BitMEX says unauthorized attempts to access user accounts on the rise, mandates email withdrawal verifications

The number of unauthorized attempts to access user accounts on BitMEX has climbed, the cryptocurrency derivatives exchange wrote in a blog post Tuesday

In the wake of these rising attacks, the exchange now forbids users from disabling login notification emails and requires email verifications for withdrawal requests via the API. BitMEX also advises its users to use strong passwords, enable Two-Factor Authentication (2FA), and use a password manager.


Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

BitMEX imposed these new practices after observing that almost all victims of these attacks did not see or receive account-related email notifications. In addition, some reused their passwords or have very weak ones, while others had their email addresses compromised first which then led to account theft.

According to BitMEX, perpetrators have adopted increasingly sophisticated tactics in taking over and moving funds from compromised accounts. Some hackers would deliberately make a loss against another account they also control, while others disabled email login notification after unauthorized account access.

BitMEX said in the blog post that it is also considering enforcing login access features such as 2FA, as it is “the best and easiest way to protect yourself from these attacks."

About Author

Celia joined The Block as a reporter after earning her BA in the History of Science from the University of Chicago. Having spent years pondering over why 2+2 cannot equal 5, she is interested in the history and philosophy of mathematics, computation, and cryptography. She also had a very brief stint at Crunchbase News.