Here’s How Crypto Investors Can Improve OPSEC Following BitMEX Email Leak

BitMEX is in hot water with the crypto community after it inadvertently exposed the email contact information of its users publicly, prompting concerns from traders around the globe.

And while the leak could put traders at risk of being hacked, there are a number of techniques that victims of the leak can put into place that will improve their personal security and potentially protect from any intrusion attempts.



What is OPSEC and Why Is It Important To Crypto Investors?

OPSEC stands for operations security and is defined by Wikipedia as the process of identifying and protecting critical information that could be pieced together by “adversaries,” or in the case of BitMEX, cyber criminals, who may be interested in leveraging the leaked email addresses to access user’s funds and empty their accounts.

Related Reading | Disgruntled Crypto Investors Criticize BitMEX As Situation Escalates

The term was coined by a Vietnam era security team under the order of United States Admiral Ulysses Sharp and is commonly used by military entities around the world to this day. But it’s also become widely used to discuss personal data security needs of ordinary individuals – a growing issue in the digital age where sensitive user data is exposed both on purpose via social media, and without consent via hacks or other data breaches.

Crypto investors need to take personal OPSEC even more seriously, as according to a Google security expert claims, cryptocurrency is like catnip for cyber criminals, due to the added layer of anonymity they provide, making tracing their trail of crime all the more difficult.

Impacted By the BitMEX Leak? Here’s What Precautions You Can Take

Since email accounts were involved, the very first step any BitMEX users who were exposed should immediately change their email passwords, enable two-factor authentication on their BitMEX account, and if possible, their email accounts as well.

Many of today’s email services, including Gmail, offer protection behind SMS-based two-factor authentication through Google’s Authenticator app. While SMS is an option and is better than nothing, it still leaves users open to attacks, Taking things a step further, a Google Authenticator app could be installed on a separate phone that isn’t connected to the internet.

In the future, especially if the user is leaving BitMEX for greener pastures, an email account created exclusively for each trading platform registered is a wise idea and can protect a criminal from discovering other personal details about you from gaining access to a main email account. Oftentimes, these emails hold clues that can be pieced together.

For example, an email signature containing a phone number could tip a hacker off and give them information they could use in a SIM-card hack, which is also why SMS-based two-factor authentication may not be enough for crypto investors.

Users are also encouraged to disable any possible API links to other accounts, including Bitcoin.tax and other platforms requiring API read or write access.

Finally, the most important steps any crypto investor can take to protect themselves, is to never invest more than you can afford to lose, never disclose how much crypto you hold, and to ensure cryptocurrencies are stored on a cold storage wallet, offline, and behind a passphrase that is kept separately from the actual wallet itself.

Source