[BreachExchange] Bitcoin worth $72 million stolen from Bitfinex exchange in Hong Kong
Inga Goddijn
inga at riskbasedsecurity.com
Wed Aug 3 20:28:07 EDT 2016
http://www.reuters.com/article/us-bitfinex-hacked-hongkong-idUSKCN10E0KP
Nearly 120,000 units of digital currency bitcoin worth about US$72 million
was stolen from the exchange platform Bitfinex in Hong Kong, rattling the
global bitcoin community in the second-biggest security breach ever of such
an exchange.
Bitfinex is the world's largest dollar-based exchange for bitcoin, and is
known in the digital currency community for having deep liquidity in the
U.S. dollar/bitcoin currency pair.
Zane Tackett, Director of Community & Product Development for Bitfinex,
told Reuters on Wednesday that 119,756 bitcoin had been stolen from users'
accounts and that the exchange had not yet decided how to address customer
losses.
"The bitcoin was stolen from users' segregated wallets," he said.
The company said it had reported the theft to law enforcement and was
cooperating with top blockchain analytic companies to track the stolen
coins.
Last year, Bitfinex announced a tie-up with Palo Alto-based BitGo, which
uses multiple-signature security to store user deposits online, allowing
for faster withdrawals.
"Our investigation has found no evidence of a breach to any BitGo servers,"
BitGo said in a Tweet.
"With users' funds secured using multi-signature technology in partnership
with BitGo, a lot more is at stake for the backbone of the bitcoin
industry, with its stalwarts and prided tech under fire," said Charles
Hayter, chief executive and founder of digital currency website
CryptoCompare.
The security breach comes two months after Bitfinex was ordered to pay a
$75,000 fine by the U.S. Commodity and Futures Trading Commission in part
for offering illegal off-exchange financed commodity transactions in
bitcoin and other digital currencies.
BITCOIN SLUMP
Tuesday's breach triggered a slump in bitcoin prices and was reminiscent of
events that led to the 2014 collapse of Tokyo-based exchange Mt Gox, which
said it had lost about $500 million worth of customers' Bitcoins in a
hacking attack.
Bitcoin plunged just over 23 percent on Tuesday after the news broke. On
Wednesday it was up 1 percent at $545.20 on the BitStamp platform.
Tackett added that the breach did not "expose any weaknesses in the
security of a blockchain", the technology that generates and processes
bitcoin, a web-based "cryptocurrency" that can move across the globe
anonymously without the need for a central authority.
A bitcoin expert said the scandal highlighted the risks of companies using
cryptography for their ledgers.
"The more you rely on its benefits, the greater the potential for damage
when keys are stolen. We still have some way to go to create highly secure
but convenient systems," said Singapore-based Antony Lewis.
The volume of bitcoin stolen amounts to about 0.75 percent of all bitcoin
in circulation.
It is not yet clear whether the theft was an inside job or whether hackers
were able to gain access to the system externally. On an online forum,
Bitfinex's Tackett said he was "nearly 100 percent certain" it was no one
in the company.
Bitfinex suspended trading on Tuesday after it discovered the breach. It
said on its website that it was investigating and cooperating with the
authorities.
The security breach is the latest scandal to hit Hong Kong's bitcoin market
after MyCoin became embroiled in a scam last year that media estimated
could have duped investors of up to $387 million. The bitcoin trading
company closed after the scandal.
The president of the Hong Kong Bitcoin Association said the only way to
protect information is to disperse it in so many small pieces that the
reward for hacking is too small.
"For an attacker, the cost-benefit strategy is quite easy: How much is in
the pot and how likely is it that I'm getting the pot?" said Leonhard Weese.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160803/bc11eb4a/attachment.html>
More information about the BreachExchange
mailing list