Scheduled Maintenance January 5, 14:00 UTC

Thursday January 5 at 14:00 UTC, trading on BitMEX will be temporarily suspended while required maintenance is performed on our servers.

We expect the maintenance to take less than an hour. Before trading is resumed, we will inform customers both in the Trollbox and via Twitter.

The BitMEX Anniversary Trading Awards

It’s been two years since BitMEX went live!

Early on November 24, 2014, we flipped the switch on the very first production version of BitMEX. So much has changed.

In that time, we’ve traded over $2.5 billion in total volume, and BitMEX has become a dominant exchange in the BTC/USD market. Our success is due entirely to our users. To celebrate our success, we are announcing the BitMEX Anniversary Trading Awards.

Contest Rules:

2 Bitcoin will be awarded to the top trader in each of the following categories. Only trading between 24 November 2016 12:00 UTC to 25 November 2016 12:00 UTC will be counted.

  • Big Spender: Trader with the most Bitcoin turnover summed across all BitMEX products.
  • Yacht Club: Trader with the largest net profit; this includes unrealised and realised profit.
  • Shoot The Moon: Trader with the largest liquidation in Bitcoin notional terms.
  • I’m Feeling Lucky: A random trader in the Trollbox.
    • Any trader who has posted at least one comment in the Trollbox during the contest period and executed at least one trade is automatically entered.

Each registered user may only win one prize.

Upon the conclusion of the contest, BitMEX will calculate and publish the top 3 results of each category and the winners’ usernames. Each user will be contacted before publication. By accepting a reward, you accept publication of your username and the conditions by which you won. 

Enjoy these photos of BitMEX over the years:

Use Two-Factor Authentication and Don’t Reuse Passwords

Important Security Advisory

Tl;dr: A botnet is attempting known email/password combinations from a large data leak on Bitcoin sites. Use Two-Factor Auth (2FA) and don’t reuse passwords. BitMEX services have not been compromised.

About four weeks ago, I was rudely awakened in the early morning by our uptime alarms clanging that the website was going up and down. Dozens of emails flooded my inbox: page loads were sometimes taking 5s+, or not loading at all.

Nobody likes this; I jumped out of bed and logged in. The rest of the team informed me that the site had been underperforming for a few minutes, but it had just gotten worse. Dramatically worse.

I opened up the logfiles to see tens of thousands of lines of this:

Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b 
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b
Jun 07 20:30:57 - "POST /login {"email":""}" 401 79b

A botnet.

They were hitting us hard, but these didn’t correspond to any of our registered accounts. It was spray & pray. We were seeing tens of thousands of these requests every minute, coming from all over the world. There was little common pattern between them, aside from a common Chrome User-Agent (which was too common to block outright) and a propensity to just log in, over and over and over again.

Staying Online

The first order of business was to get the site stable again. While trading was continuing unhampered, and users who were already in were fine, the login page and initial dashboard were up and down. Thankfully, we built for this situation and could simply scale out more instances. I spun up a few large instances and added them to the rotation, and within 5 minutes we were rock-solid again.

While we were prepared for some types of abuse, others were unfortunately still vulnerable. I spent the better part of that day building and deploying a strategy to control this traffic. By just after lunchtime a process was in place. Watching our cluster’s CPU load, I scaled down the extra instances and felt good about that day’s work.


Where was this list coming from? I emailed a few other exchanges we’re friendly with. Not everyone I asked was seeing it, but the general rumor was that this could have been from the recent LinkedIn hack, which had a number of unsalted hashes. Lots of motivated parties have the resources to crack the lion’s share of those passwords. There are likely to have been other sources as well. We looked up a few dozen emails on HaveIBeenPwned, which aggregates identities compromised by many recent hacks.

It is human nature to reuse credentials, and attackers take advantage of this. Once an email/password combination is stolen, it is tried on as many sites as possible. A Bitcoin exchange is an obvious target, as are email providers.

With the traffic under control, the attempts slowed down to a trickle, essentially indistinguishable from legitimate traffic.

Users Hit

I received a reply email to one of our login notifications. The user claimed he hadn’t logged into the account in months.

Looking at the logs it was evident: they actually hit one. The account didn’t have any funds, but I immediately reset the password. The login was successful, but the attacker behind the botnet didn’t do anything with it. Maybe there wasn’t really anyone on the other side.

I started typing this blog post when another user piped up. He had received a login notification, then his positions closed. He then received an email asking for withdrawal confirmation… then an email stating his withdrawal had been confirmed. There was someone on the other end waiting this time.

They had control of the user’s email, and they knew our site well enough to execute these steps quickly. There is a real threat: and if they’re hitting BitMEX, they are likely hitting dozens of other Bitcoin-accepting sites.

A Sidenote: Manual Review

This is a prime example of why it is A Good Thing to involve manual review in Bitcoin withdrawals. We were able to lock the account and cancel the withdrawal well before it had any chance of going out and the funds being lost forever. The user quickly changed his email password, reset his BitMEX password, and set up 2FA.

Thwarting this particular attack was a combination of caution and luck, but don’t rely on services you use being able to catch this kind of thing every time.

Protecting Your Accounts

Take your account security seriously. If you have Bitcoin on any website, use a unique password and use 2FA. 

Email notifications of account actions are unreliable. On many sites, they can be turned off. Even if they can’t, if an attacker gains access to your email account, it is trivial to set up an automatic filter that will mark new messages from a service as read or delete them automatically.

If you reuse passwords, your accounts could be drained without any notice.

Use Two-Factor Auth. We are continuing to monitor for this behavior and have sent out an email to all active users without 2FA. As time goes on, it is all but guaranteed we will see more of these attacks.

BitMEX supports Two-Factor Auth via the following providers:

Support for U2F and BitID is in the works.

As always, if you see any unusual activity on your account, email us immediately by replying to any BitMEX email or at

The New BitMEX Custom UI

This has been a long time coming!

Back in the winter of 2014/2015 (14mo ago), I had a vision for a better BitMEX dashboard that worked more like a desktop windowing system, to help close the gap between the web and full-featured desktop trading software like MetaTrader4.

To that end, I built React-Grid-Layout, my most popular open source project to date. I had the intention of integrating it into BitMEX in early 2015 but we ended up prioritizing other features, and it fell by the wayside.

In the meantime, other companies have picked up the project, including Amazon, who uses my code for their CloudWatch Dashboards.

Well, today, I’m happy to say that we’ve ironed out the bugs and finally launched the Custom UI, better, faster, and more stable than it would have been in 2015.


The Custom UI is now live in the “Advanced” trade layout, which you can select in the main options dropdown (click your username).

All dashboard widgets can now be rearranged and resized. Your layout is saved to your browser and restored when you next visit BitMEX. Individual layouts are created for each major screen size, so they can be customized individually. This is really helpful for creating different layouts for e.g. half and full-screen sizes, or for tablet and phone layouts.

I hope you all enjoy – go trade some 25x ETH, and I’ll see you in the Trollbox.


Scheduled Downtime: 15:00 UTC Sunday, Jan 17


BitMEX will be doing routine maintenance this Sunday at 15 UTC. Because we have to reboot some core systems in order to finish this maintenance, we will be pausing the trading engine from 15:00 to 15:30 UTC.

During this time, BitMEX systems will be unavailable.

We will send notice on Twitter before and after the maintenance.

Transferable Margin on Isolated Positions

BitMEX is happy to announce a new capability: transference of margin in and out of an isolated position. Use this feature to dial leverage up and down as desired.

Using the feature is simple. Simply click the icon next to the margin line-item on an isolated position:


Then choose an amount to transfer:

margin dialog

After confirmation, note the new margin value, liquidation price, and leverage.


This feature allows users to choose any leverage between the max (which may be as much as 100x) and their total account balance.

All .XBT Indices Temporarily Moved to Bitstamp

Due to instability, extended downtime, and bad data from Bitfinex, all .XBT indices have been temporarily moved to Bitstamp, where they will remain until Friday. After Friday’s settlement, we will switch to TradeBlock’s .XBX Index.

This switch affects the XBU, XBT, and BVOL-series contracts. ETH is still being settled on Kraken, and XLT (Litecoin) is still being settled on Bitfinex for the time being. We are investigating alternatives.

Site Update: BVOL24H, PGP, and Indices

BitMEX is proud to announce the release of another major upgrade to the BitMEX platform!

We have three major updates this week: the new BVOL24H contract, PGP email support, and UI support for backing indices.

BVOL24H – Daily Volatility

BVOL24H is now live. BVOL24H is a futures contract that allows traders to speculate on the Bitcoin daily historical volatility. The Bitfinex last price is snapped every 5 minutes, and then the standard deviation of the logarithmic change between snaps is calculated. That number is multiplied by the square root of 288 to arrive at a daily volatility. The increased sensitivity to short term price movements makes BVOL24H a great tool in a trader’s arsenal in the quest for alpha in these choppy and sideways markets.

PGP Support

Many of our traders are very serious about security, as they should be. But automatic updates from BitMEX regarding your deposits, withdrawals, and margin status may leak information to your email provider and other parties. While your email server should be using encryption, it is still very possible for emails to be read in transit.

If you are nodding your head in agreement, then you probably already know about PGP. If you have a PGP key, paste your public key into the box in the My Account page. You will be sent a test email immediately so you can check your configuration. From then on, all automated emails will be sent to in encrypted form.

BitMEX Indices

BitMEX contracts have always settled on indices that were generally only published via the API and viewable in limited fashion in the References section. For example, this is the page for .XBT30M, the settlement index for XBU24H.

We have moved the indices to the front page, where index prices are now viewable as a tab in the Instruments panel. Additionally, you can now view the Bitfinex spot price, updated minutely, right in the ticker bar on the top of the page! See the new section on the left side near the series selector.

That’s all for this week. Thanks to all of our traders for being here. Please contract us in the chat or find us on the Whaleclub Teamspeak if you have questions about BVOL24H or any of the new updates.

BitMEX in the News

The following is a gallery of articles about BitMEX in popular media.

Interactive XBU, XBT, and BVOL Pricing Spreadsheets

If you are trading on the XBU, XBT, or BVOL chain, it may be difficult to calculate your PNL or to understand if a contract is under- or over-valued.

To help with this, BitMEX has prepared interactive spreadsheets with live Bitfinex and BitMEX market data to help you price your trades and better understand how each contract behaves. These spreadsheets combine real-time data with adjustable controls and graphing to help you plan your trade.

The spreadsheets outline the differences between XBT and XBU and how they are trading relative to Bitfinex Spot, as well as relative to USD and Bitcoin annualized interest rates. This data can help you make a savvy trade by recognizing when a contract might be under- or over-valued.

All three spreadsheets contain extensive explanation text in the sidebar. If you do not see the sidebar, please log in with your Gmail account, and click the BitMEX Pricing Help menu at the top.

These spreadsheets can be copied into your personal Google Drive and are free to modify for any use.

View Spreadsheets: XBU | XBT | BVOL

The New Hedger / Trader Fee Schedule

New Switchable Fee Preferences

BitMEX has been listening to your feedback, and we are pleased to be the first Bitcoin exchange to offer a two-tier trading fee schedule! This new customization enables BitMEX to meet a wider variety of traders’ needs.

The types available are:


Some traders want to make fast trades for low fees, react to market movements quickly, and predict trends. For the active trader, BitMEX offers the Trader fee schedule. This fee schedule combines extremely low individual trade fees (0.005%) with a low insurance fee charged at the end of each session to cover margin risk. This is the default choice when creating a new BitMEX account.

  • Flat Trading Fee: 0.005% (0.5 basis points)
  • Insurance Fee: 0.015% (1.5 basis points) per 8-hour trading session


The Hedger fee schedule is more traditional for Bitcoin exchanges. It is tailored toward hedgers, arbitrageurs, and those who want to invest long-term without capital loss. This fee schedule is Maker/Taker and has higher trading fees than the Trader schedule, but has no recurring insurance costs. Contracts held under this fee schedule retain their full value until expiration.

If you are hedging Bitcoin liabilities for the duration of a contract’s lifetime, this fee schedule may be more favorable than the Trader schedule.

  • Maker Trading Fee: 0.25% (25 basis points)
  • Taker Trading Fee: 0.50% (50 basis points)

Choosing a Structure

Traders may choose which fee structure to apply to their account on the My Account page when logged in. You may only change your fee preferences when all your outstanding positions are zero.

If you have any concerns, please don’t hesitate to email us.