Top Crypto Investment News, Listings, Member Posts, Crypto Investment Daily Indices and more!

4yrs ago Crypto newsbtc Views: 186

BitMEX traders that had their details leaked as part of a recent privacy breach have started to receive phishing emails. The crypto exchange accidentally disclosed 23,000 of its users’ email addresses earlier this month.

A Reddit user disclosed some details about a phishing effort against them in the wake of the leak. An email apparently from Blockchain.com redirects users to a different website to download malware onto their system.

BitMEX Users: Be Extra Vigilant Regarding Emails from Crypto Companies

The BitMEX email address leak occurred as part of a platform update on November 1. A post to the company’s blog explains in detail how it happened.

BitMEX had wanted to inform all its users of an important change to its price index via email. Thanks to its policy of avoiding sending mass emails, the system had not been used since 2017. Understandably, the exchange has grown substantially in terms of its number of users since then. After hitting send, it was looking like the email would take around 10 hours to send to all accounts.

A slapdash effort to update the system to reduce this time did not go through the usual quality assurance checks and was responsible for the leak. In the “To:” field of the emails received by those impacted by the leak, a long list of other users’ emails is clearly visible. According to the blog post, BitMEX acted quickly to limit the damage done but batches of addresses were already exposed.

By November 2, lists of more than 23,000 email addresses were available.

UPDATE: I now have access to 23,000 emails that were leaked by BitMEX. Surprisingly, there is only one person that used a .gov email. There were 66 students/alumni that used .edu email. NYU dominates (7 people), followed by Berkley, and University of Michigan. https://t.co/vmcyVz5Uqe

— Larry Cermak (@lawmaster) November 2, 2019

It now looks like scammers are taking advantage of the readily available, and obviously crypto-literate, BitMEX users’ details. A Reddit user reported an example of a scam supposedly associated with the leak. The user claims to have received a message claiming to be from Blockchain.com. It asks that the potential victim follow a link to receive a payment. However, the link reportedly directs to the site blockchainain.com, and download malware.

The Reddit user included screenshots from their experience. As you can see, it looks reasonably convincing too.

-

One respondent to the Reddit post commented as such:

“So many people are going to fall for this, imagine all these people that sent 1 ETH to get back 10 ETH…”

With BitMEX users so obviously being interested in crypto assets, it is hardly surprising to see such scams emerge in the wake of a mass email disclosure. However, it still should be pretty easy to stay safe from similar efforts. The exchange itself has given clear guidance to check whether you were impacted. If you received an email on November 1 about the index change that only lists your own email in the “To:” field, your email was not leaked. If you received an email that had many email addresses in the “To:” field, your emailed was leaked.

Whether your email address is on a scammers’ list or not, you should still always follow the same general precautions when dealing with unsolicited emails that offer some unexpected perk. Firstly, if you have doubts about an email don’t open it. Check the sender. If it doesn’t look legitimate, delete it. Companies don’t send emails from dodgy looking domains. If it looks like correspondence from a large blockchain company that you have an account with, sign in to the account and query the email with support. If you don’t have an account with the company then you should treat the email with even greater suspicion.

If you do happen to open the email, make sure you don’t follow any links within it. In the above example, the red flag should be obvious – why would Blockchain be randomly sending this user some cryptocurrency? Given the nature of the victims of the original leak, crypto exchange users, it’s likely that the malware included in this scam has either key logging capabilities, crypto jacking capabilities, or wallet file cloning software.

 

Related Reading: Bakkt Opens Bitcoin Custody to All Institutions, Futures on Track for New ATH

Featured Image from Shutterestock.

BitMEX Crypto Traders Targeted by Phishing Scams: What the Attacks Look Like on NewsBTC.


Today's Crypto Investment Headlines:

Log In for More
Access Over 250K+ Industry Headlines, Posts and Updates
Not a member yet?

Join AlphaMaven

The Premier Alternative Investment
Research and Due Diligence Platform for Investors

Free Membership for Qualified Investors and Industry Participants
  • Easily Customize Content to Match Your Investment Preferences
  • Breaking News 24/7/365
  • Daily Newsletter & Indices
  • Alternative Investment Listings & LeaderBoards
  • Industry Research, Due Diligence, Videos, Webinars, Events, Press Releases, Market Commentary, Newsletters, Fact Sheets, Presentations, Investment Mandates, Video PitchBooks & More!
  • Company Directory
  • Contact Directory
  • Member Posts & Publications
  • Alpha University Video Series to Expand Investor Knowledge
  • AUM Accelerator Program (designed for investment managers)
  • Over 450K+ Industry Headlines, Posts and Updates
ALL ALPHAMAVEN CONTENT IS FOR INFORMATIONAL PURPOSES ONLY. CONTENT POSTED BY MEMBERS DOES NOT NECESSARILY REFLECT THE OPINION OR BELIEFS OF ALPHAMAVEN AND HAS NOT ALWAYS BEEN INDEPENDENTLY VERIFIED BY ALPHAMAVEN. PAST PERFORMANCE IS NOT INDICATIVE OF FUTURE RESULTS. THIS IS NOT A SOLICITATION FOR INVESTMENT. THE MATERIAL PROVIDED HEREIN IS FOR INFORMATIONAL PURPOSES ONLY. IT DOES NOT CONSTITUTE AN OFFER TO SELL OR A SOLICITATION OF AN OFFER TO BUY ANY INTERESTS OF ANY FUND OR ANY OTHER SECURITIES. ANY SUCH OFFERINGS CAN BE MADE ONLY IN ACCORDANCE WITH THE TERMS AND CONDITIONS SET FORTH IN THE INVESTMENT'S PRIVATE PLACEMENT MEMORANDUM. PRIOR TO INVESTING, INVESTORS ARE STRONGLY URGED TO REVIEW CAREFULLY THE PRIVATE PLACEMENT MEMORANDUM (INCLUDING THE RISK FACTORS DESCRIBED THEREIN), THE LIMITED PARTNERSHIP AGREEMENT AND THE SUBSCRIPTION DOCUMENTS, TO ASK SUCH QUESTIONS OF THE INVESTMENT MANAGER AS THEY DEEM APPROPRIATE, AND TO DISCUSS ANY PROSPECTIVE INVESTMENT IN THE FUND WITH THEIR LEGAL AND TAX ADVISERS IN ORDER TO MAKE AN INDEPENDENT DETERMINATION OF THE SUITABILITY AND CONSEQUENCES OF AN INVESTMENT.