“Software-defined cryptography firm” Unbound Tech says that parties exposed in last week’s email debacle at BitMEX, and the exchange itself, “remain at high risk for exploitation through a variety of approaches.”
The error occurred when the company sent out a mass “general user update email” but failed to “blind CC” the email addresses of recipients.
The exact number of affected parties remains unconfirmed, but an individual or individuals behind an anonymous account on Twitter claimed Friday to be in possession of 400 000 BitMEX customer emails exposed in the breach.
Another party on Twitter claimed to have found over 200 passwords that matched the compromised emails on a database of stolen information. That individual said he or she would be emailing affected BitMEX customers to warn them of their exposure.
Unbound Tech says, “at least 23,000” individuals had their emails exposed in the breach, “leaving these individuals vulnerable to potential hackers looking to utilize their personal information and/or gain access to their digital assets.”
Oz Mishli, a cybersecurity specialist and VP Product at Unbound who helps crypto exchanges “improve their security posture” has offered some insights on the implications of the BitMEX breach on the exchange’s users.
“Email is where a lot of attack vectors begin,” he says, “from simple phishing to (a) complex drive by exploits downloading malware, so access to a list with a significant number of email addresses of users in a specific exchange is a high quality target for fraudsters.”
Because parties exposed in the BitMEX email debacle are likely to be traders or holders of cryptocurrencies, their funds may now be targeted by hackers, Mishli says:
“(Hackers) now have (an) effective way to precisely reach significant amounts of the exchange customers with highly targeted attacks.”
BitMEX did catch on to the leak in short order and says it has taken precautions to prevent customers from being put further at risk. But fallout from the attack will be descending for some time, says Mishli:
“(W)hile it seems that the direct implications of the leak are limited and the issue was identified and stopped by BitMEX, the indirect implications are still ongoing: there’s a high likelihood that the leaked data will be used to carry out targeted attacks on BitMEX’s affected customers, as mentioned above. In fact, in it’s blog BitMEX states that it actually happened, and its support team is working very hard to prevent subsequent compromises following this leak.”
Mishli sees, “two main attack vectors,” enabled by the leak.
The first is, “fraudsters attempting to access victims’ accounts, mainly by using compromised password (databases) from past breaches (and relying on password reuse by the victim across different services).”
The second is, “fraudsters initiating a targeted attack like (a) phishing campaign or malware campaign targeting BitMEX specifically.”
Mishli says the attack on customers, “is likely to come first as it is a lower level attack that is easier to pull off by less sophisticated attackers.” Mishli says it appears that BitMEX is already repelling these.
An attack on BitMEX, on the other hand, “is likely to come later as it requires more thorough preparation and stronger skills, however enables much more significant gain as it could deploy sophisticated attacks at scale to many leaked users (e.g. capable of bypassing 2FA).”