Security Breach at Bitfinex

**raiders72001** · 08-02-16, 02:12 PM

For updates: https://bitfinex.statuspage.io/

**Slanina** · 08-02-16, 02:46 PM

Rough day for Bitcoin. I sold at $615 yesterday after holding for months.

**DISTROYA** · 08-02-16, 05:41 PM

cant log on to coinbase either, right when i got a substantial withdrawal today from a book, WTF is going on?

**Memento** · 08-02-16, 06:02 PM

poor dudes playing at nitrogen getting absolutely hammered right now

**SBR Forum** · 08-02-16, 06:25 PM

According to a post on reddit purportedly from a Bitfinex employee, 119,756 BTC lost during the hack: https://www.reddit.com/r/Bitcoin/com...allets/d61oe33

**raiders72001** · 08-02-16, 07:42 PM

Earlier today, Bitfinex announced a security breach requiring them to halt all trading, deposits, and withdrawals on the Hong Kong-based bitcoin exchange.Founded in 2012, Bitfinex has offices in Europe, Hong Kong, and the United States. It has been one of the world's leading bitcoin exchanges, with deep liquidity in the U.S. dollar/bitcoin currency pair. The company was one of the first to launch ETC trading soon after the hard fork of Ethereum last week, followed by ETCBTC and ETCUSD margin trading the next day.
The company revealed the breach at 2:16pm EST, “we know that some of our users have had their bitcoins stolen.” Bitfinex Director of Community & Product Development, Zane Tackett, confirmed on Reddit that “the loss from the hack stands at 119,756btc.”
Tackett confirmed that “No fiat was stolen, only btc.” He also said “other currencies were not affected,” although users are unable to trade, deposit or withdraw during the halting period.
“We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.”

- Bitfinex

Bitfinex uses BitGo wallets to store customer bitcoins. “Even if you didn't set one up it's what we used to store your btc”, Tackett states in his post. Bitfinex and BitGo partnered in June, allowing the exchange to provide “individual multi-signature wallets for each customer,” according to announcements from both companies at the time.
“Bitfinex uses a unique set of keys for each user, and separates each user’s funds on the public blockchain,” Bitgo stated at the time. “This powerful combination of BitGo’s multi-sig technology with Bitfinex’s exchange mitigates most of the shared pool security risks while simultaneously enabling users to verify their individual holdings on the blockchain.”
According to Tackett, all Bitfinex customers have their own BitGo wallet, and therefore there was no hot or cold wallet used by the exchange. “We have one key, bitgo has one key, and one key is kept in cold storage,” he verified.

“We haven't have a hot/cold wallet setup since the bitgo implementation. Instead each user has their own wallet with limits on how much it can withdrawal as well as a global limit. We're still investigating how they were able to compromise this setup.”

- Zane Tackett, Bitfinex Director of Community & Product Development

Respondents to Tacketts post were concerned about BitGo themselves. “It doesn't look like they were compromised,” Tackett replied. “I don't believe our back-up keys were compromised but the investigation is still ongoing on how exactly we were compromised.”
While BitGo has insurance against bitcoin theft, from XL Group insurance companies, it does not cover Bitfinex. Tackett confirmed on Reddit that this breach is not insured. “We will look at various options to address customer losses later in the investigation,” Bitfinex said in their announcement.
In addition, the company announced that any affected accounts with open margin positions may need to be settled at the current market prices as of 18:00 UTC. “Only positions directly affected from the theft will be settled,” Tackett confirmed.

Trading was halted at approximately 2pm EST, when the bitcoin price on the exchange was at $604 USD

This is not the first time Bitfinex has been hacked, having suffered a breach in May 2015. At that time, over 99.5% of deposits were held in secure multisig wallets, with the rest stored in a hot wallet that was compromised.
Bitfinex has also been prone to downtime lately. Following scheduled maintenance on June 17, which only lasted one hour, the company revealed problems on June 20. Trading was paused while the company investigated an "infrastructure issue" which they said "does not involve funds or system security."
Before trading resumed, however, the company announced “networking issues within our new datacenter.” After over six hours of downtime, trading resume, but it did not stay live for long. Five hours later, the site was offline again. The downtime on June 21 lasted approximately four hours.

“We are not confident in the network stability of our datacenter so we have elected to take trading down for the time being.”

- Bitfinex

The networking issues continued when customers in North America complained of not being able to access the site on July 1. The company acknowledged internet routing and connection issues, stopping users from North America from accessing their site. The Bitfinex website was temporarily taken down again last week, for approximately three hours during the Ethereum forking event.
Bitfinex claims to be doing everything it can to resolve this latest breach. “The theft is being reported to—and we are co-operating with—law enforcement,” the company states.

http://bravenewcoin.com/news/bitfine...d-withdrawals/

**raiders72001** · 08-02-16, 07:50 PM

Originally posted by SBR Forum

According to a post on reddit purportedly from a Bitfinex employee, 119,756 BTC lost during the hack: https://www.reddit.com/r/Bitcoin/com...allets/d61oe33

It has to be an inside job no matter how it's spun.

**Darkside Magick** · 08-02-16, 08:05 PM

Originally posted by raiders72001

It has to be an inside job no matter how it's spun.

This.

Nobody swiping 100 million dollars without someone knowing the codes

**raiders72001** · 08-06-16, 04:02 PM

Bitfinex To Socialize Losses: Customers Will Lose 36% of Deposited Funds

http://themerkle.com/bitfinex-to-soc...posited-funds/

**3runhomer** · 08-06-16, 05:47 PM

I am hoping they are socializing the loses for bitcoin deposits only. I had sold some a month ago, and just had the USD sitting in the account waiting for football...

Does anyone know or read how they will treat accounts that had USD sitting in the wallet?

**3runhomer** · 08-06-16, 05:48 PM

Nevermind I guess...that article Raiders posted said "All Assets".

That sucks.

**Optional** · 08-06-16, 06:10 PM

Originally posted by raiders72001

http://themerkle.com/bitfinex-to-soc...posited-funds/

How does the 'hacker' spend these funds without being detected?

**raiders72001** · 08-06-16, 07:48 PM

Originally posted by Optional

How does the 'hacker' spend these funds without being detected?

Runs them through mixers.

**raiders72001** · 08-06-16, 07:49 PM

We are actively discussing various strategic options with numerous potential investors as part of our strategy to fully compensate our customers. Such discussions, however, are in early stages and will likely take time to play out. In the meantime, In place of the loss in each wallet, we are crediting a token labeled BFX to record each customer’s discrete losses. Tokens will be distributed without release or waiver. The BFX tokens will remain outstanding until redeemed in full by Bitfinex or possibly exchanged—upon the creditor’s request and Bitfinex’s acceptance—for shares of iFinex Inc. We are still sorting out many details on this; we will post further updates in the coming days.

https://bitfinex.statuspage.io/