be solved and BitMEX has published the reasons of the leak in its blog post, while also offering advice to those whose email addresses were disclosed.

“We would like to apologise unreservedly for the concern this has caused. Below contains further information about what happened, how we can assist you and some steps that you can take to improve your protection.”

Why did the leak occur?

On Friday, November 1, when the incident took place, BitMEX had published the index change that was of great importance for the customers and would have an impact on the pricing of all the products of the platform.

The BitMEX team faced some technical problems while sending this mass email since this was to be done on a global scale.

“BitMEX is a global business that sends emails to many different email providers. Email deliverability itself is a multi-layered problem, involving decades of work in building sender reputation systems and automatic spam filters. Unfortunately, this makes the job of large services such as BitMEX difficult at times: we only send mass emails to all users on rare occasions.”


To solve the issue, the team took some steps and built an in-house system to conduct such massive email sending easier.

“BitMEX has not sent an email to every customer at once since 2017, and much has changed since then. When we initiated the send, it became clear that it would take upwards of 10 hours to complete, and there was a desire on the team to ensure users received the same material information on a more reasonable timescale.”

The team promptly rewrote the tool to send the mass email faster in stacks of 1,000 addresses.

“Unfortunately, due to the time constraints, this was not put through our normal QA process. It was not immediately understood that the API call would create a literal concatenated “To:” field, leaking customer email addresses. As soon as we became aware, we immediately prevented further emails from being sent and have addressed the root cause. Since then we have been aiding all who have been affected as best we can and mitigating the damage to contain the leak.”

BitMEX emphasizes that no other user data, apart from the email addresses, leaked.

article image
About the author

Yuri is a crypto journalist interested in technology and technical innovations. He has been in crypto since 2017. Believes that blockchain and cryptocurrencies have a potential to transform the world in the future in many of its aspects. ‘Hodls’ major cryptocurrencies and has written for multiple crypto media outlets. 

His articles have been quoted by such crypto influencers as Tyler Winklevoss, John McAfee, CZ Binance, Max Keiser, etc.

Currently Yuri is a news writer at U.Today and can be contacted at