Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
On December 1, the Australian cryptocurrency exchange BTC Markets accidentally disclosed the full names and email addresses of all its customers in marketing emails sent to customers, which may expose all customers to potential phishing attacks. These emails are sent in batches of 1,000, which means that every customer has received the names and email addresses of 999 other users. BTC Markets CEO Caroline Bowler said that the company sincerely apologized for the incident and emphasized that the executives of the exchange are currently working around the clock to minimize the impact of violations and implement “additional security features”. To prevent future information leakage. Bowler advises BTC Markets customers to ensure that two-factor authentication is enabled to protect their accounts and to change the password of their email account. Attack method (per SlowMist): Information Leakage. Reported loss: -.
- chain
- —
- protocol
- BTC Markets
- bug_class
- phishing
- date_occurred
- 2020-12-01
- loss_usd
- —
- source_id
- sm:btc-markets::2020-12-01