It might too early to start pointing the finger at anyone for the recent Bitfinex hack--though Bitfinex is likely to receive much of the finger pointing. However, I happened upon an interesting image, below, which I think could reveal quite a bit about how the hack happened.
What you're looking at there is charged issued by the CFTC, fining Bitfinex for acting as a futures commission merchant and for storing bitcoin in a centralized wallet rather than delivering the bitcoin to individual accounts. While the fine was quite small--only $75,000--it's still significant considering many of these companies are small.
The part highlighted in red is what I am most interested in ...
It reads: "During the Relevant Period, Bitfinex did not actually deliver bitcoins purchased on a leveraged, margined, or financed basis to the traders who purchased theme within the meaning of Section 2(c)(2)(D)(ii)(III)(aa) of the Act. Instead, Bitfinex held the purchased bitcoins in bitcoin deposit wallets that it owned and controlled."
Why is this significant?
Because the bitcoin deposit wallets that it owned and controlled, which the CFTC is complaining about, is a synonym for something else: cold storage.
That's right ... Bitfinex had been holding the bitcoin in cold storage and, due to a ruling by the CFTC, distributed the funds into user's hot wallets. It went from a safe, secure situation into one where every bitcoin was made available on the Internet.
For those that don't know, cold storage is a server that stores bitcoin off the Internet. If it's not connected, bitcoin can't be stolen. Exchanges tend to hold the vast majority of their bitcoin in cold storage so that if a hack occurs, they can only steal what's in the hot wallet. In the event that more liquidity is needed, the exchange can transfer more from cold storage.
By being forced to move all that bitcoin into individual wallets, while still keeping control of the keys of those wallets, Bitfinex put itself in a really bad position. Had it just kept the bitcoin in cold storage, 119,000+ BTC might not have been stolen.
So is the government to blame? Partially. It's operating on an old understanding of the financial world where assets pooled together is an easy way to embezzle them. In the blockchain world, you can pool assets and still know who, exactly, owns what.
But the blame still rests on Bitfinex. It was a centralized exchange where Bitfinex controlled the keys; if an insider was able to act based on that, it's on them for allowing that scenario. The government created the opportunity; Bitfinex amplified it.
I upvoted You
These incidents are disastrous for the entire crypto community and their prosperity. Decentralization is the hallmark of cryptocurrencies yet their weak point at the same time. Because there is no accepted institution that defines security standards which exchanges and wallet providers would need to obey. The more often these incidents happen where customer funds get lost, the more likely governments will step in and start banning cryptos justifying this with consumer protection. I´m really afraid that this could happen.
Interesting if it turns out to be even part of the reason for the hack. Could they sue the US government in this case?
Anyway I would bet a Big Mac on it being another inside job.