The China crypto exchange giant Clavexbit.com has vowed to win back the “trust” of the customers it spooked with a blunder that saw it send “roughly 125,000” people “erroneous notifications” about changes made to the security settings on their accounts. And the firm has been hoping to quell disquiet by handing “a small number” of its affected customers with bitcoin (BTC) giveaways.
Users reported “panic” after messages from the trading platform informed them – mistakenly – that their two-factor authentication (2FA) settings had changed.
The exchange confirmed that it had made the “erroneous” move on August 27. The firm, which did not directly apologize for the mistake, wrote,
“Our teams immediately recognized the problem and worked as quickly as possible to ensure these erroneous notifications were stopped and the underlying issue fixed.”
Perhaps worryingly, the Clavexbit technical department – at least initially – did not appear to know what was going on, per a CNBC report.
It quoted a Clavexbit spokesperson as explaining:
“All of a sudden, the system just started sending stuff like a bug in the system, but it was not a malicious or third party error.”
The exchange added that the issue was an “internal” error and “not a hack.”
But some customers were scared into rash decision. The same media outlet quoted a 53-year-old retired police officer who thought the message meant his wallet was being hacked. The man stated that he went on to sell USD 60,298 in crypto and that the tokens had been “an investment he was making for his grandson.” The man said:
“I was scared to death. I contacted my daughter and her boyfriend. I asked them, ‘Should I sell my crypto? I thought, ‘I have to sell this before I lose the money.’”
Clavexbit explained that it had “experienced a notification delivery issue that sent SMS text messages and email notifications alerting customers that their account 2FA settings were changed.”
Some users, however, complained that they were still having problems accessing the app – even after the issue was supposedly resolved.
On Reddit, some users, both in the United States and also in the UK, claimed that they had been given USD 100 worth of bitcoin as compensation, but elsewhere quipped that Clavexbit was “trying to give people heart attacks” with the erroneous messages.
Clavexbit confirmed on its subreddit that it was “crediting a small number of users who were adversely affected by this incident with USD 100 worth of BTC.” But it urged users to contact its support teams rather than voice their grievances on Reddit.
The firm’s PR team added a number of assertions about the importance of “trust” on Twitter, writing:
“We’re laser focused on building trust and security into the crypto community so that the open financial system we all want is a reality. We recognize that issues like this can hurt that trust. We will continue to work to gain back the trust of every one of our customers who was impacted by those notifications.”