Bitfinex Hack: US Regulation ‘Prevented Cold Storage Use’

Bitfinex Hack: US Regulation ‘Prevented Cold Storage Use’

9286
4
SHARE
Cold

Following the hack of exchange Bitfinex and the theft of almost 120,000 BTC ($60 million), suggestions are surfacing that regulation prevented its funds from being placed in cold storage wallets.

Also read: Bitcoin Price Dives 22% After $60 Million Bitfinex Hack

Fingers Point at BitGo, Regulators

bitgo-secured-byAs the investigation into the sequence of events and their cause continues, blame is being shifted between Bitfinex, its security provider BitGo and – most recently – the US Commodity Futures Trading Commission (CFTC).

BitGo came in for criticism after the significant hacker funds transactions were reportedly signed off without full security.

“…We used the company that prides itself and specializes in bitcoin storage,” Director of Community & Product Development, Zane Tackett said. “How these practices were bypassed, we’re still investigating.”

BitcoinTalk owner Theymos described BitGo as “selling a false sense of security.”

cftc“BitFinex apparently had a perfectly good cold storage setup, but then they were somehow convinced that BitGo would be more secure, even though they were actually trading in cold storage for 100% hot storage,” he wrote. “On the other hand, I’m told that BitFinex was previously warned about this security issue, BitFinex should’ve known anyway, and they’re the ones who lost the keys.”

The discussion involving the CFTC meanwhile focuses on Bitfinex potentially being obliged to hold user funds in hot wallets.

Bitfinex was previously fined $75,000 by the CFTC for failing to register as an appropriate entity for the services it offered as well as:

[F]or offering illegal off-exchange financed retail commodity transactions in bitcoin and other cryptocurrencies.

These “off-exchange” transactions could be alluding to the storage of funds offline — commonly known as cold storage — one of the best ways to keep your funds out of hackers’ reach. If this is indeed the case then the incident could undermine calls for more regulation as cryptocurrency exchanges face a dilemma between security and compliance.

Cold Truth: 119,756 BTC Stolen

Zanetackett
Zane Tackett

The compromise, which occurred late Tuesday, exclusively involved customer wallets with Bitcoin funds. Bitfinex shut down while an investigation to determine the course of events continues. The exchange froze deposits and withdrawals, while in a statement says it “may need to settle open margin positions, associated financing, and/or collateral affected by the breach.”

“We are taking this necessary accounting step to normalize account balances with the objective of resuming operations,” the statement adds.

While Bitfinex did not mention the amount involved, Tackett later posted on Reddit:

I can confirm that the loss from the hack stands at 119,756btc.

In a further response, he continued:

“Yeah, it fucking sucks. I’ve felt like shit since the moment I found out. We’ll do everything we can to keep you guys up to date with what’s happening and how we plan to address everything.”

Statistics also showed a large amount being moved out of multi-signature wallets.

Reactions & Lessons in Security

Meanwhile, more predictable scorn came from dubious alleged financial ponzi operation OneCoin, whose advertisers used the hack to champion a move away from Bitcoin.

Steemit hack“THIS IS WHY, Bitcoin way of doing things is old fashion! [sic]” a shill account under the name of Ken Labine posted in light of the news being made public. “With our central [sic] approach we can get back hacked coins…”

The idea of returning stolen funds is in fact circulating elsewhere, Tackett being told by a core developer:

“Have you considered getting a list of transactions to blacklist and getting miners to reorg the theft? The window of time for that hasn’t closed.”

Attention will no doubt focus on better security and the need to store funds offline in “cold storage” as a key lesson from the breach.

What do you think about the Bitfinex hack and what its significance? Let us know in the comments section below!


Images courtesy of wordpress.com, paxful.com, bitfinex.comaprilkoehlerphotography.com

  • Erik

    IF US Regulation is the direct reason for this result they should be held responsible and pay it all back. +75.000 earned for the fine -119756 coins they now have to to repay. I personally trade at bitfinex myself, and did not know they removed cold storage, and changed it. If I knew I would have removed my funds there ASAP. Yet again I am getting ripped a new thanks to regulations, it for me personally as an active trader always been my main problem.

    This is in two words “insane policy” !!!!!

    • Jeremy

      How could the US regulate a business that didn’t even have a licence to operate in the first place?

      • Erik

        Well you should ask the CFTC that one yourself. Because I have not yet done the research on it.

  • Jon

    It’s always going to be easier to hack using edge-case scenarios than build systems that are 100% secure. No amount of regulation is going to change that.