BitMEX is in hot water with the crypto community after it inadvertently exposed the email contact information of its users publicly, prompting concerns from traders around the globe.
And while the leak could put traders at risk of being hacked, there are a number of techniques that victims of the leak can put into place that will improve their personal security and potentially protect from any intrusion attempts.
What is OPSEC and Why Is It Important To Crypto Investors?
OPSEC stands for operations security and is defined by Wikipedia as the process of identifying and protecting critical information that could be pieced together by “adversaries,” or in the case of BitMEX, cyber criminals, who may be interested in leveraging the leaked email addresses to access user’s funds and empty their accounts.
Related Reading | Disgruntled Crypto Investors Criticize BitMEX As Situation Escalates
The term was coined by a Vietnam era security team under the order of United States Admiral Ulysses Sharp and is commonly used by military entities around the world to this day. But it’s also become widely used to discuss personal data security needs of ordinary individuals – a growing issue in the digital age where sensitive user data is exposed both on purpose via social media, and without consent via hacks or other data breaches.
Crypto investors need to take personal OPSEC even more seriously, as according to a Google security expert claims, cryptocurrency is like catnip for cyber criminals, due to the added layer of anonymity they provide, making tracing their trail of crime all the more difficult.
Impacted By the BitMEX Leak? Here’s What Precautions You Can Take
Since email accounts were involved, the very first step any BitMEX users who were exposed should immediately change their email passwords, enable two-factor authentication on their BitMEX account, and if possible, their email accounts as well.
BitMex hack checklist:
1) Which email(s) got hit?
2) Is that BitMex account secure (Non SMS 2FA + strong password)
3) Do I use that email for other (crypto) services?
4) Are those services secure?
If you’ve thought about employing proper security, now is the 2nd best time.
— DonAlt (@CryptoDonAlt) November 1, 2019
Many of today’s email services, including Gmail, offer protection behind SMS-based two-factor authentication through Google’s Authenticator app. While SMS is an option and is better than nothing, it still leaves users open to attacks, Taking things a step further, a Google Authenticator app could be installed on a separate phone that isn’t connected to the internet.
In the future, especially if the user is leaving BitMEX for greener pastures, an email account created exclusively for each trading platform registered is a wise idea and can protect a criminal from discovering other personal details about you from gaining access to a main email account. Oftentimes, these emails hold clues that can be pieced together.
If you were at all effected by the data breach on #Bitmex, here are things you can do immediately.
There are more, but I just wrote these down to get it out quickly.
I highly recommend you doing this to secure your accounts and protect yourself. pic.twitter.com/tQyzjuECz8
— Jacob Canfield (@JacobCanfield) November 1, 2019
For example, an email signature containing a phone number could tip a hacker off and give them information they could use in a SIM-card hack, which is also why SMS-based two-factor authentication may not be enough for crypto investors.
Users are also encouraged to disable any possible API links to other accounts, including Bitcoin.tax and other platforms requiring API read or write access.
Finally, the most important steps any crypto investor can take to protect themselves, is to never invest more than you can afford to lose, never disclose how much crypto you hold, and to ensure cryptocurrencies are stored on a cold storage wallet, offline, and behind a passphrase that is kept separately from the actual wallet itself.