QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$0 USD
DECEMBER 2020
AUSTRALIA
BTC MARKETS
DESCRIPTION OF EVENTS
"Trade at the cutting edge. Bitcoin and cryptocurrency exchange." "Externally audited best practices." "Unrivalled liquidity and market depth across 22 markets."
"Since our founding in 2013, BTC Markets has grown into the largest, most liquid cryptocurrency exchange in Australia."
"We started when Bitcoin was $110. We’ve witnessed five forks and two halvings. Outlasted all the pumps and dumps, the naysayers and FUD."
"Over 325,000 Australians have traded $19 billion on our platform via our Australian-made cutting edge technology."
"BTC Markets stands as a major crypto exchange for Australia."
"[A]n Australian cryptocurrency exchange that bills itself as the largest in the country inadvertently exposed more than 270,000 of its members names and email addresses." "On December 1, the Australian cryptocurrency exchange BTC Markets accidentally disclosed the full names and email addresses of all its customers in marketing emails sent to customers, which may expose all customers to potential phishing attacks."
"These emails are sent in batches of 1,000, which means that every customer has received the names and email addresses of 999 other users."
"BTC Markets CEO Caroline Bowler said that the company sincerely apologized for the incident and emphasized that the executives of the exchange are currently working around the clock to minimize the impact of violations and implement “additional security features”. To prevent future information leakage."
"Earlier today, an announcement from BTC Markets exposed client names and email addresses. This is a deeply regrettable situation and we apologise wholeheartedly for it."
"Of paramount importance is the security of the platform and your account. The platform remains secure and unaffected by the recent email issue. Our external communication process has no interaction with our internal system and no password data was exposed."
"As good practice, to protect your BTC Markets account, we strongly advise all our clients to enable Two Factor Authentication (2FA). If you haven’t already done so, we have a Two-Factor Authentication Step-by-Step Guide – BTC Markets."
"BTC Markets uses an external system to send client-wide emails. We have used this system without incident for a number of years. Our usual process is to also send test emails."
"However, today our testing didn’t pick up that the sample email addresses in the batch were added to the same email, rather than sent individually. In this case, the batch sizes were under 1,000 email addresses."
"Once initiated, the emails could not be stopped even after the error was noticed, according to the report." "Account-holders had their name and email address exposed. The process took place very quickly, therefore it was not possible to stop the batch send once the error was realised."
"We will self-report to the Office of Australian Information Commissioner and fully comply with the data breach reporting requirements. In addition, there will be an internal review and additional rigour placed around data security and training."
"As it stands now, BTC Markets is doing the right thing in light of this error: Reporting it to the relevant authorities. In the Australian exchange’s case, this authority stands as the Office of the Australian Information Commissioner, or OAIC. It was further noted that the exchange would start taking guidance from the OAIC as to how to respond to this privacy breach when moving forward."
"[F]irst & last names plus email addresses would have been shared to others in the same batch. Batch size is max. 1,000 addresses." "All account holders were affected. The email was sent in batches, rather than in bulk." "While no passwords or financial data were included in the breach, email addresses can be used for targeted phishing campaigns, since the attackers know the individuals affected have cryptocurrency accounts."
"The privacy breach threatens the security of the BTC Markets user base. The exchange uses a user’s email address as their login." "Bowler advises BTC Markets customers to ensure that two-factor authentication is enabled to protect their accounts and to change the password of their email account."
BTC Markets was one of the largest exchanges in Australia. The company sent out a mailer announcing that they were accepting Tether on December 1st, 2020. The email was sent in batches, each to 1,000 customers. Except that the email addresses and full names in each batch were visible to all recipients.
SlowMist Hacked - SlowMist Zone (Jun 26)
https://www.btcmarkets.net/ (Dec 6)
Privacy Breach In BTC Markets, All Customers Vulnerable To Phishing Attacks - InsideBitcoins.com (Dec 6)
https://www.btcmarkets.net/about-us (Dec 6)
Australian Crypto Exchange Exposes Personal Data of 270K Users - CoinDesk Australian Crypto Exchange BTC Markets Exposes Personal Data of 270K Users (Dec 7)
@BTCMarkets Twitter (Dec 7)
@CaroBowler Twitter (Dec 7)
Australia’s largest cryptocurrency exchange accidentally exposed the names and emails of 270,000 customers (Dec 7)
Btcmarkets exchange just doxxed everyone's email addresses on their last issue : BitcoinAUS (Dec 7)
BTC Markets privacy breach exposes all customers to potential phishing attacks (May 30)
BTC Markets Privacy Breach Puts Users At Risk Of Phishing Attacks – Cryptovibes.com – Daily Cryptocurrency and FX News (May 30)
Privacy Breach in BTC Markets Leaves Customers Vulnerable | BTC Expanse - Cryptocurrency News (May 30)
