
BitFinex down due to Bitcoin security breach - 120k BTC stolen - STRML
https://www.reddit.com/r/BitcoinMarkets/comments/4vtv1m/bitfinex_down_due_to_bitcoin_security_breach/d61ofzt
======
mikecke
Commentary from my part:

Bitfinex uses BitGo for multi-signature (MultiSig) transactions. 2-of-3
signatures must be present for user funds to be released.

Keys present:

\- Offline key held by Bitfinex

\- Online key held by Bitfinex to initiate user withdrawals

\- Online key held by BitGo to confirm user withdrawals are within constrained
limits in a set timeframe

zanetackett, Product Development of Bitfinex, confirmed that Bitfinex's
offline key was not compromised. The attack was also not internal [1]. Another
set of comments also suggested that BitGo limits were set in place by Bitfinex
[2-3].

The automatic limits are designed to constrain BitGo from signing any
transaction from Bitfinex that are irregular in volume or exceed a set amount
in any rolling timeframe. Somehow they were bypassed. What we have currently
suggests that the limits were too large or that BitGo was not enforcing the
limits. BitGo and Bitfinex are also separate established entities, so that
both of them being compromised for this attack is unlikely. An improper setup
between Bitfinex and BitGo is more likely.

[1]:
[https://www.reddit.com/r/Bitcoin/comments/4vtuxo/bitfinex_se...](https://www.reddit.com/r/Bitcoin/comments/4vtuxo/bitfinex_security_breach_trading_will_be_halted/d61pc44)

[2]:
[https://www.reddit.com/r/Bitcoin/comments/4vupa6/p2shinfo_sh...](https://www.reddit.com/r/Bitcoin/comments/4vupa6/p2shinfo_shows_movement_out_of_multisig_wallets/d61paqy)

[3]:
[https://www.reddit.com/r/Bitcoin/comments/4vtuxo/bitfinex_se...](https://www.reddit.com/r/Bitcoin/comments/4vtuxo/bitfinex_security_breach_trading_will_be_halted/d61qkll)

~~~
Eliezer
Somebody, one of these days, should design a cryptocurrency whose point is
just to NOT get stolen.

~~~
patio11
I can't believe I'm saying this but: this is not a Bitcoin problem, per se.
This is a Bitcoin _exchange_ problem. (Bitcoin has many security problems, in
the same way that an overweight smoker has many health problems, but that
doesn't mean that smoking caused the gunshot wound.)

It's possible to have customer balances of $60 million and not lose them.
Thousands of businesses manage this. They suffer $5+ million dollars of
damages in less than 0.1% of business-years. (SWAG on a reasonable upper
bound-- ask an actuary. This is an insurable risk.) Bitcoin exchanges with
this level of deposits sustain $5+ million dollars of damages 20%+ of
exchange-years.

Running Bitcoin exchange probably requires $10 million a year in engineering
and compliance costs, and consequential changes to the business model with an
eye towards a) paying for the actual costs of running the business and b)
compromising on other things that users/investors care about, like speed of
withdraw, degree of engagement with the regulatory state, and growth rate.
Instead of making that tradeoff, Bitcoin businesses continue trying to grow at
100%+ YOY on four, five, or six digit risk budgets. And this works... until it
doesn't.

"How do we not transfer substantially all of our assets to fraudsters?" would
be an acceptable job interview question _at the Medici bank in the early 15th
century_. It was a solved problem _then._

~~~
legulere
It's as much of a Bitcoin problem as the ethereum DAO hack is a ethereum
problem. In a normal banking system you just roll back the transaction, which
often is possible. In Bitcoin, what's gone is gone.

~~~
xorcist
Bitcoin has problems, but let's not pretend the normal banking system is
unhackable, or even possible to roll back. One group did at least four thefts
via SWIFT this year using RAT tools in banks, the largest of which netted
$80M. Nothing rolled back, no one caught.

~~~
Ntrails
The important part is that the money lost was the Banks (or the insurance
companies - it's unclear). $80m is not chump change, but it also isn't a
catastrophic loss which gets passed on to savers.

Of course, understanding the difference between an exchange and a bank is
worthwhile - but these guys getting rinsed repeatedly and taking out user
wallets is a problem that can't be waved away.

------
jeffmcjunkin
Whoa. A core BitCoin dev (maaku7) just suggested blacklisting those
transactions in miners[0]. More to come, I'm sure.

[0]
[https://www.reddit.com/r/Bitcoin/comments/4vupa6/p2shinfo_sh...](https://www.reddit.com/r/Bitcoin/comments/4vupa6/p2shinfo_shows_movement_out_of_multisig_wallets/d61oe33)

Yes, that's a scary precedent.

~~~
patio11
Oh that is _beautiful_.

So if you're playing along at home: the consensus Bitcoin chain is the longest
one consistent with the rules of Bitcoin Core, the lineal descendant of the
Satoshi client.

This consensus chain currently includes 1+ transactions T, which effected this
theft.

The proposal is for a large number of miners to abandon the consensus chain
and start mining a new chain at one transaction prior to T, replaying all real
transactions minus T plus a new transaction which would moot T.

With enough hashpower, this chain eventually surpasses the current longest
chain and at that point all points on network, not just mining cartel, will
agree that T never happened.

This is supposed to be impossible because it is incentivize-incompatible, as
the mining cartel would lose an incredible amount of segniorage to make it
happen and it wouldn't be a sure thing. Point #2 is mooted by mining
centralization, a ship which has sailed. Point #1 could get mooted by a
payment outside the standard understanding of the Bitcoin protocol.

Comedy gold!

~~~
0x0
Someone further down the thread also mentioned a very good point in that the
attackers could potentially start a bidding war against such a fork. They
would have nothing to lose compared to a situation where the heist is
reversed.

~~~
patio11
They have a fairly elegant mechanism to do so, too: just chain transactions
from T to the addresses the miners send their coinbase transactions to. If
miners go forward with the re-write history plan, the bribe gets undelivered,
Back to the Future style.

It might be one of the first cases of bribery where the briber doesn't have to
talk to the bribee to discuss the object of the conspiracy, the price, or how
the bribe would be delivered.

~~~
0x0
Amazing.

~~~
patio11
Oh it gets better! The attackers can do things like entangle their stolen
Bitcoin in systemically important institutions. Say, send 0.01 BTC to
Coinbase. Coinbase is probably not operationally capable of separation that
Bad Bitcoin from their Good Bitcoin before it's been comingled with customer
funds. At that point, reversing T would _also_ invalidate consequential
transactions by Coinbase, which is probably something they can't allow to
happen, so _they_ would pay miners to not reverse.

Comedy. Gold!

~~~
0x0
It sounds like miners could find a replacement revenue stream even if block
rewards go to zero and transaction fees are low: Hold the blockchain hostage
for reversal and sell out to the highest bidder!

(Of course, this would likely drive the value of 1 BTC to exactly $0)

(Edit: This is all a demonstration of how the security of the blockchain
absolutely depends on mining hashpower being widely decentralized and
distributed)

------
abstractbeliefs
As much as the joke about bitcoins "take the money and run" exchange business
model is bandied about, how do people actually suggest securing exchange
wallets?

I'm sure it's talked about, but I've never really found a straightforward
explanation of how it should be done - is there even an agreed upon set of
best practices? If so, why are these supposedly sophisticated exchanges not
able to successfully apply them?

~~~
STRML
Hey, Sam here, CTO of BitMEX - we're a crypto derivatives exchange that's been
open since 2014. When we founded BitMEX, we went through a long period of
discussion among the partners on this topic. We were just coming off the low
of watching the MTGox heist and it it was obvious that wallets were becoming
the #1 point of failure on any exchange.

Ikeboy(sibling comment)'s explanation is as good as you'll get, in my opinion.
And you can even skip steps 2 and 3, as we have done for two years on BitMEX.

It's our opinion that customer funds are simply too important to expose to
this kind of risk, so we process withdrawals only once a day from airgapped
multisig wallets. It's a bear, and it's slow - we developed a few internal
tools to make the review process easier and separate signal from noise - but
aside from some manual work we've never had a problem.

The #1 surprise, to me, was that customers don't mind the inconvenience. Sure,
a few wonder why they can't simply get their funds immediately. But it's
explained to them, they seem to appreciate the sensibility of managing this
risk seriously. Compared to alternatives like ACH, at least it only takes one
day and runs on weekends.

I can't imagine a nightmare worse than losing millions of dollars of other
people's money. I hope for Bitfinex's sake that they are able to recover a
portion and continue operating. We've spoken personally with much of the team
and enjoy the relationship. They - and their customers - don't deserve this
loss.

~~~
martinald
I know in the US you are used to ACH which is dreadful, but in the UK everyone
is used to faster payments which allows you to send £100k to anywhere in the
UK, often fee free, within 2 hours. Usually it's actually within a few
seconds.

Waiting a day for a transfer now seems hilariously outdated now to me.

I understand there are other benefits to bitcoin but something seems
inherently wrong if transfers have to be intentionally delayed so long to make
the system more secure.

~~~
300bps
_I know in the US you are used to ACH which is dreadful, but in the UK
everyone is used to faster payments which allows you to send £100k to anywhere
in the UK, often fee free, within 2 hours._

My understanding is that the inconvenience of ACH is by design - they are
security delays. If you need to send money from one account to another
instantly, you use a wire. If you have the amount of money in your account
that is typical of people that need to send wires, they are often freely
included with your higher-end checking account. Wires send the money
instantly.

~~~
seanp2k2
They send instantly after you sign the document and fax it back, after the
bank manager approves the large amount, etc. It still takes a few hours to do
the paperwork in my experience.

~~~
adanto6840
A good bank will allow you to do wires directly from their internet banking
suite (commonly requiring 2-factor auth before using their wire-related
tools).

I commonly see wires hit within ~30 seconds of hitting the "confirm" button,
and almost always within <=5 minutes, and that's between separate US banks.

------
0x0
That's a sizeable chunk of the 21m BTC total that can ever be in existence...!

Are the destination wallet addresses for the heist visible in any block chain
explorers? Would it even be possible to mix those coins or will they be
impossible to spend as tainted?

~~~
cloudjacker
yeah sure it is possible to spend that amount of tainted coins, and yes
everyone knows where they are.

you can't send the tainted coins to an exchange or a bank, because they risk
getting seized and your identity compromised

you can give someone the private key on a flash drive for goods, services, or
an army.

you can move varying amounts to different addresses each for a different flash
drive, to exchange for goods, services, or an army.

physical transfers wouldn't show up on the blockchain.

you can also mix them over time for whatever amount you need. $50,000 a day
wouldn't be impractical.

and you can also build up your own bitcoin infrastructure yourself, start
another bitcoin casino and all the players get paid out in your otherwise
tainted coins

do an ICO for a new project and fund it with all your tainted coins, and
others. most crowdsales - like Ethereum's - have one or two large investors
amongst the little amounts everyone else contributes.

honestly all the transparency perks of the blockchain is just to rosy it up to
regulators. but it undermines any and every capital control in existence.

~~~
hyh1048576
That's a very nice remark by someone who clearly have a deep understanding of
the BTC ecosystem.

(no sarcasm here, I totally agree that's what the ecosystem is like.)

> you can give someone the private key on a flash drive for goods, services,
> or an army.

But for this part, what if the one who gives out the private key moves the
coins later? That's not a finalized transaction at all if both side have the
private key.

~~~
cloudjacker
Yes that is a problem and it does involve trust.

Conceptually It can be alleviated with having the coins in multisig address
where a third party creates one of the signing keys and the original thief
retained one, and ideally the second recipient also had a third signing key.
Still have the problem of getting the third signing key generated in a way
that required no trust, in advance

------
mrb
More details: [https://steemit.com/bitcoin/@pseudonymwriter/bitfinex-
hacked...](https://steemit.com/bitcoin/@pseudonymwriter/bitfinex-hacked-here-
s-what-we-know-so-far)

------
imaginenore
Prophetic comments about BitFinex from 11 months ago:

[https://www.reddit.com/r/Bitcoin/comments/3igv0r/bitfinex_pr...](https://www.reddit.com/r/Bitcoin/comments/3igv0r/bitfinex_pretty_sure_we_are_dealing_with_amateurs/)

~~~
0x0
If the accusations about how the entire exchange was built on a stolen ruby-
on-rails source code leak is true..! Let's just say this is the money quote in
that thread:

> "There is a good story here, waiting to be written by some investigative
> journalist. Perhaps we will have to wait for some catastrophe before that
> happens."

------
lossolo
This is how modern heist look like. You do not need guns anymore. Get
keyboard, access to internet, learn, learn, learn and then get ~60 mil euros
in one evening without going out of home stealing somebodies bitcoins.

~~~
seanp2k2
And it's not directly physically violent! One could also argue that the people
you're stealing from are mostly financial speculators too if it made one feel
better.

------
exo762
I think it's time to give BitSquare a go. Distributed exchange, FLOSS, no
single point of failure. Not suitable for fast trading due to transfer of real
money on every trade, but totally fine if you just want to buy or sell
cryptocurrency.

------
PaulHoule
Woo I trust these guys so much more than the Federal Reserve.

------
obilgic
Sounds like 1870s for bitcoin.

[https://en.wikipedia.org/wiki/Train_robbery](https://en.wikipedia.org/wiki/Train_robbery)

------
ben_jones
Part of the beauty of start-ups is that anyone can start one. You don't have
to have a 20 year vetted resume, a college degree, or extreme wealth. However
this is a boom-a-rang that comes around full force when people expect
financial and medical services being offered by start-ups to have the same
quality as those created by people with 20 year vetted resumes, college
degrees, and extreme wealth.

~~~
roywiggins
Honestly after the 2008 crash those highly résuméd old people start to look as
untrustworthy as anyone, given a bunch of Respected Financial Institutions
appear to have accidentally tanked the global economy.

------
biggerfisch
If it turns out that BitGo did not properly enforce limits (as opposed to
being hacked or ???), would they be liable for the losses?

~~~
Scirra_Tom
I mean, liable for that much loss is going to be pretty meaningless at the end
of the day because none of the actors would be able to cover the liability.

------
llamataboot
Time for a hard fork ;)

------
pmorici
Still less than was stolen from the Federal Reserve recently.

[http://www.cnbc.com/2016/06/06/ny-fed-first-rejected-
cyberhe...](http://www.cnbc.com/2016/06/06/ny-fed-first-rejected-cyberheist-
transfers.html)

~~~
tedunangst
But that money wasn't really stolen from the fed. It was stolen from somebody
who had a fed account. We know exactly who lost money, and the answer isn't
everybody.

------
jbmorgado
For me the question is very clear:

1 - A monetary system without any regulation accessible online (i.e. Bitcoin)
needs perfect security.

2 - There is no such thing as "perfect security".

Therefore: A monetary system without any regulation accessible online (i.e.
Bitcoin) is deemed to fail.

------
Artlav
Time to buy. :)

Seriously, there is a curious coincidence with the BTC-driven pump and dump
currently going on at the Etherium's dead chain.

Another curious coincidence is that the price started falling before the
closure, as if someone did some insider trading.

~~~
mountaineer22
Your comment reminds me of this:

[https://en.wikipedia.org/wiki/Dow_theory](https://en.wikipedia.org/wiki/Dow_theory)

------
jonahx
According to google, that's $62,129,412.80 US Dollar

------
f_allwein
Oh dear - this should be interesting.

Seems like it is good advice not to invest more in Bitcoin than you can
comfortably lose...

~~~
ryanlol
>Seems like it is good advice not to invest more in Bitcoin than you can
comfortably lose...

Not losing bitcoin isn't any harder than not losing cash.

Problem here is people storing their coins with unqualified third parties.

~~~
Lerc
How does one determine a qualified third party?

Obviously you can't go with "You can trust us, we know what we're doing"

You could find a party that is endorsed by someone going "You can trust them,
They know what they are doing, Trust us on this, we know what we're doing"

But that just moves the point of concern.

Is there yet any "You can trust them, if we are wrong about that we will cover
your losses" insurance. (even then how can you be certain they will follow
through)

~~~
ryanlol
>How does one determine a qualified third party?

Surely you wouldn't store your cash in a bitcoin exchange? It's not a bank.

With bitcoin you don't even necessarily need a third party, a hardware wallet
could do just fine. That can be stored in a safety deposit box if you feel
like it.

>Is there yet any "You can trust them, if we are wrong about that we will
cover your losses" insurance. (even then how can you be certain they will
follow through)

While you can certainly insure anything if you pay enough, I don't think
there's anyone publicly offering that in the crypto space. But then there
doesn't seem to exist a similar mechanism for USD accounts of any significant
size either.

------
dschiptsov
Let me guess - PHP?

------
yborg
I have no skin at all in this game, but at this point I have to wonder why
anybody is still investing in this, it's been one scam after another every six
months for as long as BitCoin had been around. Is it all just the greater fool
theory?

~~~
em3rgent0rdr
Shows the importance of server security.

And a reminder that no need to store your bitcoins online.

~~~
kalleboo
The NSA and Department of Defence have has documents leaked.

Major retailers leak tens of thousands of credit card numbers.

Banks routinely have embarrassing security holes.

The very building blocks these systems are built on have bugs that laid
dormant for years (OpenSSL, Secure Transport)

Why does anyone still believe computer security is anything but an illusion?

