

Bitfinex has been hacked - jxm262
https://www.bitfinex.com/pages/announcements/?id=35

======
nerdy
Though bitcoin exchanges being hacked seem common, it sounds like this one did
a good job with layered security. Though we don't know what the damages total
is yet, at least it isn't a complete loss.

~~~
tptacek
The fact that people can be saying encouraging things about the technical
design or security of Bitfinex should tell you a lot about how seriously to
take message boards on this topic.

Bitfinex was, according to reports I've read, derived from the source code for
Bitcoinica, which was an exchange written by a 17 year old most famous for its
spectacular security failures.

~~~
waterlesscloud
Do you know anything about the current state of their security?

~~~
tptacek
I won't do security work for companies like these.

~~~
yellowapple
So the answer, in other words, is "no".

------
Tomte
Hacked? A bitcoin exchange? No! It can't be!

At least it's their first time. Others are hacked on a semi-annual basis.

~~~
alvarosm
Let's hope it's _actually_ the first time.

------
vectorpush
The guardian story earlier this week that talked about the NASDAQ using
colored coins to represent ownership of financial assets seems like a pretty
terrible idea when framed in the context of inevitable bitcoin theft. In this
case, the hot wallet strategy minimized the financial damage incurred by the
institution, but even this relatively small amount of bitcoin could have been
a devastating loss if the coins had represented valuable NASDAQ financial
assets.

~~~
tinco
Not 100% certain on what their proposed colored coin protocol is, but any
instrument that's not a block chain currency itself can simply be detached
from the colored coin in case of fraud.

I.E.: If you steal a colored coin linked to 5000 shares of Apple stock
registered at a certain broker, then that broker might be informed that the
colored coin was stolen, and then simply refuse to act out any transaction on
the authority of the colored coin. NASDAQ, authorities and the broker can
figure out amongst themselves what should happen to the 5000 shares of Apple
stock represented by the colored coin. I imagine they'll simply fabricate a
new colored coin and issue that to whoever lost the previous coin.

It's important to note that because Bitcoin is a public ledger, it is trivial
to tag and subsequently identify stolen colored coins. This tracability is
probably exactly what makes NASDAQ interested in Bitcoin as a tool for
financial transactions.

~~~
vectorpush
What is the point of using bitcoin at all if a central authority is capable of
rescinding the value of the coins at their discretion? The NASDAQ might as
well skip the overhead of a global decentralized ledger and simply use a
centralized system that they have complete control over.

~~~
singlow
Because NASDAQ does not need to be involved in each transaction unless there
is a dispute or fraud is detected.

~~~
vectorpush
This seems like it would be prone to abuse. What is the advantage of
transacting outside the purview of the central authority while still being
subject to the prerogatives of the central authority? If I strike a deal with
someone behind closed doors, then that person later claims that I actually
stole from them, I have to trust that the central authority will make the
right decision regarding the nature of the transaction, otherwise I may end up
getting retroactively screwed in the deal. The reverse is also a concern;
someone could steal your coins, then claim that you're only filing a grievance
because now you regret the deal. All this does is give the central authority
_less_ information from which to draw an accurate conclusion.

------
kushti
We need for decentralized exchanges, like
[http://multigateway.com/](http://multigateway.com/) or Mercury

~~~
alvarosm
No, we need exchanges not built by a bunch of amateurs, opportunistic risk
takers and outright scammers.

------
noipv4
coincides with hacking of bitcointalk.org server. Interesting!

~~~
jxm262
comment from elux on reddit seems like it gives some more plausible details.

[http://www.reddit.com/r/Bitcoin/comments/36uxxz/bitfinex_has...](http://www.reddit.com/r/Bitcoin/comments/36uxxz/bitfinex_has_been_hacked/)

I also remember this from a few days ago..

[http://www.reddit.com/r/BitcoinMarkets/comments/353yu8/bitfi...](http://www.reddit.com/r/BitcoinMarkets/comments/353yu8/bitfinex_having_serious_lag_issues_be_very/)

~~~
kgc
And now Reddit is down...

------
PascLeRasc
There's no connection between this company and the PC case manufacturer by the
same name, is there?

~~~
m0th87
No, that one is spelled differently (Bitfenix.)

------
curiously
"hacked" = "stealing from your own website"

~~~
ikeboy
That would only be if they took customers' funds. They're saying that they'll
eat the loss.

~~~
bdcravens
That's only fully realized if all customers pull out funds. If they're
operating a fractional reserve, that's just a statement, nothing more.
(There's zero reason why every exchange can't prove they're 100% funded on a
regular basis)

~~~
ikeboy
How would they prove how much they have in deposits?

~~~
alvarosm
See [https://www.cryptocoinsnews.com/bitfinex-passes-stefan-
thoma...](https://www.cryptocoinsnews.com/bitfinex-passes-stefan-thomass-
proof-solvency-audit/) and
[https://www.bitfinex.com/pages/audit](https://www.bitfinex.com/pages/audit)

But even if you trust that (just think that they could borrow the money or
convert usd to btc specifically for the audit), it's only the BTC part. They
have tons of USD deposited too, there's no proof for that.

So there's no definitive proof that any exchange holds all the value it owes
to its depositors.

