Unfortunate Halloween: BitMEX Data Leak, Deribit Reimburses BTC 150
While major cryptocurrency exchange BitMEX suffered a data breach today, another trading platform, Deribit had a malfunction that cost the company at least USD 1.3 million. (Updated at 13:43 UTC: updates throughout the entire first part of text.)
On Friday, BitMEX sent out a mass email about an update to their indices, but instead of using the BCC option that would hide the email addresses of the recipients, the company used the CC option.
This means that anybody can see the recipients’ email addresses. This is a problem as, not only will these addresses end up on a million and one spam list, but may potentially be used by hackers and fraudsters. As the hackers now potentially know which emails are used to log into the exchange, it may spell a major disaster.
BitMex confirmed that 'some' of their users received an email which contained the email addresses of other users in the 'to' field: "This was the result of a software error which has now been addressed."
The company claims that beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent.
"The error which has caused this has been identified and fixed, ensuring our usual high standards of privacy are upheld," they said, promising to introduce "additional features to further protect our users."
Also, the company issued a safety guidance for their users:
Meanwhile, other exchanges, such as Binance and Bitfinex, have also warned their users to change their email accounts if they are on the CC list of the sent email and they have an account under the same address. This is generally a good idea for users to do for all other exchanges too.
"Use a unique email address and unique password for each exchange. Use a password manager to remember the strong passwords for you," Changpeng Zhao, CEO of Binance, added.
Meanwhile, another news broke out that a flash crash occurred for Bitcoin (BTC) at 19:55 UTC on the exchanges Coinbase Pro and Deribit. Deribit came out with an announcement that it encountered BTC index calculation data issues around 21:00:00 UTC on October 31, 2019, which caused their liquidation engine "to initiate erroneous liquidations." While Ethereum trading was not affected, they added: "Cause of this incident was one platform providing incorrect prices that should have been removed as an outlier in the index calculation. We have suspended this platform from the index calculation."
Analyst Jacob Canfield suggested that perhaps because Coinbase Pro was down for some 75 minutes, Deribit saw a malfunction of its BTC perpetual swap contract, with the price of the contract dropping 15%. This opinion my be prompted by the fact that the website says that "Currently the Deribit BTC index is made up the latest prices" from Coinbase and six other exchanges.
Soon after the incident, Deribit said on Twitter that it will reimburse over USD 1.3 million in losses from "the BTC index calculation data issue," and that it will not be covered by the Deribit Insurance fund, but by Deribit itself. They followed that up with a notice that "a total of 150 BTC has been reimbursed by Deribit."
Su Zhu, CEO of Singapore-based investment management firm Three Arrows Capital, said that this reminds him "of knight capital's blowup in US ETF markets where an errant algo lost USD 400m in under an hr just negative scalping every ETF," adding "Whoever is doing this def not making money."
More comments to this incident immediately followed, with some even asking what kind of opportunity could these events present, and others trying to decipher the connection between the events.
At the time of writing (8:51 UTC), BTC trades at c. USD 9,165 and is almost unchanged in the past 24 hours. It's up 22.06% in a week.