The accounts of the clients of the Hong Kong stock exchange were protected technology multipoles. Provider of security services was made by the company BitGo. However, these measures proved insufficient to prevent theft of almost 120 thousand bitcoins.
On the eve of Bitfinex announced massive attack, which was stolen 119756 BTC (over $73 million at the time of the attack). The exchange announced the suspension of all operations and involved investigation by law enforcement agencies. BitGo, in turn, said that their servers were not hacked.
However, as noted by Reddit users, statements on the protection with the help of multipoles in the case of Bitfinex was more of a marketing ploy — two of the three keys were kept by the exchange (one in cold storage) and the third BitGo. The exception was made only for American users — they got the third key at their disposal after the warning of the commodities trade Commission and U.S. markets to the exchange. To confirm the transaction required proof of two keys out of three. If it were compromised, only the keys on the side of Bitfinex, their accounts would be untouched. However, at least one American user said that also was the victim of a theft.
According to the current security model when the user initiated the transaction, Bitfinex signed it and sent BitGo for verification. As follows from the current story, signed by the provider is carried out automatically, without any verification. All transactions were signed by BitGo, confirmed a representative of the exchange Zane Tackett.
"I said that, most likely, the vulnerability was on our side and not from Bitgo, I also said that our cold key probably has not been compromised" — he wrote in the discussion.
According to representatives of Bitfinex and its internal rules provided for the withdrawal limit bitcoins, however, the system did not work, the cause of this failure must establish the investigation. Cold keys stored by the exchange, were not available to the hacker. Tackett also assured that the staff of the exchange had nothing to cracking — such a suspicion was voiced by a number of Reddit users — although this version is not excluded in the investigation.
The moderator of the bitcoin community Theymos also spoke about the incident. In his opinion, Bitfinex should not have so much trust BitGo, whose security model was not on the level.
«BitGo sells a false sense of security. At Bitfinex, apparently, it has excellent cold storage, but then they were somehow convinced that BitGo will be safer, though in fact they are sold for cold storage 100% hot storage."On the other hand, told me that BitFinex was warned about this vulnerability, BitFinex had to know about it, and they lost the keys. Thus, I would say that 90% of the blame lies on BitFinex, while BitGo is also to be condemned for selling services, which is very unsafe in real conditions".
Some users, such as bitbody2 condemn technology multipoles as vulnerable:
"Why is one side actually has two keys? Why bother to use multipages? If the key was the client, unless it would prevent unauthorized movement of funds? How it was decided that in this scheme there was a General holder of most of the keys? [...] Why is the majority holder of the keys is a good idea? Or something I don't know?"
Bitfinex promised to keep people informed of current events as promptly as possible, and a representative of the company Zane Tackett lays out the information in the thread on Reddit. He also reiterated a previous statement that was just stolen bitcoins, while litecoin, tokens, ether and other assets remain intact.
"While we consider individual the loss of customers, we may need to close all open margin positions related to financial and/or indirectly affected by the hacking. Any deal will be made at current market prices at 18:00 UTC (21:00 GMT — CoinFox)", — stated in the message exchange.
Bitcoin lost 11% of the cost in connection with the attack, reaching the lowest level since may of this year. Market participants, fearing that the attack on Bitfinex will be the first in a series of hacking attacks on other cryptocurrency exchanges, rushed to sell assets in bitcoins. The volume of daily trading reached 601 thousand bitcoins ($331,3 million), almost twice higher than the same indicator a day earlier.
As of 9:15 GMT, the cryptocurrency was trading at $539,7. From the evening of August 2, bitcoin fell by 11%. A local minimum in a period of decline reached the level of $512. At this price bitcoin is not trading from the end of may. To date, Bitfinex is the third most popular bitcoin exchange, its daily trading volume is about 16 thousand BTC ($3.7 million).
coinfox.ru
interesting information . Thank you
Скопировано с http://www.coinfox.ru/novosti/obzory/6097-bitfinex-confirms-bitgo-signing-theft-transactions-2
Вы не заметили ссылки на этот сайт в статье???