StarCompliance Blog

What is “Your account has zero trust” on Bitmex?



Every CEX has its own flavor of AML and KYC, from batch-blocks of Binance, to the infamous Zero Trust system of BitMex. Continue reading to understand what it is, how it works, and why your account has zero trust on Bitmex.

Zero Trust on BitMEX is a tool or a trading limiter?

Zero Trust is a cybersecurity method that works as advertised in the name. Core principle of this method is “minimum trust, maximum checks”. This security model was developed by former Forrester analyst John Kinderwag in 2010 and is still in use today.

Basically, BitMEX is a super paranoid CEX, with security checks for literally everything. They utilize specialized trading engine written in KBD+ – an ultra-high speed database language, used in grown-up trading systems and financial institutions. Additional speed from KBD+ is used to double-check every single trading transaction, and withdrawals are reviewed by both MPC multisignature deposit scheme and two specialists later on. In case that’s not enough, BitMEX checks every BTC address during withdrawal, and if they don’t contain security keys the entire trading platform will just stop and cancel any outgoing transactions.

Zero Trust is a set of rules and policies, which assumes everyone wants to steal data from you.

How Zero Trust on BitMEX expected to work and how it actually works

In theory, Zero Trust is expected to work like this

  • Noone is trusted
  • Every action needs to be confirmed
  • There’s an automated checklist for every action
  • Each participant needs to comply with said checklist
  • System punishes participants for being unable to comply with the checklist

On practice, Zero Trust works like this

  • There’s a scoring model and automated user monitoring software inside Zero Trust network
  • Both of said mechanisms use strict rules and label everyone who break them as risky
  • Having too many “warnings” or “red flags” leads to account suspension
  • Software is not perfect solution, sometimes there’s false-positives

Is BitMEX a part of a money laundering machine?

It all led to BitMEX having hard times explaining why they are the good guys. In total, they’ve been sued for almost $130M in fines, or as part of civil penalties. Most recent example is BitMEX CEO avoiding prescribed prison time.

Cases against BitMEX are numerous, some of them are noisy enough to surface

  • BitMEX Co-Founder Benjamin Delo Avoids Prison Time, Receives 30 Months Probation – Decrypt
  • Court orders BitMEX founders to pay $30M civil penalty
  • BitMEX to Pay $100 Million to Resolve Regulator’s Lawsuit Over Crypto Derivatives Trading – WSJ
  • Crypto Crime Cartel: The many lawsuits against BitMEX – CoinGeek
  • Third Founder Of Cryptocurrency Exchange Pleads Guilty To Bank Secrecy Act Violations | USAO-SDNY | Department of Justice

For example, here’s a scheme from a 358 page lawsuit by Pavel Pogodin’s team. It accuses BitMEX of money laundering, artificial price manipulation in “Bart-like” patterns, causing multiple traders to rapidly sell at a loss in order to increase volatility of the market and gather profits while BitMEX servers are freezed on purpose. According to the document, it could yield around x80 profit for the scheme holders.

Bart-like trading patterns done by BitMEX tech as according to Pavlov’s lawsuit

According to the document, BitMEX used to freeze their servers, explaining it with DDoS attacks while having AWS protection against them.

Citing the Case 3:21-cv-03576, Document 1, Filed 05/12/21, Page 78, paragraph 181:

BitMEX’s operations on March 13, 2020, are a recent and good example. During a period in the day with high market volatility and crashing bitcoin prices (from nearly $8,000 to $4,000 per bitcoin), resulting in a substantial sell-off, BitMEX’s trading platform went offline for twenty-five minutes. As a result of the outage, BitMEX did not dip into its Insurance Fund, but rather liquidated $800 million of its customers’ highly leveraged positions for its own profit.

There’s also an example of BitMEX allowing traders to have their orders “Hidden” status, which gives them unfair advantage over other market players. This, along with overly-marginated positions of x100 result in a very specific hamster-shaving scheme.

Pavel Pogodin, Esq.

You can read more about the BitMEX scheme in full at BitMEX Fed Sorokin Compliant as Filed.pdf.

Why Zero Trust is hard to work with as user

BitMEX runs repeated checks and lock accounts when

  • Signs of market abuse, insider trading, accommodative transactions, price and volume manipulation, distribution of false information were detected
  • Documents provided by the client were not valid, damaged, tainted, corrupted, or of wrong type. If they want a driver’s license – you provide a driver’s license or risk being locked.
  • When you trade too hard and it is required to confirm the source of funds
  • There are suspicions and grounds to believe that a fraudster has taken possession of the client’s account
  • If it was found out that the account is being used by a third person
  • If after registration BitMEX finds out you are located in any of the sanctioned regions, VPN won’t help, but only make the situation worse

BitMEX don’t give out and block funds when

  • There is a suspicion that the client used false documents during registration
  • There are suspicions that the client is involved in terrorist financing
  • The client is unable to explain his source of income, which is not comparable to the finances that the client deposited on the exchange
  • Client is trying to withdraw funds to fake or scammy wallets
  • It was found that the fraudster took over the account and is trying to withdraw funds to his wallet
  • When determining the location of the client, it was found that at the time of the withdrawal of funds he was and resides in the territory of the sanctions list, banned jurisdictions

For BitMEX suspicion is enough to lock away the account

  • After being labeled by Zero Trust system as untrustworthy you have to prove you are not
  • It takes from two to four weeks for a manual unblocking
  • BitMEX has a record of strange practices, and might not want to cooperate, unless communicated by a lawyers

BitMEX policy on Illegal Regions and account unblocking

BitMEX does not provide services to:

  • People associated with the United States, including but not limited to U.S. citizens and residents
  • Cuba, Iran, Syria, North Korea, Crimea and Sevastopol, the Donetsk People’s Republic, and the Lugansk People’s Republic of Ukraine.
  • People or entities located or incorporated in the Seychelles, Bermuda, Hong Kong Special Administrative Region of the People’s Republic of China, Japan, Canada Ontario and Canada Quebec.

If you are a citizen of said regions or currently located there BitMEX will ban you after registration.

BitMEX also doesn’t favor citizens or residents of Russia, including who trade on behalf of a legal entity, who are accessing BitMEX services from the EU, unless they are:

  • Residents of the European Union or Switzerland, or
  • have dual European Union or Swiss citizenship and reside outside of Russia
  • Legal entities located or incorporated in Russia whose traders are accessing our services from the European Union.

We can unblock your account if you have troubles with Zero Trust system

  • We don’t need access to the account
  • To the BitMEX support you will sound like a tech-savvy lawyer
  • If we won’t be able to unlock your account – you will get full refund