Unfortunate May: BlockFi Suffers Breach, BitMEX Trading Engine Fails

Major crypto companies are still experiencing serious problems in May as BlockFi revealed that it suffered a data breach on May 14, while BitMEX Trading Engine went down today.

Crypto lender BlockFi said that the perpetrator attempted to make unauthorized withdrawals of client funds using the platform, but only managed to access clients’ personal information such as name, email, date of birth, physical address and activity history.

“From approximately 07:17 UTC to 08:43 UTC on May 14, 2020, a BlockFi employee’s phone number was breached and utilized by an unauthorized third party to access a portion of BlockFi’s encrypted back office system,” the company said.

The lender said they do not “believe there is any immediate risk to BlockFi clients or company funds.” However, over the next few weeks, their clients “may experience an increased quantity of security checks in the withdrawal process from our platform due to extra precautions.”

BlockFi urged their clients to turn two-factor authentication on their BlockFi accounts and personal devices, and “turn Whitelisting on.”

In the incident report, the company claims that they “are committed to always providing transparent and clear communication.”

I wanted to link directly to @TheRealBlockFi’s blog post disclosure of this very disturbing compromise but there isn’t one.

Instead they posted a hand-waving post about 2FA and whitelisting addresses.https://t.co/iJlZlz8qjl

— Matt Odell (@matt_odell) May 19, 2020

Meanwhile, at 13:29 UTC, major crypto derivatives exchange BitMEX said that after their Trading Engine went offline later today, they are bringing the platform back online, initially via cancel only mode until 13:40 UTC, where no new orders can be placed.

“All funds are safe, withdrawals will be delayed until after the outage has been resolved, likely 15:00 UTC. No liquidations have occurred during the downtime,” the company said.