Just when you thought Halloween was over, BitMex has struck fear into its own customers’ hearts after allegedly leaking their email addresses online.

It is only two months since Binance customers’ personal were leaked online, and now BitMex is facing its own data breach.

The difference? Whereas Binance’s leak of customers’ names, addresses, photographs and signatures was allegedly the work of someone who may have previously worked with the exchange, BitMex’s data breach seems to be of its own making.


The breach couldn’t have happened in a more embarrassing way either.

Customers who were sent an update by the exchange, reported being able to see the email addresses of every other BitMex customer in the message’s carbon copy (CC) field.

Source: Sakura Rice Bird, Twitter

Looks like someone at BitMex failed to list customer emails in the blind carbon copy (BCC) field, thereby making everyone’s email addresses visible to everyone else. Oops.

Basic error

The fact that one of the world’ largest crypto exchanges can make such a basic mistake is hugely worrying for its customers.

They now face having to update their passwords on the exchange as well as ensure their two-factor authentication settings are up to date.

BitMex reported that it was investigating the leak.

However, people across the world of crypto and social media are slamming the exchange for – on the face of it – a problem of their own creation. 

One Twitter user complained: “How can anyone trust you after this?”.

While popular Twitter crypto trader Crypto Birb, said: “great job to say goodbye to every client you have ever had. Solid work team.”

Despite Binance suffering its own embarrassing leak a couple of months back, plus a hack in which 7,000 bitcoins belonging to its customers were stolen from its hot wallet, Changpeng Zhao, the Binance CEO was quick to highlight the breach on Twitter.

CZ reminded investors using crypto trading platforms: “Use a unique email address and unique password for each exchange. Use a password manager to remember the strong passwords for you.”

It is clear – while Halloween might be another 365 days away, the BitMex team is stuck in a nightmare of its own making.