Cyber robbers have mugged Hong Kong’s Bitfinex bitcoin exchange, stealing nearly 120,000 bitcoins worth up to $72 million.
Zane Tackett, Director of Community & Product Development for Bitfinex, told Reuters on Wednesday that 119,756 bitcoins had been stolen from users’ accounts and that the exchange hadn’t yet decided how to address customer losses.
Bitfinex halted all trading on Tuesday, stopping deposits and withdrawals while it investigates the breach.
The exchange said in a blog post that what it knew as of Tuesday was that some users have had bitcoins stolen. At the time of the post, part of the investigation was figuring out who, exactly, those users were.
Bitfinex said that it may need to settle open margin positions, associated financing, and/or collateral affected by the breach as it accounts for individual customers’ losses. The settlement prices will be at the market prices current as of Tuesday, 18:00 UTC.
Bitfinex confirmed that the breach was confined to bitcoin wallets. Other digital tokens traded on the exchange weren’t affected.
The one question on everybody’s lips: Are we getting Goxed again?
That, after all, has been, to date, the Mother of All Bitcoin Bellyups. Mt. Gox, a Tokyo bitcoin exchange, made a “whoopsie-doo!” announcement in 2014 concerning the mysterious vanishing of half a billion dollars worth of digital assets.
Various theories have been floated about what happened to those slippery slips of currency code.
Some pointed to Mt. Gox being an insider job. The Japanese newspaper Yomiuri Shimbun reported on New Year’s day, 2015, that there was “strong suspicion” that most of the missing bitcoins were ripped off by insiders.
Yomiuri Shimbun claimed that the loss of about 7000BTC could be explained by cyberattack – in other words, crooks outside the company’s network were the perpetrators – but that there’s no evidence of cyberattack around the loss of the remaining 643,000BTC.
In short, it thinks that 99% of the crime was an inside job.
According to WizSec, a bitcoin security outfit, the latest evidence, presented in April 2015, points to “most or all of the missing bitcoins [having been] stolen straight out of the MtGox hot wallet over time, beginning in late 2011.”
At any rate, a Bloomberg Technology reporter based in Tokyo who’s familiar with the hack and subsequent collapse of Mt. Gox said that the Bitfinex theft feels “a little different” so far.
Bitfinex is the largest US dollar trading exchange in the world, according to Yuji Nakamura – at least, it has been over the past 30 days. Based in Hong Kong, it’s dominated by the Yuan. The theft dragged the exchange down 20%, though Bloomberg reported that those losses had been erased as of Wednesday.
So yes, that’s similar to what we saw 2 years ago with Mt. Gox, which was then the largest exchange in the world. First there was the report of a hack, then it went bankrupt.
The difference this time around is that Bitfinex has been transparent about the loss, Nakamura said. Users haven’t been left in the dark a la Mt. Gox. Rather, Bitfinex has been talking to users about the incident on social media, pushing out information “as it becomes available” on Reddit and on its status page.
As of Wednesday evening, Bitfinex said it was continuing to investigate and that it’s cooperating with authorities. It’s also working with blockchain analytic companies to track the stolen bitcoins.
Meanwhile, it’s working on getting the platform up and running on a secure instance so that users can log in and see if their accounts have been affected, as well as the state of their positions and orders.
It told users that it would post more information later in the day, UTC time.
Hopefully, this time it’s a limited hack and won’t bring down the entire exchange, Nakamura said.
“We’ll see,” he added.
2 comments on “World’s largest bitcoin-dollar exchange robbed”
Isn’t bitcoin supposed to be more secure than this?
As bitcoiners love to remind us whenever we write stories like this: the insecurity here wasn’t in the Bitcoin cryptography or protocol, it’s in the company that stored the data blobs that represent the bitcoins.
But, yes, you would hope that such a company would be more secure than this, in the same way you’d hope that a shop wouldn’t end up with malware all over its cash registers.
(Actually, this is in many ways much worse: a stolen credit card number *may* lead to financial loss, but with prompt action, that loss can be mitigated. A stolen bitcoin is like having $600 in cash lifted from your pocket. Gone for good!)