The Bitfinex Hack: How’d it happen?
By now, most of you have already heard of the Bitfinex hack. If you haven’t, here’s some background- on August 2nd, 2016, nearly 120,000 Bitcoins were stolen from the site (at the time, 95 Million USD). Trading was halted later that day, and panic ensued. This, by no means, had a small impact on the Bitcoin ecosystem as it brought prices plunging to near the $480 mark before making a good recovery the next day. Most now know that the event had a major impact to the cryptocurrency community, but why did it happen? Could it have been prevented? We’ll find out.
Why? Who was BitGo?
BitGo was hired to create a wallet system for Bitfinex and they did a relatively good job of it. Each user’s wallet was in a seperate BitGo wallet and each key supposedly remained safe. The system was, however, flawed. The wallets did what Bitfinex wanted to do with them, and there were no other major security systems implemented to stop a large transfer from happening. This meant that if the server and the API keys were hacked (which they were), all of the Bitcoin could be transferred at once. This is exactly what happened. Essentially, Bitfinex used an over-complicated hot wallet to
store their user’s Bitcoins, and it was hacked. BitGo should’ve seen this fault in the system and should have stopped developing their system this way, but they didn’t and went on like nothing would ever happen.
Why did it happen?
Nobody knows up to this day. Perhaps it was to make a point that their security was terrible, or it was just to purely steal money; either way, we know that Bitcoins were stolen, and BitGo’s system was partly to blame. There has been a giveaway that was apparently giving away 1,000 BTC of the stolen BTC, but members on the giveaway forum were unable to find evidence that those BTC were from Bitfinex’s wallets and found that the coins were mined in 2013. In addition, the account doing the giveaway had apparently been compromised and was asked for a deposit to an address to qualify the validity of giveaway, which was fake. The thread has since been locked and can now be found at bitcointalk.
Could This Have Been Prevented?
The Bitfinex issue could certainly have been prevented if Bitfinex had opted for a more cold-wallet centered storage option. However, they were actually fined by the CTFC for not having the required amount of Bitcoin in their hot wallets.
In this case, Bitfinex really didn’t have much of an alternative; it appears they did the best they could with the situation. This could have been prevented by having a few more security measures that would have made it more difficult to move massive amounts of Bitcoin to move in a short time span. The fact of the matter is Bitfinex messed up. While not always possible, moving your funds out of an exchange immediately is the most cautious approach for Bitcoin users; only then do you have full control of your Bitcoin.
Conclusion
The Bitfinex hack is a very complex issue as there are still parts of the mystery being worked out. Bitfinex didn’t have the best system of storing Bitcoin, which ultimately facilitated the theft. As you’ve already seen from Bitfinex and Mt. Gox, you should not place large amounts of money on exchanges for an extended period of time. It is recommended to move your Bitcoin as soon as possible to avoid such events, and choosing a paper or hard wallet to store them. A web-based wallet may not be the best way to go. Bitfinex has now recovered from the hack and is now again one of the largest exchanges by volume, but there are certainly some that have chosen to use a different exchange.