logo
logo
logo
logo
logo
logo
logo
logo
logo
logo
logo

Bitfinex robbery: system failed to prevent it


Advertisement
Bitfinex robbery: system failed to prevent it In 2016 BitTeX Bitfinex lost 120,000 BTC. The thieves took them under the eyes of BitGo, which was to serve as a protector. On Tuesday, August 2, 2016 on Bitfinex board appeared the bitter news: we were attacked, we must temporarily close, a bit of bitcoin was stolen. It was not yet known how much of the stock was actually stolen. Internet detectives, however, soon noticed an exceptionally high drop in resources held on P2SH addresses that Bitfinex used. The presumption proved to be true, and Zane Tackett, Bitfinex community manager, confirmed: we have lost exactly 119 756 BTC. This amount represents about 0.75% of all Bitcoins emitted so far and is the second highest loss in Bitcoin's history, right after the infamous Mt. Gox. A..

Join us


By signing-up I agree with your T&C

353 clients
508,320 pings / day
20 server outages today

Bitfinex robbery: system failed to prevent it

In 2016 BitTeX Bitfinex lost 120,000 BTC. The thieves took them under the eyes of BitGo, which was to serve as a protector.

On Tuesday, August 2, 2016 on Bitfinex board appeared the bitter news: we were attacked, we must temporarily close, a bit of bitcoin was stolen. It was not yet known how much of the stock was actually stolen. Internet detectives, however, soon noticed an exceptionally high drop in resources held on P2SH addresses that Bitfinex used. The presumption proved to be true, and Zane Tackett, Bitfinex community manager, confirmed: we have lost exactly 119 756 BTC.

This amount represents about 0.75% of all Bitcoins emitted so far and is the second highest loss in Bitcoin's history, right after the infamous Mt. Gox. According to the original reports, it lost 850 thousand BTC, but some have been found and the total loss is around 650 thousand BTC.

Reconstruction, or how it propably happened

Bitfinex has been using a solution he has developed together with BitGo for the past year, which he described as a standard of transparency and security. In the first case, this may be true. Every client of the stock exchange had the funds deposited at an individual address and hence could see that the Exchange is actually in the possession and is solvent. And security? She obviously failed, but we do not yet know what exactly. This will reveal a more detailed investigation.

The addresses on which clients' funds are cleared are so-called multisig. Two of the three existing keys are needed to manipulate resources at that address. One was in Bitfinex standard traffic, the other was in cold storage Bitfinex, ie inaccessible and securely stored, and the third was BitGo. The standard practice was that Bitfinex signed a transaction at the transfer of funds, which was later verified in BitGo and added a second signature. However, we do not have more information about the scrutiny process.

Transactions that stole nearly 120,000 bitcoins were signed with the Bitfinex standard key and the BitGo key. So we know with certainty that the attacker compromised Bitfinex systems and gained its online keys. This is, of course, a very bad thing, which has already happened in the past. That is why there was another party, which in this case had to prevent the transfer of funds. But BitGo did not do it, and within a few tens of minutes it probably signed thousands of transactions that blew 120,000 BTCs.

One possible cause is the compromise of BitGo, but this option has denied the company. The second option is even worse: BitGo's service is unreliable and its design is fatal. The attacker could theoretically compromise the communication channel between Bitfinex and BitGo to make BitGo the transaction signed. But that does not change the fact that the shifting of that amount of resources in such a short time had to be a clearly visible anomaly BitGo had to capture.

Impact on the Bitcoin ecosystem

Cases Mt. Gox and Bitfinex differ in more ways than they agree. Both exchanges were the biggest dollar exchange in times of trouble. The difference, however, is that the dollar exchanges now have only a small share of the total trade, in percentage terms. Bitcoin now dominates China. Specifically, Bitfinex's share of all stores ranged between 1-2%. In terms of volume and robbery and probably Bitfinex crash are not so significant.

Bitfinex, on the other hand, was one of the most progressive bitcoin stock exchanges. They did not only find classic spot stores, like most competitors, but also leverage or broker lending. There were also other virtual currencies such as Etherum and Litecoin. Assigned funds in these currencies should be unaffected.

The difference is also that if management Mt. Gox was not involved in the fraud, so he kept the losses he knew about at least for a long time, and apparently he was even higher. There is nothing to suggest that Bitfinex would be. According to the information available, the stock market went out with the truth almost immediately as soon as the theft occurred. In addition, business representatives are relatively open and inform about the extent of problems.

Of course, the market has responded to the theft. The course shortly after the announcement sinks about $ 600 for BTC under $ 500. Since then, it has been growing again and approaching the original value. On Thursday, August 4, Bitcoin traded for about $ 560. The market reaction shows that, although it is a great inconvenience, however, it does not have a significant impact on the ecosystem because Bitfinex is just a small piece of puzzle.

Solution? Not a single one real exists

There are a number of opinions on how to deal with the situation, how to return the money to their rightful owners. Proposals like agreeing with thieves to return most of the money in exchange for impunity seem to be naïve. A little more serious is the suggestion of joining miners who could reverse their transactions with their computing power. That's just a minority opinion. Most people involved think that Bitcoin would have discredited such a move. One of Bitcoin's main assets is the irreversibility of transactions and the unenforceability of central bank transactions. Regardless of whether transactions are good or bad.

Anyway, thieves will not have a quiet life. Any transactions with stolen Bitcoins will be closely monitored. While techniques for mixing bitcoins are being developed to hide the creator, they also improve techniques for tracking them. Beyond reality is the notion that thieves could safely exchange most of the bitcoins for dollars or other traditional currency. Investigation will certainly facilitate the fact that it is one theft by one attacker or group of attackers. Not like Mt. Goxu, where the bitcoons gradually mysteriously scattered.

Bitfinex is unlikely to recover from the theft

We have no information about Bitfinex's total resources. But it is assumed that those stolen represent the majority. Bitfinex is planning to run the site again so users can see how much they have on their addresses. This is related to the question of whether everyone should receive the balance of their address, or the remaining bitches should be shared among all. The second option seems more likely because users have no way of protecting their resources. All of them were directed by Bitfinex, although on individual addresses. This would mean that finding the balance would not be of any use to the client.

Some clients also pointed out that BitGo last February secured deposit insurance up to $ 250,000 per head. However, the announcement was soon erased, indicating that probably no refunds would be made. The insurance would probably only cover the funds in the BitGo wallet, not the funds at the partners, for which the company has only one key and therefore has no control over them.

Bitfinex is unlikely to recover from the theft, unless the case can be resolved quickly and the bitches returned. Otherwise, it looks more like bankruptcy. In that case, the release of the remaining funds would probably take many months, if not a flight, which is another big problem for clients. It will also be interesting to watch BitGo hit. This service is, by the way used by other big Euro-American exchanges, such as Bitstamp or Kraken. However, their use of BitGo may vary significantly. Both stock exchanges announced that the vast majority of bitcoins are in cold storage.

ProviderPlan
Cost / mo

Hard drive

Traffic
CountryUptime
LANSOL GmbHzyanWEB ULTIMATEGBPUnlimited100GBGermany Germany99.2%
Description: create cloud server, cloud based server hosting, cloud application server
hostasp.netEconomyGBP1GB5GBUnited States United States99.041%
Description: ruby server monitoring, gfi server monitor, wow mop private server
bookandhost.comWin Book 1GBGBP10Gb1GbUganda Uganda99.595%
Description: cloud based server backup solutions, server monitoring tool, cloud hosted servers
netregistry.com.auStarterGBP500GB20GBAustralia Australia99.503%
Description: dedicated server hosting australia, cloud based server backup, server backups
DomainFactoryResellerDedicated XL7GBP149 Unlimited31,25GBGermany Germany99.857%
Description: cloud backup services for servers, server monitoring cloud, windows server monitoring tools
http://www.sweb.cz/PlusGBPUnlimited2GBCzech Republic Czech Republic99.024%
Description: exchange server monitoring, windows server recovery, server monitoring
Internetagentur WasBasic Host 4GBPUnlimited4.88GBGermany Germany99.082%
Description: running wordpress on windows server, linux server monitoring, windows 2008 server backup
kattare.comCorporateGBP28 100GB1.5GB99.366%
Description: cloud file servers, sql server backup strategy, small business server backup solutions
twosteps GmbHProfiGBPUnlimited1.46GBGermany Germany99.91%
Description: systems management server, windows cloud servers, cloud backup servers
windowwebhosting.comProGBP5GB250MBIndia India99.512%
Description: best server backup solution, server cloud canada, cost of cloud server
Net-Build GmbHNet-Build BusinessGBP17 Unlimited24,41GBGermany Germany99.92%
Description: xen server backup, monitor windows server performance, server backup solution
AAPTWebBizGBP47 2000 MB250 MBAustralia Australia99.802%
Description: back up servers, server on cloud, cloud server setup
goneo.deStartGBP100GB20GB99.704%
Description: cloud server host, cloud server services, server disaster recovery
help99PrivatGBPUnlimited3,91GBGermany Germany99.118%
Description: how to backup server, performance monitor windows server 2008 r2, monitoring server performance
hostcaters.comCaterBitGBP10Gb100MbUnited States United States99.876%
Description: online server backup solutions, monitoring server software, cloud vs server
1&1 Internet AG1&1 Unlimited Pro WindowsGBP18 UnlimitedUnlimitedGermany Germany99.689%
Description: server image backup, sql server backup table, cloud virtual servers
contabo.comLGBPUnlimited100GB99.26%
Description: cloud server solutions, window server backup, cloud backup for servers
onlinerack.comBronzeGBP30GB1GBUnited States United States99.278%
Description: hp server monitoring software, australian dedicated server hosting, servermonitor
zzz.comBusinessGBP1GB99.883%
Description: server network monitoring software, windows server 2003 installation, server network monitoring
mdg-it.com.auDevGBP1GB500MB99.267%
Description: server backup system, online server backups, cloud based mail server
fateback.comLight CloudsGBPUnlimitedUnlimited99.937%
Description: online server backup, windows server backup system state, cloud plex server
http://www.datahousing.cz/UnlimitedGBPUnlimited999GBCzech Republic Czech Republic99.283%
Description: cloud server provider, server monitoring dashboard, simple server monitoring
DM Solutions e.K.Reseller Basic v3GBP31 Unlimited35.00GBGermany Germany99.073%
Description: cloud servers reviews, server 2008 image backup, sql server with check option
STATION55Germany Webhosting - Einsteiger Bronze HostingGBPUnlimited5GBGermany Germany99.781%
Description: backblaze server backup, creating a cloud server, web server monitoring tools
mumbaihosting.comGoldGBP29 10GB2GB99.977%
Description: cloud server costs, windows server 2003 group policy editor, best server backup
ipmirror.comLinuxGBP14 100GB20GBSingapore Singapore99.117%
Description: cloud backup server, datacenter server architecture, online backup servers
icdsoft.comBusinessGBP1000GB100GBBulgaria Bulgaria99.957%
Description: server backup tools, server cloud, server performance monitoring
clansitemanager.comCompleteGBP36 UnlimitedUnlimited99.589%
Description: web server monitoring, build a cloud server, windows server 2008 system restore



Free variant

Free

  • Non-commerce
  • 1 website
  • 10 minutes interval

Basic variant

GBP 9 / Month

  • Professional usage
  • Up to 100 websites
  • 1 minute interval

Unlimited variant

GBP 136 / Month

  • Professional usage
  • Up to 1000 websites
  • 10 seconds interval

Join us


By signing-up I agree with your T&C


↑ Scroll Up ↑