In brief

  • Australian crypto exchange BTC Markets revealed the names and email addresses of its 270,000 clients.
  • The messages were sent out to batches of 1,000 users each, revealing their details to every addressee.
  • The exchange confirmed the leak and apologized—but its customers are not happy.

Australian cryptocurrency exchange BTC Markets—which claims to be the largest in the country—has leaked names and email addresses of over 270,000 of its customers via a marketing campaign, Business Insider Australia reported Today.

On Tuesday, the exchange began sending out emails to users, announcing the listing of Tether stablecoins and the support for Spark airdrop. However, instead of sending each email individually or using blind carbon copy, BTC Markets sent out its updates to whole batches of users at a time, adding 1,000 addresses for each message.

As a result, each user that received the exchange’s email could also easily see the addresses and names of other 999 receivers in the “To:” field.

BTC Markets CEO Caroline Bowler also confirmed that “All account holders were affected” and that “The email was sent in batches, rather than in bulk.”

It’s worth mentioning that since email services usually display any names that people used when they registered their mailing accounts, BTC Markets’ messages might have contained some pseudonyms—rather than real names—as well.

However, the biggest issue here is the email addresses themselves since BTC Markets also uses them as logins on the platform. This means that malicious actors now can easily compile a comprehensive database of BTC Markets users’ email addresses and pivot this data in phishing campaigns.

Per the report, BTC Markets addressed the issue and stated that when the leak was discovered, the platform ostensibly couldn’t stop the emails from sending out due to the high speed at which they were distributed.

“Earlier today, an announcement from BTC Markets exposed client names and email addresses. This is a deeply regrettable situation and we apologise wholeheartedly for it,” the exchange tweeted yesterday.

Unsurprisingly, users are not happy at all after the leak was discovered.

“If they cannot be trusted with a technology as old as email, how can they be trusted with crypto, let alone KYC [know-your-customer] information,” one Redditor summarized.

This isn’t the first time a crypto company has made this mistake. In November 2019, crypto exchange BitMEX exposed thousands of its customers’ details by doing the exact same thing.