Update to BitMEX Indices, 15 July 2019

Effective 15 July 2019 at 15:15 UTC, BitMEX will reintroduce Kraken into its indices following the resumption of trading on Kraken. The updated indices are detailed in the table below.

All traders should be aware that these indices may fluctuate substantially, and should exercise caution when trading contracts that reference these indices.

If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

Affected Index

Index Constituents

.BXBT

Bitstamp, Coinbase Pro, Kraken

.BETH

Bitstamp, Coinbase Pro, Kraken

.BETHXBT

Binance, Poloniex, Kraken

.BBCHXBT

Binance, Poloniex, Kraken

.BXRPXBT

Binance, Poloniex, Kraken

.BLTCXBT

Binance, Poloniex, Kraken

.BEOSXBT

Binance, Poloniex, Kraken

Temporary Change to BitMEX Indices, 14 July 2019

Effective 14 July 2019 at 21:00 UTC, BitMEX will temporarily remove Kraken from its indices in response to Kraken’s scheduled downtime. This scheduled downtime is expected to last for 3-8 hours and will affect the 7 BitMEX indices as detailed in the table below.  Kraken will be reintroduced once trading has resumed. We will announce their reintroduction 12 hours in advance.

All traders should be aware that the price of these indices may fluctuate substantially, and should exercise caution when trading these indices.

If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

Affected index

Current constituents

Temporary constituents

.BXBT

Bitstamp, Coinbase Pro, Kraken

Bitstamp, Coinbase Pro

.BETH

Bitstamp, Coinbase Pro, Kraken

Bitstamp, Coinbase Pro

.BETHXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BBCHXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BXRPXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BLTCXBT

Binance, Poloniex, Kraken

Binance, Poloniex

.BEOSXBT

Binance, Poloniex, Kraken

Binance, Poloniex

HDR Global Trading Limited Provides US$60,000 Grant to Bitcoin Developer

Following on from our 28 May 2019 announcement of a donation to the MIT Digital Currency initiative, we are delighted to announce a US$60,000 grant to Bitcoin Core contributor, Michael Ford (AKA fanquake). Michael has been a Bitcoin contributor since 2012 and has recently been added to the list of maintainers for the Bitcoin Core software project.

HDR Global Trading Limited (which owns and operates the BitMEX cryptocurrency trading platform) is proud to support Bitcoin development and engineering, aimed at improving Bitcoin’s robustness, scalability and privacy. The grant is non exclusive and requires Michael to work on Bitcoin Core. We are pleased to be Michael’s first financial supporter during his time as a Bitcoin Core maintainer.

Sam Reed, CTO and co-founder of HDR Global Trading Limited, made the following remark about the grant:

HDR Global Trading Limited, like all other companies in the cryptocurrency space, relies heavily on the (mostly-volunteer) work of coders dedicated to the mission and ideals of Bitcoin. This work is difficult, demanding, and often thankless. We believe it is the duty of corporations to give back to the projects from which they benefit – and from which their very business model stems. Without the millions of free man-hours from dedicated OSS developers powering everything from our operating systems, to our web servers, to our ops tools and Bitcoin itself, the BitMEX trading platform could not have been built. We don’t forget this gift. Therefore, HDR considers this grant, provided on a no-strings-attached basis, to be only a small part of an ongoing commitment to bolstering Bitcoin and other OSS projects for the benefit of all.

 

Libra: Zuck Me Gently



The event horizon has passed. With Libra, Facebook begins its foray into the digital asset industry. Before I begin my analysis, let’s get one thing straight; Libra is not decentralised nor censorship resistant. Libra is not a cryptocurrency. Libra will destroy all stablecoins, but who gives a fuck. I shed no tears for all those projects that somehow believed there was value in a an unheard-of sponsor creating a fiat money market fund that rode on a blockchain.
 
Libra could lay commercial banks and central banks low. It might reduce their usefulness to a dumb regulated warehouse for digital fiat money. And that is exactly what should happen to these institutions in a digital age.

Why Do Commercial Banks Exist?

Banks came about during a time of great danger for members of the human society. In feudal Europe you most likely worked dawn-till-dusk on the farm. Any meagre savings you or your feudal lord amassed were constantly under siege. Given that money was physical in nature, if you or your lord left the protection of the town, theft was likely.
 
Safety of assets has been the most important value proposition for traditional banks. They could store physical assets and records safely in their vaults. Therefore, governments and wealthy individuals stored money and assets with banks. Banks were and are engaged in a massive confidence game. That is why bank building edifices portray a certain fortified grandeur. In a generation, your assets will still be there, intact and ready for use.
 
Through their partnership with the government, banks obtain a license to issue credit and expand the money supply. They also rely on the legalised violence of the government to enforce contracts. Don’t pay the bank back, they will confiscate the encumbered asset. Should you defy the courts, a government goon will happily press boot to neck, and ensure your compliance.
 
In the last decade, human civilisation’s money and assets quickly transitioned from analogue to digital representations. Money and representations of ownership travel electronically rather than on the back of a horse. If assets and money are now digital, do we need institutions that provide physical rather than digital security?
 
As we have seen, commercial banks are terrible at securing digital information. Pick your large too-big-to-fail bank, and there will be a story about the “leakage” (euphemism for “we have no fucking clue how to safeguard your digital property”) of customer data.

Whoever has the customer, has the value

Previously banks held the most valuable information about customers. They had your whole financial history, and information about where you lived and what you bought.
 
In the past ten years, social media companies through voluntary actions of their users, amassed the most amount of personal information in human history. We share every detail of our lives on Facebook, Instagram, Google, Twitter, WeChat, LINE, Kakao Talk etc. We send billions of messages on centralised chat programs controlled by those same institutions as well. They now own the customer.
 
The modern consumer technology companies own billions of the wealthiest customers’ data. Previous to now, these companies made money on advertising and selling a product. But as with all businesses, once you are successful capturing customers, you start offering financial services.
 
Facebook has almost 2 billion daily active users. It makes complete sense to own the financial existence of their chattel. That is Libra.

Libra Deconstructed

Libra is a stablecoin backed by a basket of fiat currencies. The fiat currencies sit in a dumb regulated commercial bank. Libra allows a privileged few the ability to create and redeem Libra at its Net Asset Value (NAV). Libra rides on a blockchain where certain parties operate permissioned nodes. These parties included VC firms, technology companies, retail merchants, cryptocurrency exchanges, and most importantly commercial banks and credit card processors.
 
Libra may invest into short term government bonds, or into anything the Foundation board allows. The income earned is not passed onto the pleb Libra users, but the node operators and Libra investment token investors. The Foundation is the governing body of the Libra ecosystem. The members are selected based on the industries they represent, and their economic investment into the ecosystem. 
 
Libra does not connect real-world identities to addresses. However, you can bet that converting assets into Libra will encounter KYC. And let’s be clear, any request from a government agency to freeze a transaction will be met with compliance. Therefore, do not use Libra to buy your mood-altering substance(s) of choice.

Impact on Consumers

Many of Facebook’s users reside in places with low financial services penetration. Imagine a world where a Filipina helper can purchase goods sold in Europe with Libra. She most likely does not have great banking services where she works as an overseas foreign worker. Therefore, purchasing goods from foreign countries over the internet is difficult. With Libra, there is no issue.
 
The merchant in Europe receives payment in a basket of fiat currencies they already deal with. This transaction can happen completely inside of one of Facebook’s social media properties like Instagram or Whatsapp.
 
Facebook or a new financial services company it creates, can issue loans at the point of sale denominated in Libra. A user can opt-in to allow Facebook to use all its data on the individual to compute a credit score. Using that credit score, Facebook will lend Libra at a rate to purchase goods from merchants selling on the Facebook platform. Voila, the poorest members of our global society can experience the joys of purchasing mass-produced Chinese knick-knacks on credit. Welcome to Pax Americana!

Impact on Commercial Banks

Commercial banks make money lending. They use retail deposits to make these loans. Unfortunately, in this digital age, they no longer have the best information set about these retail depositors. The social media companies do.
 
Therefore, the Facebook, Google, and Alibaba’s of the world can originate a loan cheaper and offer a lower interest rate than a commercial bank. Libra and the plethora of copycats to come, allow technology companies to use a digital fiat representation in their ecosystems to extend credit and offer all of the most profitable banking products at a much lower cost. These global tech behemoths have billions of free cash flow on their balance sheets to lend.
 
Commercial banks can become node operators or regulated warehouses for the reserve assets of the stablecoin in question. There is still economic value in both of these verticals, but consumer technology companies will now sell the most profitable financial products themselves.
 
Any bank should be on notice, Libra and its clones are existential threats to their business models. Many will cheer as banks’ profit centers are eviscerated. But maybe society is trading one devil for another.

Impact on Central Banks

Commercial banks are not needed at their current largesse in a digital economy. With Libra, Facebook is assuming the role of a central bank. The Libra reserve is managed by a third-party foundation. The reserve managers choose the fiat currency weights, and how funds are invested. Sounds a lot like the job scorecard of a central bank governor.
 
Consumer tech companies can now issue, from their own balance sheet, credit directly to consumers. The only difference with this model is that they, for now, are not able to actually create money like commercial banks. This is the flow:
 
1.     Take retained fiat earnings, and exchange for Libra with an authorised primary dealer.
2.     Lend Libra to your customer in exchange for a good or service you offer.
3.     Obtain Libra + interest in Libra back from your customer.
4.     Sell Libra in exchange for fiat with an authorised primary dealer.
 
The money supply does not expand. That is the one major divergence from how a central bank issues credit into an economy. Central banks’ lending in most cases increases the aggregate supply of money.
 
Why trust a few crusty old men and women to manage the monetary health of the global economy. Let’s trust Zuck!
 
I have no love lost for US Representative Maxine Waters’ idiotic statements and actions on the US House Financial Services Committee. But her and other government officials’ outbursts of concern are not driven by altruistic feelings towards their subjects, but rather a fear of the upending of the financial services industry that lines their pockets and keeps them in office. The speed at which government officials rushed to admonish Libra tells you there is some potential positive value to human society embedded in the project.

Libra and Financial Privacy

It is amusing to see how many people rushed to complain about the potential loss of financial freedom Libra could represent. This fear is misplaced, financial privacy is already non-existent, nor will it ever exist in a digital fiat money system. Whether it be Facebook, The Fed, or The PBOC, centralised electronic fiat money is coming – cash will be outlawed.
 
The great thing about the launch of Libra is that it forces those concerned about the loss of financial privacy to explore alternatives. Bitcoin and other cryptocurrencies will benefit as curious plebs contemplate how secure financial privacy in this new digital age.
 
Libra and the conversations it sparked, is the best news for Bitcoin. Two billion people will now embrace and potentially be frightened of a corporate overlord controlling their financial wellbeing. Curiosity is the best food for the Bitcoin bull market.

Through their investments in augmented and virtual reality, it appears that Facebook wishes to create a completely new digital world. Libra could be the financial mana that powers this virtual existence. Let’s hope that while we are vegetating in our haptic pods, our physical shells don’t get Zucked too hard. Please Zuck me gently, and Zuck me long time.

WebSocket API Feed Interruption, 27 June 2019

Between 07:50 and 07:58 UTC on 27 June 2019, the following websocket API feeds were interrupted due to a complication during a planned upgrade of our market data distribution services:

  • Account, affiliate, execution, funds, instrument, margin, order, position, trade, transact, wallet

Users of the BitMEX website may have noticed some data not updating during this period e.g. in the Recent Trades panel, Open Orders panel, Fills panel, and Position panel.

The following public feeds were unaffected during this period:

  • Funding, insurance, liquidation, settlement, impactQuote, impactQuoteBin1m, quote, quoteBin1m, quoteBin5m, quoteBin1h, quoteBin1d, tradeBin1m, tradeBin5m, tradeBin1h, tradeBin1d, orderBookL2_25, orderBook10, orderBookL2

During this period we continued to process order instructions and the trading engine was unaffected.

Due to this issue, data in a subset of data mirrors which service user REST API requests was left in an incomplete state. A side-effect of this was that some users observed stale open orders on the BitMEX website for orders which were already cancelled for a period of 90 minutes whilst data was being restored. Any API users that may be missing updates for this period can now backfill data via the REST API.

If you are experiencing order cancellation issues via the website, please refresh your web browser.  We apologise for any inconvenience this interruption may have caused. If you have any further questions please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

ETHUSD Orderbook Feed Issues, 24 June 2019

Between 09:25:54 UTC and 09:44:30 UTC 24 June 2019 the orderBookL2, orderBookL2_25, orderBook10, and quote realtime websocket feeds for ETHUSD were in a degraded state. During this period, the state of the ETHUSD orderbook on these feeds was incorrect.

We were able to identify and resolve the root cause of the issue within a minute of detection. The issue was caused by a rare sequence of order events that triggered a bug in an optimisation of the orderBookL2 calculation which had been deployed to the production environment several hours earlier. This change has since been reverted.

There was no impact to orders in the trading engine itself – just the presentation of the calculated orderbook for ETHUSD downstream of the trading engine.

We have deployed additional automated feed validators to detect potential similar issues in the future and to alert us earlier.

We apologise for the inconvenience this may have caused. If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.

Q3 2019 Quarterly Futures Listings

On 14 June 2019 at 08:30 UTC, BitMEX will list new quarterly futures.

Please see the following tables for listings and settlements for current and upcoming futures contracts for Q3 2019. Bolded rows are the new contracts.

Code Pair Listing Settlement
ADAM19 Cardano / Bitcoin 15 Mar 2019 28 Jun 2019
ADAU19 Cardano / Bitcoin 14 Jun 2019 27 Sep 2019
BCHM19 Bitcoin Cash / Bitcoin 15 Mar 2019 28 Jun 2019
BCHU19 Bitcoin Cash / Bitcoin 14 Jun 2019 27 Sep 2019
EOSM19 EOS Token / Bitcoin 15 Mar 2019 28 Jun 2019
EOSU19 EOS Token / Bitcoin 14 Jun 2019 27 Sep 2019
ETHM19 Ether / Bitcoin 15 Mar 2019 28 Jun 2019
ETHU19 Ether / Bitcoin 14 Jun 2019 27 Sep 2019
LTCM19 Litecoin / Bitcoin 15 Mar 2019 28 Jun 2019
LTCU19 Litecoin / Bitcoin 14 Jun 2019 27 Sep 2019
TRXM19 Tron / Bitcoin 15 Mar 2019 28 Jun 2019
TRXU19 Tron / Bitcoin 14 Jun 2019 27 Sep 2019
XRPM19 Ripple Token (XRP) / Bitcoin 15 Mar 2019 28 Jun 2019
XRPU19 Ripple Token (XRP) / Bitcoin 14 Jun 2019 27 Sep 2019
XBTM19 Bitcoin / USD 17 Dec 2018 28 Jun 2019
XBTU19 Bitcoin / USD 15 Mar 2019 27 Sep 2019
XBTZ19 Bitcoin / USD 14 Jun 2019 27 Dec 2019

Important Security Advisory Update, June 2019

Summary: We have observed an increased number of unauthorised attempts to access customer accounts. We would like to remind all customers and users to please protect your BitMEX and personal accounts by: using strong and unique passwords; enabling Two-Factor Authentication (2FA) for all your accounts; and using a password manager.

Security has always been the number one priority at BitMEX. This is why we were the first platform to adopt a manual multi-signature cold wallet setup to protect customer funds. We are consistently reviewing our security protocols and improving our standards. We remain committed to continual improvement of our platform security and the security of our customers.

In 2016, following a large botnet credential reuse attack, we published a blog post highlighting the importance of using unique passwords on BitMEX. In addition, we recommended enabling 2FA. 2FA, sometimes referred to as ‘two-step verification’ or ‘multi-factor authentication’, adds an additional layer of security to your account by requiring not only your username and password at login, but also the input of a unique, time-based token. Tokens can be stored on a cell phone within a software-based authenticator app such as Google Authenticator or Authy.

This message was as true and relevant then as it is now: to protect your account, you should always use strong unique passwords, in combination with a multi-factor authentication solution and password manager.

More recently, we have witnessed an increased number of attempts to compromise or obtain unauthorised access to customer accounts. Enabling 2FA on your account is the best and easiest way to protect yourself from these attacks.

Furthermore, we have observed a continued increase in the sophistication and tactics utilised by financially motivated criminals. One example of this: rather than the attacker immediately executing a withdrawal request, we have observed attackers trading funds out of accounts by deliberately making losses against another account which they also control. We have proactively identified a number of these attacks, and continue to eliminate this activity as it is detected.

Another recurring tactic observed in account takeovers is the disabling of BitMEX email login notifications following unauthorised account access. An attacker may also attempt to enable 2FA on a compromised customer account in order to create an API key with withdrawal permissions. A common thread in almost all cases is that customers may not have seen a withdrawal notification or other account related email notification; for example, a login notification.

While we review practices such as enforcing 2FA and other login access features, we have made the following changes:

  1. Customers can no longer disable login notification emails. The login notification emails will now be sent regardless of existing notification preferences.
  2. Withdrawal requests issued via the API must always complete an email verification step to confirm a withdrawal, unless the API key used was created before 8:00PM June 10, 2019 (UTC).

These changes are a step toward increasing account security for our customers, however it is important to realise that this is not the full solution. Enabling 2FA remains our strongest recommendation.

In addition to the above, BitMEX has reviewed each and every account takeover experienced by our customers and we have identified several common factors among compromised accounts:

  1. Password reuse, or use of trivially guessed passwords on the BitMEX platform and on customer personal email accounts.
  2. Compromised personal email accounts leading to account theft via password recovery flows.
  3. Malware on customer computers leading to secure password theft and subsequent login to the bitmex.com platform.

In order to combat these attacks, adopting a vigilant, disciplined approach to security is key. In all of the above scenarios, utilising 2FA greatly decreases the risk of account compromise. This is further highlighted by recent research by Google that has shown that 100% of attacks can be blocked if a security key has been used for 2FA.

While we consider mandatory enforcement of 2FA across our customer base, we will again stress the importance of adopting good security practices as outlined below.

Note that these steps should be taken not only on your BitMEX account but on personal accounts where you store any confidential information:

  1. Enable 2FA
      1. We recommend utilising one of the many available options, such as Google Authenticator or Authy.
  2. Use a strong unique password and utilise a Password Manager such as LastPass
      1. A strong password consists of at least ten characters (and the more characters, the stronger the password) that are a combination of letters, numbers and symbols (@, #, $, %, etc.). Passwords are typically case-sensitive, so a strong password contains letters in both uppercase and lowercase.
      2. Do NOT use the same passwords for your social media accounts such as Facebook, Spotify or Instagram accounts as you would for your BitMEX trading accounts or bank accounts. Use strong, unique and different passwords for each and every account!
  3. Assess your existing risk
      1. Check to see if your password has been leaked in a third-party breach via services like HIBP.
      2. Check your trading accounts on a regular basis to ensure that you know what the balances are or should be.  
      3. Regular reconciliation of your accounts would be a useful way for you to ensure all transactions in your accounts are with your authorisation.
  4. Add support@bitmex.com to your contacts list and ensure our emails are not landing in your SPAM folder
      1. Ensure that you are not filtering official communications from bitmex.com. These communications include login and withdrawal notifications.
  5. BitMEX support will NEVER ask for your account password

At BitMEX, we take security very seriously. Whilst we continue to evolve our security capabilities both externally and internally, security is ultimately everyone’s responsibility. If you have digital funds on your online accounts, it is critical that you take steps to ensure your account safety/security as above.

If you observe any unusual activity on your account, please contact our Support team immediately via our contact page.

Scheduled System Update, 04 June 2019

Please be advised that we will be performing a scheduled system update to our database service starting 01:00 UTC 04 June 2019 and it is expected to last 3 – 5 hours. Trading, logins, and other key API features will remain operational, however please note that the following features will be disabled during the update period:

  • New account signup
  • Email verification
  • Enable TFA
  • Disable TFA
  • Password reset
  • Withdrawal
  • Update preferences
  • Mute accounts on the Trollbox
  • Create API Key
  • Disable API Key
  • Enable API Key
  • Delete API Key

Once we have completed the system update we will make a further announcement.

We apologise for any inconvenience this may cause. Feel free to contact our Support with any concerns you may have about the scheduled update. You may reach us via our contact form: https://www.bitmex.com/app/support/contact

Websocket Latency, 30 May 2019

Between 16:00 and 17:00 UTC 30 May 2019 the websocket API experienced periods of substantial lag due to spikes of traffic generated by the trading engine during large market moves. During this period some websocket connections also experienced dropped market data updates as memory limits on an internal messaging layer were hit, forcing reconnections.

Our engineers are accelerating the development effort in an already-planned strategic upgrade of our market data distribution architecture to vastly increase its capacity and lower the overall latency of the websocket feed. This capacity upgrade is scheduled for Testnet release this week and we will update users once this has been released to the main platform.

If you have any further questions, please contact Support via our contact form: https://www.bitmex.com/app/support/contact.