BitMEX Crypto Traders Targeted by Phishing Scams: What the Attacks Look Like

BitMEX traders that had their details leaked as part of a recent privacy breach have started to receive phishing emails. The crypto exchange accidentally disclosed 23,000 of its users’ email addresses earlier this month.

A Reddit user disclosed some details about a phishing effort against them in the wake of the leak. An email apparently from Blockchain.com redirects users to a different website to download malware onto their system.

BitMEX Users: Be Extra Vigilant Regarding Emails from Crypto Companies

The BitMEX email address leak occurred as part of a platform update on November 1. A post to the company’s blog explains in detail how it happened.

BitMEX had wanted to inform all its users of an important change to its price index via email. Thanks to its policy of avoiding sending mass emails, the system had not been used since 2017. Understandably, the exchange has grown substantially in terms of its number of users since then. After hitting send, it was looking like the email would take around 10 hours to send to all accounts.

A slapdash effort to update the system to reduce this time did not go through the usual quality assurance checks and was responsible for the leak. In the “To:” field of the emails received by those impacted by the leak, a long list of other users’ emails is clearly visible. According to the blog post, BitMEX acted quickly to limit the damage done but batches of addresses were already exposed.

By November 2, lists of more than 23,000 email addresses were available.

UPDATE: I now have access to 23,000 emails that were leaked by BitMEX. Surprisingly, there is only one person that used a .gov email. There were 66 students/alumni that used .edu email. NYU dominates (7 people), followed by Berkley, and University of Michigan. https://t.co/vmcyVz5Uqe

— Larry Cermak (@lawmaster) November 2, 2019

It now looks like scammers are taking advantage of the readily available, and obviously crypto-literate, BitMEX users’ details. A Reddit user reported an example of a scam supposedly associated with the leak. The user claims to have received a message claiming to be from Blockchain.com. It asks that the potential victim follow a link to receive a payment. However, the link reportedly directs to the site blockchainain.com, and download malware.

The Reddit user included screenshots from their experience. As you can see, it looks reasonably convincing too.

One respondent to the Reddit post commented as such:

“So many people are going to fall for this, imagine all these people that sent 1 ETH to get back 10 ETH…”

With BitMEX users so obviously being interested in crypto assets, it is hardly surprising to see such scams emerge in the wake of a mass email disclosure. However, it still should be pretty easy to stay safe from similar efforts. The exchange itself has given clear guidance to check whether you were impacted. If you received an email on November 1 about the index change that only lists your own email in the “To:” field, your email was not leaked. If you received an email that had many email addresses in the “To:” field, your emailed was leaked.

Whether your email address is on a scammers’ list or not, you should still always follow the same general precautions when dealing with unsolicited emails that offer some unexpected perk. Firstly, if you have doubts about an email don’t open it. Check the sender. If it doesn’t look legitimate, delete it. Companies don’t send emails from dodgy looking domains. If it looks like correspondence from a large blockchain company that you have an account with, sign in to the account and query the email with support. If you don’t have an account with the company then you should treat the email with even greater suspicion.

If you do happen to open the email, make sure you don’t follow any links within it. In the above example, the red flag should be obvious – why would Blockchain be randomly sending this user some cryptocurrency? Given the nature of the victims of the original leak, crypto exchange users, it’s likely that the malware included in this scam has either key logging capabilities, crypto jacking capabilities, or wallet file cloning software.

Related Reading: Bakkt Opens Bitcoin Custody to All Institutions, Futures on Track for New ATH

Featured Image from Shutterestock.