Theft And Mayhem In The Bitcoin World

The schadenfreude of Bitcoin enthusiasts over Ethereum’s recent troubles ended abruptly last week. A major Bitcoin exchange, Bitfinex, was hacked and nearly 120,000 BTC (around $60m) was stolen. The price of Bitcoin promptly crashed, and Bitfinex was forced to suspend trading. Suddenly, Ethereum was not the only basket case cryptocurrency around.
It appears that Bitfinex’s security was seriously compromised. Customer coins were held in individual wallets secured with a 2 of 3 multisig arrangement: keys were held by Bitfinex itself and Bitgo, a professional custodian and signatory, with a third (backup) key held in secure offline storage. Customers could not withdraw funds from the wallets until any borrowings had been cleared. It was, if you like, a form of escrow. And it should have been secure.
But it wasn’t. Somehow, the hacker managed to gain access to hundreds of customer wallets. Not only did the hacker gain access to the wallets, he/she also overrode Bitgo’s withdrawal limits. It was a well-planned and comprehensive security breach by someone who knew exactly what they were doing. Funds were moved to thousands of addresses over a short period of time. Bitfinex, it seems, was powerless to stop it.
This is one of the largest Bitcoin heists ever, dwarfed only by Mt. Gox in 2014. It is comparable in size to Ethereum’s DAO theft only a couple of weeks ago. And it is going to result in a lot of people losing a lot of money. All of Bitfinex’s customers, in fact. The company has announced a haircut of 36.067% across the board:

This post was published at Forbes on AUG 6, 2016 @.

Comments are closed.