Bitcoin Thread

[Swa]

Second pump. I'm out of market now except for a small short. Can go anywhere now after 25% in one day. Around $9400 was always the expected zone to top out after it went below $9000 so it might still top out here.

Personally I think it will temporary top out at $10100 as it's always been the hard zone to crack. Then possibly another test of $13k. Not sure if I should cut my losses now and accumulate of wait for the bigger move.

 

[SaiyanZ]

The only thing I'm fairly sure about now is that it won't go below $8450 again easily. Looking at the action yesterday, the pump followed the rule of all the major surprise pumps in the last couple years. First major pullback was the 0.236 fibs. Was $8450 for initial pump and then $9625 for the 2nd pump. $9625 was defended for a while before it was rejected. If I had to guess, I think we will range between $8500 and $9600 for a while now until direction is decided.

So for now I'm just going to be scalping with shorts, and will only long around $8500/$8600.

Also something else to note which could be very important. Anyone who traded on Bitmex and made huge profit in the last day hasn't been able to withdraw and sell for USD as yet. The price only pumped after the withdrawal time and it was about $7600 back then. So expect a bunch of profit taking today around 6pm/7pm our time as many will withdraw and convert to USD on other exchanges after such a large pump.

 

[Dan C]

mother trucker

 

[delta66]

8800 becoming a possible target for shorts

 

[delta66]

looks like a retest of 10K-10.5K

 

[SaiyanZ]

This is sort of what I'm expecting in the next few days. Will wait for more down before longing. Have only been trading shorts the whole weekend.

 

[delta66]

lets see if 9200 can hold

 

[Swa]

Anybody got an email from Bitmex exposing a bunch of email addresses?

 

[SaiyanZ]

Anybody got an email from Bitmex exposing a bunch of email addresses?

I didn't but I see there was was some breach/problem.

Statement on Email Privacy Issue Impacting Our Users - BitMEX Blog

We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users. Our team...

blog.bitmex.com

We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.

Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.

The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.

Shouldn't be a concern though even if someone knows your email and password if you use two-factor authentication.

 

[phly]

Anybody got an email from Bitmex exposing a bunch of email addresses?

Yea I did - for anyone looking for a mass mailing list they now have it without much stress. They claim they are looking into it and all that but this is not something you can recall back once it's out there - only avoid it from happening in future. Spilt milk scenario.

 

[Swa]

It's not so much anybody knowing my email I'm concerned about but that there could be other breaches like exposing someone else's account key that can be used in a cookie to gain access. We don't know the likelihood of that but it doesn't look good for Bitmex when you expose personal information accidentally.

 

[phly]

I wonder how long bitcoin will troll us before making its true intentions known and running again.

 

[SaiyanZ]

This $9180 fib level has been a magnet for over a week now. It tried a few times to get away in a channel but kept coming back. Think BTC is waiting for me to go long before it dumps big. I have only shorts open for now and will wait for the $8500 level to start building a long position.

This amount of sideways and pullback is not normal for BTC after a big pump so a follow through pump is becoming less and less likely. Either way, a big move has to come in the next couple days and there are going to be lots of liquidations whichever way it goes now.

The volume profile chart also shows that $8600 to $9000 is an empty zone. So it can slip through that region very quickly and easily.

 

[phly]

This $9180 fib level has been a magnet for over a week now. It tried a few times to get away in a channel but kept coming back. Think BTC is waiting for me to go long before it dumps big. I have only shorts open for now and will wait for the $8500 level to start building a long position.

This amount of sideways and pullback is not normal for BTC after a big pump so a follow through pump is becoming less and less likely. Either way, a big move has to come in the next couple days and there are going to be lots of liquidations whichever way it goes now.

The volume profile chart also shows that $8600 to $9000 is an empty zone. So it can slip through that region very quickly and easily.

Funny enough everyone plus their mothers out there are expecting a follow up pump. I have my eyes set much lower to a crazy 8081 - still testing out some ideas/observations/strategies and seeing what price will do once it dumps. I agree next few days something will have to give.

 

[Swa]

I'm getting the feeling it's just looking to screw us over and liquidate all those longs that have converted to the 9000+ price point.

 

[SaiyanZ]

Got the Bitmex email with the details of what happened with the email leak:

I see I also got the initial bulk email. It was in my spam folder.

Important Notice: Public User Email Address Disclosure
Please be aware of phishing attempts. Emails from BitMEX are sent from “[email protected]” and “[email protected]”. BitMEX will never ask you to transfer any funds, nor ask for your password.

Hello,

On Friday, November 1 at 06:00 UTC, many of our users received an email which contained the email addresses of other users in the To: field. This was a general email update to our users about upcoming changes to the weighting of our indices.

As a result, many BitMEX user email addresses, including a large number of inactive addresses, were disclosed to other users in small batches. No other information was disclosed.

We apologise for the concern this caused. This email will provide you with information about what happened and how we can assist you.

What happened?
BitMEX is a global business that sends emails to many different email providers. Email deliverability itself is a multi-layered problem, involving decades of work in building sender reputation systems and automatic spam filters. Unfortunately, this makes the job of large services such as BitMEX difficult at times: we only send mass emails to all users at rare events. We intend to keep a high signal-to-noise ratio, and only send email when absolutely necessary.

The index change we published on 1 Nov was of sufficient importance - it will impact pricing of all of our products - that we felt it necessary to inform all BitMEX users about it. However, bulk mail sends such as this are difficult to orchestrate correctly on a global scale, to all recipients. Some mail servers, especially the global arms of large brands like Yahoo and 163, have very tight controls that are often triggered when we send large amounts of mail. For system notifications such as withdrawals, password resets, and liquidations, it is imperative that the customer receives mail dependably.

To remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email. BitMEX has not sent an email to every customer at once since 2017, and much has changed since then. When we initiated the send, it became clear that it would take upwards of 10 hours to complete, and there was a desire on the team to ensure users received the same material information on a more reasonable timescale.

To handle this, the tool was quickly rewritten to send single SendGrid API calls in batches of 1,000 addresses. Unfortunately, due to the time constraints, this was not put through our normal QA process. It was not immediately understood that the API call would create a literal concatenated To: field, leaking customer email addresses. As soon as we became aware, we immediately prevented further emails from being sent and have addressed the root cause.

BitMEX is a company that takes engineering seriously, and we are disappointed that this lapse in care has resulted in unwanted disclosure for our customers. We believe that processes, not engineers, are to blame for these failures. Our processes failed here, and we are working around-the-clock to revamp them and to ensure that even the simplest-looking code changes are put under strict review.

Additionally, and unrelated to this action, the BitMEX Twitter account was accessed by an external individual. The account was back under BitMEX control within 6 minutes and resecured, and the event is under security review.

Beyond email addresses, no personal or account information has been disclosed. At no point were any of our core systems at risk.

Who was affected?
Most BitMEX users were affected by this action. You can self-diagnose your exposure with the following steps:

• If you received an email about the index change, and your email was the only one listed in the To: field, you were not affected.
• If you received the index change email, and you saw multiple addresses in the To: field, you were affected.
• If you did not receive an index change email, but you received this email, it is best to assume that you were affected. While the system was cut-off before it completed entirely, many recipients began marking BitMEX emails as spam, understandably out of hope that it would stop further emails. This caused deliverability issues at some hosts, causing mail not to be delivered. Unfortunately, someone else in your batch may have received the email, exposing your email address.
  • The deliverability issues caused by the spam reporting caused some follow-up password resets to be delayed for several hours. Our operation teams remedied this by 06:00 UTC on Nov 2.

 

[SaiyanZ]

What are we doing to help?

After the discovery of the disclosure, BitMEX employees worked through the night and day to reduce risk for users. We are aware that many users reuse email addresses across services. This, combined with a very human tendency to reuse passwords, meant that many of our users may have been at risk due to password hash dumps on other platforms, even ones unrelated to crypto.

For this reason, we took the following steps after we notified our users of the disclosure:

• Our Security and Support teams began enhanced monitoring of access patterns to flag accounts with suspicious activity after the disclosure. This led to several account password resets and human review with Support.
• At 13:00 UTC, during our usual human review of withdrawals, we conducted additional checks. We identified criteria that could be indicative of compromise given the circumstances. We cancelled requests from accounts that (i) did not have two-factor authentication, (ii) were withdrawing to a previously unseen Bitcoin address, (iii) were submitted with previously unseen new IP address, and (iv) were made after the email address disclosure had occurred. All other withdrawal requests were unaffected. These actions were taken in the interest of protecting our users and those affected have already been contacted.
• As it became clear that several groups were working to collate BitMEX email addresses in order to attempt to compromise them, BitMEX engineers forced a password reset for all users with balances and without Two-Factor devices. Affected users were notified via email (after a thorough QA review and retrospective on the original bug).
• BitMEX Support (contact here) is working shifts with extra agents, continuing to handle customer requests to change email addresses, answer questions, and provide security assessment and advice.

If you are concerned about your personal exposure, on BitMEX or on any other platform, the best thing you can do is to enable Two-Factor Authentication on all critical services. Start with your email address first. BitMEX has published advice on this topic, as have others, including this very helpful guide by Paul Stamatiou.

BitMEX engineering teams are working on new features to increase the number of security keys supported by the platform, to improve the signal of account notifications, and to give users more tools to avoid and contain account takeovers.
Do I need to do anything?
Although no-one's personal information or account details beyond their email address were disclosed, as best practice, we recommend that you:

• Please be vigilant against phishing attempts. Emails from BitMEX are sent from “[email protected]” and “[email protected]”. We recommend adding these addresses to your contacts list. We will never ask for your password.
• Note that BitMEX will never ask you to transfer any funds. The only way to fund your BitMEX account is to send Bitcoin to your unique BitMEX deposit address. Your unique BitMEX deposit address will begin with “3BMEX” or “3BitMEX” and can be found on the deposit page of your BitMEX account.
• Please take note of our official BitMEX communications channels. Only instructions provided via these avenues should be observed.
• Protect your account by using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all of your accounts (both BitMEX and personal); and to use a password manager.

We want to reassure you that beyond email addresses, no personal or account information has been disclosed. At no point during this issue were any of our systems at risk, and they remain secure, as we continue to take measures to enhance our security. Your privacy and security remains our top priority.

Sincerely,

Vivien Khoo,
Deputy Chief Operating Officer

 

[SaiyanZ]

It's doing the good old pump and then smash through multiple resistance. Quad support level and it goes straight into it. This is probably going to dump big soon.

 

[phly]

And running out of runway soon ...

 

[SaiyanZ]

Finally the dump I've been waiting for. Probably can go a bit further after the initial profit-taking.