Following the hack of exchange Bitfinex and the theft of almost 120,000 BTC ($60 million), suggestions are surfacing that regulation prevented its funds from being placed in cold storage wallets.
Fingers Point at BitGo, Regulators
As the investigation into the sequence of events and their cause continues, blame is being shifted between Bitfinex, its security provider BitGo and – most recently – the US Commodity Futures Trading Commission (CFTC).
BitGo came in for criticism after the significant hacker funds transactions were reportedly signed off without full security.
“…We used the company that prides itself and specializes in bitcoin storage,” Director of Community & Product Development, Zane Tackett said. “How these practices were bypassed, we’re still investigating.”
BitcoinTalk owner Theymos described BitGo as “selling a false sense of security.”
“BitFinex apparently had a perfectly good cold storage setup, but then they were somehow convinced that BitGo would be more secure, even though they were actually trading in cold storage for 100% hot storage,” he wrote. “On the other hand, I’m told that BitFinex was previously warned about this security issue, BitFinex should’ve known anyway, and they’re the ones who lost the keys.”
The discussion involving the CFTC meanwhile focuses on Bitfinex potentially being obliged to hold user funds in hot wallets.
Bitfinex was previously fined $75,000 by the CFTC for failing to register as an appropriate entity for the services it offered as well as:
[F]or offering illegal off-exchange financed retail commodity transactions in bitcoin and other cryptocurrencies.
These “off-exchange” transactions could be alluding to the storage of funds offline — commonly known as cold storage — one of the best ways to keep your funds out of hackers’ reach. If this is indeed the case then the incident could undermine calls for more regulation as cryptocurrency exchanges face a dilemma between security and compliance.
Cold Truth: 119,756 BTC Stolen
The compromise, which occurred late Tuesday, exclusively involved customer wallets with Bitcoin funds. Bitfinex shut down while an investigation to determine the course of events continues. The exchange froze deposits and withdrawals, while in a statement says it “may need to settle open margin positions, associated financing, and/or collateral affected by the breach.”
“We are taking this necessary accounting step to normalize account balances with the objective of resuming operations,” the statement adds.
While Bitfinex did not mention the amount involved, Tackett later posted on Reddit:
I can confirm that the loss from the hack stands at 119,756btc.
In a further response, he continued:
“Yeah, it fucking sucks. I’ve felt like shit since the moment I found out. We’ll do everything we can to keep you guys up to date with what’s happening and how we plan to address everything.”
Statistics also showed a large amount being moved out of multi-signature wallets.
Reactions & Lessons in Security
Meanwhile, more predictable scorn came from dubious alleged financial ponzi operation OneCoin, whose advertisers used the hack to champion a move away from Bitcoin.
“THIS IS WHY, Bitcoin way of doing things is old fashion! [sic]” a shill account under the name of Ken Labine posted in light of the news being made public. “With our central [sic] approach we can get back hacked coins…”
The idea of returning stolen funds is in fact circulating elsewhere, Tackett being told by a core developer:
“Have you considered getting a list of transactions to blacklist and getting miners to reorg the theft? The window of time for that hasn’t closed.”
What do you think about the Bitfinex hack and what its significance? Let us know in the comments section below!