The number of unauthorized attempts to access user accounts on BitMEX has climbed, the cryptocurrency derivatives exchange wrote in a blog post Tuesday.
In the wake of these rising attacks, the exchange now forbids users from disabling login notification emails and requires email verifications for withdrawal requests via the API. BitMEX also advises its users to use strong passwords, enable Two-Factor Authentication (2FA), and use a password manager.
BitMEX imposed these new practices after observing that almost all victims of these attacks did not see or receive account-related email notifications. In addition, some reused their passwords or have very weak ones, while others had their email addresses compromised first which then led to account theft.
According to BitMEX, perpetrators have adopted increasingly sophisticated tactics in taking over and moving funds from compromised accounts. Some hackers would deliberately make a loss against another account they also control, while others disabled email login notification after unauthorized account access.
BitMEX said in the blog post that it is also considering enforcing login access features such as 2FA, as it is “the best and easiest way to protect yourself from these attacks."