BitMEX Enables Bech32 Sending Support

BitMEX is delighted to announce that customers can now withdraw bitcoin to the Bech32 (native SegWit) address format. This upgrade is effective immediately.


Bech32 Technical Details

Bitcoin currently has three address formats:

Address Format

Comments

Example Address

Pay to Public Key Hash (P2PKH)

Bitcoin’s original address format

Addresses starting with the number 1

19CPBGKkxj
4iPyfLu6E3
Wboydopqs6
U2GE

Pay to Script Hash (P2SH)

Enabled in April 2012

Addresses starting with the number 3

3BMEXScSmZ
yb22WhUpW6
XnX7FDwBbd
Xv2e

Bech32

The native SegWit address format

Addresses starting with bc1

bc1qdzac2x
4j6kcthjrc
dek4mdqghw
shkg30hgf60p

As of today, BitMEX is delighted to announce that customers can withdraw to all three address formats. Please note, when depositing to BitMEX, you must still send to our Pay to Script Hash (P2SH) format addresses, due to our multi-signature wallet solution. Bech32 address formats can currently only be used as the receiving address, when you withdraw from BitMEX.

This upgrade is part of BitMEX’s continued commitment to optimize our Bitcoin wallet infrastructure and technology, in order to reduce our usage of blockweight and to lower transaction fees for our customers. When BitMEX launched in 2014, we were one of the first companies to use P2SH multi-signature technology. BitMEX is keen to remain at the forefront of Bitcoin technology, and this announcement is only part of our wallet upgrade process, which will continue going forwards.

The Advantages of Bech32 Addresses

As explained in BIP173, the new address format has several advantages:

  • More efficient use of blockweight (and therefore lower fees)
  • Improved error detection
  • More efficient QR codes

Fee savings resulting from Bech32

The key advantage of Bech32 addresses is that transaction fees can be saved when spending bitcoin, which was already sent to a Bech32 address. Therefore this upgrade will not directly result in fee savings when customers withdraw from BitMEX, however in the next transaction, when the bitcoin already withdrawn from BitMEX is spent again, our customers may benefit from lower transaction fees.

When spending from a non-native address using SegWit, one must add around 20 bytes of overhead. When using native SegWit-style addresses (Bech32), this overhead is no longer necessary. The absence of this overhead generates the savings.

In the below tables we have quantified the blockweight savings. As one can see, based on our example 1 input 2 output transaction, in terms of blockweight, native SegWit spends save around 37% compared to pre-SegWit style spends and 17% compared to non-native SegWit spends.

Typical transaction sizes for a 1 input 2 output transaction (Illustrative figures)

Input redemption type

Witness size (bytes)

Witness size
(virtual bytes)

Total transaction size (bytes)

Total transaction size (virtual bytes)

P2PKH

110

110

220

220

P2SH SegWit

110

28

240

167

SegWit (Native)

110

28

220

138

(Source: BitMEX Research)

Typical percentage savings for a 1 input 2 output transaction (Illustrative figures)

Input redemption type

Witness size (bytes)

Witness size
(virtual bytes)

Total transaction size (bytes)

Total transaction size (virtual bytes)

P2SH SegWit compared to P2PKH

0%

75%

(9%)

24%

SegWit (Native) compared to P2PKH

0%

75%

0%

37%

SegWit (Native) compared to P2SH SegWit 

0%

0%

8%

17%

(Source: BitMEX Research)

Since the savings are generated by the witness discount on the signature/scripts, the more inputs a transaction has, the higher the percentage savings. Therefore larger transactions, with more than one input, will typically experience higher savings that those in the above table.

Future BitMEX Wallet Upgrades

The next upgrade priority for the BitMEX wallet is enabling SegWit (non-native), compared to our current non-SegWit P2SH multi-signature wallet solution.

As explained above, SegWit can result in significant blockweight savings of around 25% to 40%, however in the case of BitMEX, the savings will be even higher. A BitMEX withdrawal is a 3 of 4 multi-signature P2SH transaction, each input therefore requires three digital signatures and four public keys. Currently, a typical 2 input 2 output BitMEX withdrawal can be as large as 1,200 bytes. The benefits of applying the witness discount to these large transactions is far greater than for typical non-BitMEX transactions. Therefore BitMEX would benefit from a blockweight saving of around 65% by adopting SegWit.

If you would like to help develop our Bitcoin wallet technology, please consider applying here to join the team.

Q1 2020 Index Weights

On 27 December 2019 12:00:05 UTC, BitMEX will update its index weights.

From today, the hypothetical values of the indices with the new weights will be published as the “NEXT” index family (Eg .BXBT_NEXT). 

As of 27 December 2019 at 12:00:05 UTC, assuming no constituent exchanges have been excluded due to Index Protection Rules, BitMEX index weights will be:

 
Binance
Bitstamp
Bittrex
Coinbase
Gemini
Huobi
Itbit
Kraken
Poloniex
.BXBT
10.61%
2.53%
52.30%
6.89%
4.21%
23.46%
.BETH
4.69%
58.81%
7.62%
28.88%
.BETHXBT
60.59%
5.96%
25.83%
4.13%
3.49%
.BXRPXBT
67.98%
3.62%
6.56%
16.24%
5.60%
.BBCHXBT
47.18%
5.97%
46.85%
.BLTCXBT
51.94%
10.07%
34.30%
3.69%
.BEOSXBT
46.98%
53.02%
.BADAXBT
83.48%
6.20%
7.36%
2.96%
.BTRXXBT
57.21%
42.79%

The BitMEX “NEXT” indices are available for your reference and include the index weights calculations. You can also read BitMEX “NEXT” specific documentation to further understand BitMEX indices.

If you have any further questions, please contact Support via our contact form.

Q1 2020 Quarterly Futures Listings

On 13 December 2019 08:30 UTC, BitMEX will list new quarterly futures.

Please see the table below of listing and settlement dates for current and upcoming futures contracts for Q1 2020. The new contracts are in bold.

Code Pair Listing Date Settlement Date
ADAZ19 Cardano / Bitcoin 13 September 2019 27 December 2019
ADAH20 Cardano / Bitcoin 13 December 2019 27 March 2020
BCHZ19 Bitcoin Cash / Bitcoin 13 September 2019 27 December 2019
BCHH20 Bitcoin Cash / Bitcoin 13 December 2019 27 March 2020
EOSZ19 EOS Token / Bitcoin 13 September 2019 27 December 2019
EOSH20 EOS Token / Bitcoin 13 December 2019 27 March 2020
ETHZ19 Ether / Bitcoin 13 September 2019 27 December 2019
ETHH20 Ether / Bitcoin 13 December 2019 27 March 2020
LTCZ19 Litecoin / Bitcoin 13 September 2019 27 December 2019
LTCH20 Litecoin / Bitcoin 13 December 2019 27 March 2020
TRXZ19 Tron / Bitcoin 13 September 2019 27 December 2019
TRXH20 Tron / Bitcoin 13 December 2019 27 March 2020
XRPZ19 Ripple Token (XRP) / Bitcoin 13 September 2019 27 December 2019
XRPH20 Ripple Token (XRP) / Bitcoin 13 December 2019 27 March 2020
XBTZ19 Bitcoin / USD 15 March 2019 27 December 2019
XBTH20 Bitcoin / USD 13 September 2019 27 March 2020
XBTM20 Bitcoin / USD 13 December 2019 26 June 2020

 

Bitcoin’s Initial Block Download

Abstract: We test the performance of Bitcoin Core by successfully conducting 35 initial block downloads (IBDs) and recording the amount of time the node takes to synchronize with the network. We used software releases in the period spanning from 2012 to 2019. The results show a considerable and consistent improvement in the performance of the software, but also a high degree of variance. Even with the latest computer hardware, older versions of Bitcoin struggled to get past the pickup in transaction volume which occured in the 2015 to 2016 period. Therefore we conclude that without the software enhancements, an initial synchronization today could be almost impossible.

Figure 1 – Bitcoin Initial Block Download Time (Days) – Average Of 3 Attempts

(Source: BitMEX Research)
(Notes: Synchronization up to block 602,707. Further details in the notes below)

Overview

To test the performance of Bitcoin Core during the initial synchronization, we successfully conducted 35 initial block downloads (IBDs) and recorded the amount of time each attempt took. The results are shown in Figure 1 above and illustrate that there was a significant improvement in speed when Bitcoin Core 0.12.0 was released in February 2016, due to the upgrade from OpenSSL to libsecp256k1 for signature verification. Libsecp256k1 was built specifically for Bitcoin. Since then, the improvements in speed were much slower and due to the high variance in IBD times, the improvements are only clearly visible after multiple attempts. However, even after Bitcoin Core 0.12.0 was released in February 2016, a small gradual improvement in performance is still visible after each software release from Bitcoin Core 0.13.0 to Bitcoin Core 0.19.0.1.

Of course, IBD time is only one metric, and there are plenty of other angles and considerations that one can use to evaluate the performance and capabilities of Bitcoin Core. While the IBD time may not be the perfect or complete measure of overall software performance, it is highly resource-intensive and therefore potentially a good metric to benchmark.

This report follows on from two previous experiments: 

  • In November 2018 Jameson Lopp conducted a similar exercise, however that analysis focused on independent implementations, while this analysis focuses on older versions of Bitcoin Core (or just “Bitcoin”, as some of the older software pre-dates the name “Bitcoin Core”). 
  • Sjors Provoost also conducted this experiment in July 2017, although Sjors provided data for fewer synchronization attempts.

Full Results and Raw Data

Figure 2 – Bitcoin Initial Block Download Time (Days)

(Source: BitMEX Research)
(Notes: Synchronization up to block 602,707, further details in the notes below)

System Specification & Other Notes

 
MacBook Pro (64 bit)
Linux VPS (64 bit)
OS
macOS Mojave (10.14)
Ubuntu 18.04.3
Processor
6 Core Intel i9 2.9GHz 
8 Core Intel Xeon
Memory
32GB
32GB
Storage
1 TB Flash Storage
640GB Flash Storage
Internet Downstream Bandwidth
62Mb/s
2,000Mb/s
Internet Upstream Bandwidth
20Mb/s
400Mb/s
IBD ended at height
602,707
602,707
Bitcoin.conf settings
assumevalid=0
dbcache=24000
maxmempool=500

Full Table of Results

Client Client release date
Sync Time (Hours)
Machine
Bitcoin Core 0.19.0.1
24/11/2019
11.4
MacBook Pro
Bitcoin Core 0.18.1
20/07/2019
10.4
MacBook Pro
Bitcoin Core 0.17.0
03/10/2018
17.7
MacBook Pro
Bitcoin Core 0.16.0
28/02/2018
18.5
MacBook Pro
Bitcoin Core 0.15.0
14/07/2017
21.1
MacBook Pro
Bitcoin Core 0.14.0
08/03/2017
16.4
MacBook Pro
Bitcoin Core 0.13.0
17/08/2016
24.7
MacBook Pro
Bitcoin Core 0.12.0
17/02/2016
15.8
MacBook Pro
Bitcoin Core 0.11.2
10/11/2015
53.3
MacBook Pro
Bitcoin Core 0.10.0
12/02/2015
81.2
MacBook Pro
Bitcoin Core 0.9.0
18/03/2014
85.1
MacBook Pro
Bitcoin Core 0.8.6
09/12/2013
Abandoned
MacBook Pro
Bitcoin Core 0.19.0.1
24/11/2019
13.6
Linux
Bitcoin Core 0.18.1
20/07/2019
15.9
Linux
Bitcoin Core 0.17.0
03/10/2018
13.3
Linux
Bitcoin Core 0.16.0
28/02/2018
18.8
Linux
Bitcoin Core 0.15.0
14/07/2017
17.9
Linux
Bitcoin Core 0.14.0
08/03/2017
25.1
Linux
Bitcoin Core 0.13.0
17/08/2016
15.8
Linux
Bitcoin Core 0.12.0
17/02/2016
14.8
Linux
Bitcoin Core 0.11.2
10/11/2015
46.0
Linux
Bitcoin Core 0.10.0
12/02/2015
77.2
Linux
Bitcoin Core 0.9.0
18/03/2014
78.9
Linux
Bitcoin Core 0.8.6
09/12/2013
98.5
Linux
Bitcoin Core 0.19.0.1
24/11/2019
14.0
Linux
Bitcoin Core 0.18.1
20/07/2019
13.7
Linux
Bitcoin Core 0.17.0
03/10/2018
16.0
Linux
Bitcoin Core 0.16.0
28/02/2018
18.2
Linux
Bitcoin Core 0.15.0
14/07/2017
17.9
Linux
Bitcoin Core 0.14.0
08/03/2017
17.0
Linux
Bitcoin Core 0.13.0
17/08/2016
21.9
Linux
Bitcoin Core 0.12.0
17/02/2016
17.1
Linux
Bitcoin Core 0.11.2
10/11/2015
44.1
Linux
Bitcoin Core 0.10.0
12/02/2015
82.2
Linux
Bitcoin Core 0.9.0
18/03/2014
82.1
Linux
Bitcoin Core 0.8.6
09/12/2013
72.6
Linux

(Source: BitMEX Research)

Analysis of the Results

As Figure 2 above illustrates, even when conducting the IBD with the same software and with a machine with the same specification, there is considerable variance in the reported times. 

Figure 3 – IBD time vs Client Release Date (Days) – Average Time of 3 Attempts

(Source: BitMEX Research)
(Note: For the Bitcoin 0.8.6 client, the results above are an average of only 2 attempts)

Figure 3 above indicates that the performance of the software improved incrementally with each software release, with the exception of the strong performance of Bitcoin Core 0.12.0. However, despite the apparent clear trend in the above chart, the large variance and in IBD times on each attempt could indicate there is considerable uncertainty. One may need more sample data before drawing strong conclusions about improvements in performance since 2016. It is possible the variation is primarily caused by issues in the Bitcoin P2P network or the internet connection and therefore a good area of further study may be to compare the re-scan speed, the time taken to fully verify the blockchain once it has already been downloaded.

Bitcoin Core 0.12.0 performs well in the above analysis. This may be because Bitcoin Core 0.12.0 has libsecp256k enabled, but does not validate signatures for transaction inputs where the witness is segregated (Segregated Witness). Therefore Bitcoin Core 0.12.0 does not validate all the signatures in the blockchain post August 2017, giving the client somewhat of an “unfair advantage”. However this advantage may also apply to Bitcoin Core 0.13.0, despite this node not appearing to be an outlier. Of course all the versions prior to Bitcoin Core 0.12.0 have that same “unfair” advantage, but this is dwarfed by the disadvantages of using OpenSSL.

Syncing The Client Up To Its Release Date

The below chart (Figure 4) illustrates the time it takes to synchronize a client, up until the block height on the date the software was released.

Figure 4 – IBD Time Up To Client Release Date (Days)

(Source: BitMEX Research)
(Note: Data for the nodes running on Linux only. Bitcoin Core 0.19.0.1 only synced up to height 602,707)

The chart shows that the trend was reasonably flat from Bitcoin Core 0.8.6 to Bitcoin Core 0.14.0, at that point the scalability improvements could not match the impact of time progressing and the blockchain increasing in height, and the chart shows an upward trend. Unfortunately the rate of software improvement has been reduced in recent years, perhaps as the low-hanging fruit improvements have already been made. Higher transaction volume may have also contributed to this. Future scalability improvements may be a lot more challenging, and even if the 4 million unit blockweight limit is maintained, IBD times may continue to increase going forwards, despite further software upgrades and moderate increases in hardware performance.

The Failed IBD Attempts

We did successfully compile and run versions of Bitcoin prior to 0.8.6, however, the synchronization became slow when the node reached the 2015 to 2016 period. The pre-0.8.6 nodes, such as 0.7.0, did successfully get past the apparent hardfork in 2013, by manually changing the lock limit, however 2015 proved too challenging due to the increased transaction volume, and the node stopped processing blocks. We tried restarting the node, which did help push it forwards, but then it only got stuck again. We then even tried running Bitcoin Core 0.7.0 on our brand new local machine, with 64 GB of RAM and 8 Intel i9 processors, however the node was still unable to get past 2016. With many of the scaling parameters involved being non-linear, one cannot simply throw more hardware at the problem.

On occasions when the nodes got stuck on a block and we re-started, we abandoned the synchronization after 4 restart attempts. For Bitcoin Core 0.8.6 on the MacBook Pro, the synchronization was abandoned when the leading block was in 2016. Although this is slightly disappointing, no restarts were required for the remaining 35 successful synchronizations.

Conclusion

Other than the fact that the BitMEX IT department should be more cautious when issuing BitMEX Research with MacBook Pros, the data illustrates the significant scalability enhancements which have been delivered over the last seven years. The transition to libsecp256k being the most significant improvement. The large reductions in IBD times and the inability of old nodes to fully synchronize indicates that if it were not for these scalability enhancements, by now Bitcoin would be essentially dead, even if users had the highest specification hardware available. The data also shows that technological innovation is unlikely to keep up with the growing blockchain going forward and that IBD times will increase.

Temporary change to BitMEX .BBCHXBT Index, 28 November 2019

Effective 28 November 2019 at 02:00 UTC, BitMEX will temporarily remove Binance from its .BBCHXBT index in response to Binance’s scheduled symbol change. This Binance symbol change is expected to take 8 hours and will affect the BitMEX .BBCHXBT index only. Binance will be reintroduced as a constituent of .BBCHXBT once trading on Binance has resumed. 

If you have any further questions, please contact Support via our contact form.

Websocket Latency, 26 November 2019

Between 21:30 UTC 25 November 2019 and 07:05 UTC 26 November 2019 the Websocket API was running with degraded capacity. This resulted in slightly more latent feeds during this time and some isolated occurrences of substantial lag during traffic spikes correlated with large market moves.

The issue was identified when latency thresholds were breached in our automated monitoring systems around 06:55 UTC. From 07:05 the issue was resolved and full capacity was restored. We continue to monitor the impacted services closely.

The issue was caused by incorrect CPU pinning following a release of a market data distribution component at 21:30 UTC 25 November 2019. The impact of this was only observed during large traffic spikes which occurred several hours later and so was not identified during the post release checks at the time. The configuration of this service has been corrected and the deployment tested to prevent this from happening again.

We apologise for any inconvenience this may have caused. If you have any further questions, please contact Support via our contact form.

Updated Fees for ETHZ19 – Effective from 29 November 2019 12:00:05 UTC

We are rolling out reduced fees and rebates on ETHZ19 between 29 November 2019 12:00:05 UTC and 27 December 2019 12:00 UTC.

During this period, maker fees will be -0.025% and taker fees will be 0.075% for all trades on ETHZ19 only.

When the ETHH20 contract is listed, it will have a maker fee of -0.05% and a taker fee of 0.25%. For more information you can visit our updated Fees page here.

Thanks for your continued support!

If you have any further questions, please contact Support via our contact form.

Benford’s Law & Cryptocurrency Trading Data

Abstract: In this report we examine Benford’s law, a mathematical rule which describes the frequency of the leading digit in various real world sequences of numbers. We look at various datasets from the cryptocurrency ecosystem, such as coin prices and trading volume data. We explain that this mathematical concept should not be looked at in isolation and that a strong understanding of the underlying economics is necessary to draw strong conclusions. We note that for a minority of trading platforms, notably OKEX and HitBTC, the reported trading volume figures appear to result in a distribution which does not follow Benford’s law. However, this pattern does not imply inappropriate manipulation of the data and there are many potential legitimate explanations for the unexpected distributions.

(Ben Affleck explaining to Anna Kendrick the abnormally high occurrence of the digit 3, potentially indicating financial fraud, in the 2016 Hollywood movie “The Accountant”. Screen captured 41 minutes and 40 seconds into the film)

Overview of Benford’s law

Benford’s law concerns the frequency distribution of the first digit from various real world sequences of numbers. One might think that the frequency distribution of the first digit in most scenarios would be 11.1% (i.e. 11.1% for 1, 11.1% for 2, 11.1% for 3, ect ) and this is indeed the case in many scenarios, for instance a random number generator should result in such a frequency distribution. However, there are some real world scenarios in physics, geology, biology, chemistry, architecture, demographics, finance, business or other fields, where a different frequency distribution is observed, one matching the chart below, where 1 is the most common (occurring 30.1% of the time), followed by 2, etc.

Frequency distribution of the first digit in an exponentially growing geometric series

(Source: BitMEX Research)
(Note: The geometric series starts at the number 1, grows by 2% each interaction and contains 5,000 numbers)

Justifying exactly why the above phenomenon is observed can be challenging and there does not appear to be a concise explanation applicable in all scenarios. The major characteristic necessary in order to observe Benford’s law appears to be that the data must span across several orders of magnitude.

In our view, good way of explaining the phenomenon is by considering a basic geometric series. For instance, consider a geometric series of numbers, growing by 10% each iteration. When the series has reached the level of 24 (40% of the way through the twenties), the next number in the series is 26.4, still well within the twenties, with 2 as the leading digit. If the geometric series is at 84 (40% of the way through the eighties), the next number in the sequence is 92.4 and the leading digit has changed from 8 to 9. This shows how some series, which could occur for instance in finance or nature, result in the observation where lower value leading digits are more common than higher value digits.

Applying Benford’s Law to Business and Finance

Before joining BitMEX Research, many of the team used to work as investment analysts or portfolio managers covering equities. Back in 2015, inspired by a paper from the Association of Certified Fraud Examiners, a colleague proposed that we could use Benford’s law as a tool to look for financial fraud in reported financial statements. The theory was that if corporate financials accurately reflected the real world, the numbers should follow Benford’s law, however if they had been nefariously manipulated or generated randomly, the numbers should deviate significantly from Benford’s law, which could be a flag for financial fraud. However, as the below scenarios illustrate, it may not be as simple as that.

Consider the following two somewhat contrived examples:

Example 1 – Analysing the sales of a high-growth American technology company – Google

The Amercian internet conglomerate Google [GOOGL US] generated sales of only around $200,000 in 1999. The company grew significantly over the last 20 years and today has sales of over $100 billion. Google’s sales therefore spanned many orders of magnitude and Benford’s law may be appropriate to analyse the group’s financial metrics.

Example 2 – Analysing the sales of a low-growth Japanese utility company – Hokkaido Electric

The Japanese hydroelectric, thermal and nuclear power generating company Hokkaido Electric Power [9509 JP] had sales Y752 billion in financial year ended March 2019. While 25 years ago, the company had sales of Y544 billion and at no point in the last 25 years did sales leave the Y500 billion to Y800 billion range. The leading digit of the company’s annual revenue figure was either 5, 6 or 7 in each of the last 25 years, certainly not following Benford’s law. This is not necessarily an indication of fraud or other financial impropriety, it may merely indicate the company’s conservative nature, low population growth in Japan, a low-growth economic backdrop and Japan’s relatively low inflation rate.

Frequency distribution of the leading digit

Leading Digit
Benford Model
Google Sales (1999 to 2019)
Hokkaido Electric Sales (1995 to 2019)
1
30.1%
33.3%
0.0%
2
17.6%
19.0%
0.0%
3
12.5%
9.5%
0.0%
4
9.7%
9.5%
0.0%
5
7.9%
4.8%
72.0%
6
6.7%
9.5%
12.0%
7
5.8%
4.8%
16.0%
8
5.1%
4.8%
0.0%
9
4.5%
4.8%
0.0%

(Source: BitMEX Research)
(Note: Google sales are in US$ while Hokkaido Electric’s sales are in Japanese yen)

The purpose of the above examples is to illustrate that one cannot blindly apply Benford’s Law to financial analysis. In order to conduct this analysis effectively, one may need both a strong understanding of mathematics and the underlying economics of the businesses in question. In our view, infering stong conclusions about the operations of financial markets based on statistical or mathematical analysis, without a strong enough understanding of the assumptions and principles behind the mathematics and how they apply to finance, is a mistake made too often, particularly by macro economists and econometricians. We are keen not to repeat this error in this report.

When we analysed our equity portfolios using Benford’s law, we were able to detect that stocks in certain sectors, such as technology, biotech or commodities often followed Benford’s law, while the picture was more mixed when looking at more stable sectors like food, utilities, retail or construction. When conducting a basic analysis of stocks, its possible Benford’s law is more a measure of volatility or growth than of any nefarious manipulation of the figures.

While Benford’s law may be considered a tool to flag potential fraud, it certainly does not provide proof of it. In this report, we will not to fall into the trap of overestimating the power of Benford’s law as a method of detecting fraud when evaluating the cryptocurrency space.

Cryptocurrency Prices

Below we have applied the Benford analysis to cryptocurrency prices. In general the results show that cryptocurrency price movements do follow Benford’s law.

Frequency Distribution of the Leading Digit of Coin Daily Percentage Price Changes – 12 Months ended November 2019

(Source: BitMEX Research, Coinmarketcap)

When looking at the square root at the sum of the squared differences from the Benford model, Stellar, Bitcoin Cash and Litecoin have the highest deviation, while Ethereum and Ripple have the lowest deviation. It should be considered highly unlikely that this is evidence of price manipulation in Stellar, Bitcoin Cash and Litecoin, for several reasons:

  • All the coins follow Benford’s model reasonably closely and some deviation is expected given randomness
  • A lower deviation may simply indicate the coin price is more volatile, therefore the percentage price changes are more likely to move across orders of magnitude, 
  • One year’s worth of price data may be too short to draw appropriate conclusions (for example, the longer the time horizon for the Bitcoin price, the more closely the distribution follows Benford’s law)
  • Other factors we have not considered could be driving the deviations

Cryptocurrency Trading Platforms

After looking at the coins, we moved our analysis on to cryptocurrency trading platforms, by looking at the daily trading volume of the USD vs BTC trading pair. The results here are more interesting and the deviations are more significant. Most of the platforms in our sample set follow Benford’s distribution reasonably closely, but with a few notable exceptions such as BitForex, HitBTC and OKEX.

Frequency Distribution of the Leading Digit of Cryptocurrency trading platform daily BTC vs USD daily trading volume

(Source: BitMEX Research, Investing.com)
(Notes: Daily trading volume since 12 December 2018.)

Results Table – Frequency Distribution of the Leading Digit of Cryptocurrency trading platform daily BTC vs USD daily trading volume

(Source: BitMEX Research, Investing.com)
(Notes: Daily trading volume since 12 December 2018.)

Square root of the sum of the square differences from the Benford distribution

(Source: BitMEX Research, Investing.com)
(Notes: Daily trading volume since 12 December 2018. BTC vs USD)

While the above deviations from Benford’s law do appear significant and potentially interesting, the same caveats apply as in the coin price section of this report. Namely, the distribution could be a measure of growth or volatility, the time periods may be too short or some other factors could be driving the deviations.

Conclusion

The conclusion to this piece is certainly not that Benford’s law proves that OKEX and HitBTC fake their trading volume numbers, or even that the analysis proves that Kraken and Bittrex don’t fake their numbers. As we explained above, there are many factors which could influence how closely the numbers follow the Benford distribution, many of which can be wholly legitimate, such as whether the platform was going through a period of strong growth or was in a more stable period. CryptoCompare’s exchange review takes a more holistic approach to evaluating exchanges, far more robust than merely applying one idiosyncratic mathematical concept. However, if one is already familiar with some of the economics and trends of the cryptocurrency trading platform space, this analysis may provide useful additional information.

Announcing txstats.com

BitMEX Research and Coin Metrics are happy to announce the release of txstats.com, the successor to P2SH.info, an independent project created by Coin Metrics’ Lead Data Engineer, Antoine Le Calvez.

Bitcoin stored by P2SH address type

(Screenshot from txstats.com)

Txstats.com is a collaboration between BitMEX Research and Coin Metrics with the aim of providing in-depth, high quality and timely information about how the Bitcoin network is used.

Txstats.com provides a series of dashboards centered around a specific element of Bitcoin transactions such as:

  • P2SH transaction statistics, 
  • Multi-signature usage data,
  • SegWit transaction statistics, 
  • Lightning Network channel data,
  • OP_Return statistics, 
  • Bech32 adoption,
  • Replace by Fee usage,
  • Data related to the Block Size Debate, 
  • Fee Estimation.

BitMEX Research and Coin Metrics intend for txstats.com to be dynamic and will add more statistics to the website based on community feedback. If you would like to see a new feature added to the site please feel free to let us know by emailing us at info@coinmetrics.io or by Tweeting @BitMEXResearch

If you’d like to learn more about Coin Metrics and BitMEX Research, check out Coin Metrics’ weekly newsletter, State of the Network, and BitMEX Research’s blog.

Email Privacy Issue: What Is Happening And How Can We Help

We understand many of you are concerned about the email disclosure which happened over this weekend and no doubt have many questions.

Our teams across the world have been working around the clock to protect your account security and make sure we are back on course. Our support team has already assisted many of our users and we are continuing to establish contact with everyone. This is a staggered process, to ensure that the proper processes are all followed, the delivery is logistically smooth and that all underlying security concerns are appropriately covered. If you have not yet heard from us already, you will do very soon.

We would like to apologise unreservedly for the concern this has caused. Below contains further information about what happened, how we can assist you and some steps that you can take to improve your protection.

What happened?

On Friday, November 1 at 06:00 UTC, many of our users received an email which contained the email addresses of other users in the “To:” field. This was a general email update to our users about upcoming changes to the weighting of our indices. As a result, many BitMEX user email addresses, including a large number of inactive addresses, were disclosed to other users in small batches. No other information was disclosed.

BitMEX is a global business that sends emails to many different email providers. Email deliverability itself is a multi-layered problem, involving decades of work in building sender reputation systems and automatic spam filters. Unfortunately, this makes the job of large services such as BitMEX difficult at times: we only send mass emails to all users on rare occasions. We intend to keep a high signal-to-noise ratio, and only send emails when absolutely necessary.

The index change we published on 1 Nov was of sufficient importance – it will impact pricing of all of our products – that we felt it necessary to inform all our users about it. However, bulk mail sends such as this are a difficult and complex undertaking when it’s on a global scale, to all recipients. Some mail servers, especially the global arms of large brands like Yahoo and 163, have very tight controls that are often triggered when we send large amounts of mail. For system notifications such as withdrawals, password resets, and liquidations, it is imperative that the customer receives mail dependably.

To remedy this, we built an in-house system to handle the necessary rendering, translation, staging, and piecemeal (as not to trigger rate limits) sending of important email. BitMEX has not sent an email to every customer at once since 2017, and much has changed since then. When we initiated the send, it became clear that it would take upwards of 10 hours to complete, and there was a desire on the team to ensure users received the same material information on a more reasonable timescale.

To handle this, the tool was quickly rewritten to send single SendGrid API calls in batches of 1,000 addresses. Unfortunately, due to the time constraints, this was not put through our normal QA process. It was not immediately understood that the API call would create a literal concatenated “To:” field, leaking customer email addresses. As soon as we became aware, we immediately prevented further emails from being sent and have addressed the root cause. Since then we have been aiding all who have been affected as best we can and mitigating the damage to contain the leak.

BitMEX is a company that takes engineering seriously, and we are disappointed that this lapse in care has resulted in unwanted disclosure for our customers. We believe that processes, not engineers, are to blame for these failures. Our processes failed here. We are working around-the-clock to revamp them and to ensure that even the simplest-looking code changes are put under strict review.

Additionally, and unrelated to this action, the BitMEX Twitter account was accessed by an external individual. The account was back under BitMEX control within 6 minutes and re-secured, and the event is under security review.

Beyond email addresses, no personal or account information has been disclosed. At no point were any of our core systems at risk.

Who was affected?

Most BitMEX users were affected by this action. You can self-diagnose your exposure with the following steps:

  • If you received an email about the index change, and your email was the only one listed in the “To:” field, you were not affected.
  • If you received the index change email, and you saw multiple addresses in the To: field, you were affected.
  • If you did not receive an index change email, you may have been affected and we still recommend that you follow steps below to improve your protection online. While the system was cut-off before it completed entirely, many recipients began marking BitMEX emails as spam, understandably out of hope that it would stop further emails. This caused deliverability issues at some hosts, causing mail not to be delivered. Unfortunately, someone else in your batch may have received the email, exposing your email address.
    • The deliverability issues caused by the spam reporting caused some follow-up password resets to be delayed for several hours. Our operation teams remedied this by 06:00 UTC on Nov 2.

What are we doing to help?

After the discovery of the disclosure, BitMEX employees have since worked through the nights and days to reduce risk for users. We are aware that many users reuse email addresses across services. This, combined with a very human tendency to reuse passwords, meant that many of our users may have been at risk due to password hash dumps on other platforms, even ones unrelated to crypto.

For this reason, we took the following steps after we notified our users of the disclosure:

  • Our Security and Support teams began enhanced monitoring of access patterns to flag accounts with suspicious activity after the disclosure. This led to several account password resets and human review with Support.
  • At 13:00 UTC on the day of the email, we conducted additional checks during our usual human review of withdrawals. We identified criteria that could be indicative of a compromise given the circumstances. We cancelled requests from accounts that (i) did not have two-factor authentication, (ii) were withdrawing to a previously unseen Bitcoin address, (iii) were submitted with previously unseen new IP address, and (iv) were made after the email address disclosure had occurred. All other withdrawal requests were unaffected. These actions were taken in the interest of protecting our users and those affected have already been contacted.
  • As it became clear that several groups were working to collate BitMEX email addresses in order to attempt to compromise them, BitMEX engineers forced a password reset for all users with balances and without Two-Factor devices. Affected users were notified via email (after a thorough QA review and retrospective on the original bug).
  • BitMEX Support (contact here) is working shifts with extra agents, continuing to handle customer requests to change email addresses, answer questions, and provide security assessment and advice.

If you are concerned about your personal exposure, on BitMEX or on any other platform, the best thing you can do is to enable Two-Factor Authentication on all critical services. Start with your email address first. We have  published advice on this topic, as have others, including this very helpful guide by Paul Stamatiou.

BitMEX engineering teams are working on new features to increase the number of security keys supported by the platform, to improve the signal of account notifications, and to give users more tools to avoid and contain account takeovers.

Do I need to do anything?

Although no-one’s personal information or account details beyond their email address were disclosed, as best practice, we recommend that you:

  • Please be vigilant against phishing attempts. Emails from BitMEX are sent from “support@bitmex.com” and “noreply@bitmex.com”. We recommend adding these addresses to your contacts list. We will never ask for your password.
  • Note that BitMEX will never ask you to transfer any funds. The only way to fund your BitMEX account is to send Bitcoin to your unique BitMEX deposit address. Your unique BitMEX deposit address will begin with “3BMEX” or “3BitMEX” and can be found on the deposit page of your BitMEX account.
  • Please take note of our official BitMEX communications channels. Only instructions provided via these avenues should be observed.
  • Protect your account by using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all of your accounts (both BitMEX and personal); and to use a password manager.

We want to reassure you that beyond email addresses, no personal or account information has been disclosed. At no point during this issue were any of our systems at risk, and they remain secure, as we continue to take measures to enhance our security. Your privacy and security remain our top priority.

In the meantime, if you need any immediate assistance, please contact Support via our contact form.

Vivien Khoo,
Deputy Chief Operating Officer

Updated: Statement on the Email Privacy Issue Impacting Our Users

Earlier today, some of our users received an email which contained the email addresses of other users in the ‘to’ field. We apologise for the concern this communication may have caused. This was the result of a software error which has now been addressed.

BitMEX takes the privacy and security of our users very seriously. Rest assured that in this instance, beyond email addresses, no other personal data or account information have been disclosed and no further emails have been sent. The error which has caused this has been identified and fixed, ensuring our usual high standards of privacy are upheld.

We are continuing work to ensure this will not occur again in future, and will be introducing additional features to further protect our users. Further communications on this matter will be issued in due course.

In the meantime, please find below some immediate guidance which should be observed in order to ensure the continued safety of your account:

  1. Please be aware of phishing attempts. Emails from BitMEX are sent from “support@bitmex.com” and “noreply@bitmex.com”. Please add these email addresses to your contacts list to ensure that these emails do not land in your spam folder. BitMEX will never ask for your password.

  2. BitMEX will never ask you to transfer funds. The only way to fund your BitMEX account is to send bitcoin to your unique BitMEX deposit address. Your unique BitMEX deposit address will begin with “3BMEX” or “3BitMEX” and can be found on the deposit page of your BitMEX account.

  3. Please take note our official BitMEX communications channels. These are our primary, official social media communications channels and only instructions provided via these avenues should be observed.

  4. We would like to remind all of our users to please protect their accounts by using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all of your accounts (both BitMEX and personal); and to use a password manager. Further advice can be found here.

We will continue to communicate updates on our blog. We take the security and privacy of our users very seriously and will take steps to ensure this does not occur again in future.

Statement on Email Privacy Issue Impacting Our Users

We are aware that some of our users have received a general user update email earlier today, which contained the email addresses of other users.

Our team have acted immediately to contain the issue and we are taking steps to understand the extent of the impact. Rest assured that we are doing everything we can to identify the root cause of the fault and we will be in touch with any users affected by the issue.

The privacy of our users is a top priority and we are very sorry for the concern this has caused to our users.