Update: Bitfinex Confirms 119,756 Bitcoin Stolen. Bitfinex Hack Live Blog

in #bitcoin8 years ago (edited)

Alright, so there's a lot of chaotic tweets going on, so I wanted to put together a few of the factoids that we know thus far about the Bitfinex hack.  There continue to be many updates to this. Please scroll to the bottom to see the latest!

1. Breach Reported at 3PM

Zane Tackett, the Director of Community & Product Development took to Reddit to explain that there had been a breach found that required all trading to halt on Bitfinex. 

He said: " We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen. We are undertaking a review to determine which users have been affected by the breach."

According to Zane, the hack occurred today. And the only currency impacted was Bitcoin, so all Ether and Fiat (USD) held in its accounts are perfectly safe. 

2. 0.5% of Bitcoin

Originally, it was believed that only 0.5% of Bitfinex's reserves had been stolen, but this was actually a misrepresented tweet from an earlier hack. 

In reality, the amount of bitcoin that has been stolen has not yet been reported by Bitfinex, though there is speculation that it could be much more. 

3. Could it be 150K?

The above image is important because it shows all the bitcoin that are held in p2sh addresses. A p2sh address is, essentially, a multi-sig wallet. 

As you can see, the numbers hardcore dropped today at sometime in the morning from around 12.5% to 11.75%. According to some analysis, that .75% drop in total bitcoin held in p2sh addresses could be as much as 157,905BTC or 1%. 

The sudden drop in bitcoin in multi-sig wallets (which is what Bitfinex uses) correlates too nicely with the breach today. 

4. Big spike in mempool

Between 4:30 and 6:00 this morning, there was a sudden spike in transactions on the memepool, which lists all transactions. If we look at the first image and then this one, they appear to happen at around the same time. 

What this leads us to believe is that bitcoin were being moved out of those multi-sig addresses in hundreds of thousands of transactions. 

5. Bitfinex uses BitGo

What has many users concerned is that Bitfinex uses BitGo for its wallets. BitGo is the biggest reason we have multi-sig wallets today, so if someone gained access, there could be far worse implications than people are revealing. 

That would, normally, be a fine thing because BitGo has insurance. Except, that insurance is only useful if the incident is caused by BitGo. 

Mentor77, a user on reddit, wrote the following: "That [BitGo insurance] only covers incidents caused by BitGo. If Bitfinex's keys were breached and the hacker was signing with them, BitGo was signing legitimate transactions as far as their agreements are concerned."

Remember, multi-sig requires two signatures. If Bitfinex is signing a signature, there's no reason for BitGo not to as well. 

Update: Price of Bitcoin Drops 11%

CoinDeskPricef36f8.png

Over the past 24 hours, the price has dropped from an already lower $610 to around $540, an 11% drop. With one exchange getting hacked, fear kicks in, resulting in other people selling their bitcoin with an uncertainty on how low the price could go.

Update: Bitfinex Confirms Amount Stolen

Co43WlpXEAAER3B.jpglarge6b0e6.jpg

According to Zane, 119,756 bitcoin has been stolen from Bitfinex as previously reported earlier in our report. At time of submission, 7:26PM EST, that is equal to $61.6 million. At the time of the hack, this was closer to $100 million worth of bitcoin stolen.

Update: BitGo Not At Fault

According to a reddit post, Zane said the following: "We're still investigating the hack to figure out exactly how we were compromised, but it does look like it's on us [Bitfinex]." This came after being asked if this was a user error or a BitGo error.

BitGo Confirms No Fault

bitgo-not-at-faultaaec6.png

In a tweet sent out by BitGo, it confirmed that it was not at fault for the recent hack of Bitfinex.

Bitfinex Provides Further Details

Co5JCfwWIAAgSzX.jpglargefa6c4.jpg

Bitcoin Core Developers Reject Plan for Miners to Prevent Hacker Transactions

Co5N9AMWEAAWPqo.jpglarge7b9d6.jpg

I will continue to update this post throughout the next few days as we learn more about the hack. 

Sort:  

Good time to buy some Bitcoins.

Some people have been saying that. I am curious to see if it goes much lower or if the market can handle this sort of drop.

Buy at $500, I doubt it go any lower than $450. It will drop more this evening when people get home from their work and read the news.

I am not buying right now. But who knows what the future holds. :)

Thanks for putting things together, hope you're not affected yourself :)

Fortunately, I am okay. But I know many others have lost their BTC.

I hope that another exchange doesn't bite the dust. BTC was just starting to recover from the MTGOX fiasco.
I have .26 BTC on Bitfinex and 269.00 USD. I was doing margin lending. ☹

Yeah, it all depends what kind of hack this was. If it was as advanced as I have heard some people describe it, many exchanges could be at risk. :/

There is no way they will be able to repay their customers unless it is a very deferred strategy. Buying back these coins (at $500 a pop) will cost more than 50 million dollars. I feel so bad for everyone that lost btc

I think you're very right about this. I think that this is going to create an environment where the only exchanges that are truly safe are those that are decentralized where no funds are kept in a central service.

This will set things back considerably though. Just look at the sustained imact of the Gox hack on BTC prices. Hopefully it won't be as bad.

The upside as someone said is cheaper bitcoin prices so as long as you can buy at or near the bottom then great.

Could also create a mini alt boom too.

Yeah, the alt boom is definitely possible. I wonder which alts will succeed.

thanks for the update

My pleasure. :)

I feel for those that lost money on Bitfinex. But they have been a shady operation for quite a while much like Mt. Gox was a shady operation for quite a while before blowing up.

Hopefully this will be yet another lesson that teaches users to either control their funds locally or very careful choose a hosted wallet solution.

"That [BitGo insurance] only covers incidents caused by BitGo. If Bitfinex's keys were breached and the hacker was signing with them, BitGo was signing legitimate transactions as far as their agreements are concerned."

So then what would their insurance cover? Their customer was responsible for setting up a two signature requirement, Bitgo only held one key, and only a transaction with two signatures could cause any loss. If their insurance didn't cover transactions that Bitgo erroneously signed that causes losses, what could it possibly cover?

Remember, multi-sig requires two signatures. If Bitfinex is signing a signature, there's no reason for BitGo not to as well.

Then what possible purpose does Bitgo serve? Why not just use a single signature?