Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Bitcoin Security Businesses Communications Network Networking The Almighty Buck The Internet

Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen (reuters.com) 117

An anonymous reader quotes a report from Reuters: Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website. The company said it has also suspended deposits and withdrawals of digital currencies from the exchange. "We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen," the company said. "We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up." The company said it has reported the theft to law enforcement. It said it has not yet determined the value of digital currencies stolen from customer accounts. CoinDesk reports that the company confirmed roughly 120,000 BTC (more than $60 million) has been stolen via social media. "In response, bitcoin prices fell to $560.16 by 19:30 UTC, $530 by 23:30 and $480 at press time, CoinDesk USD Bitcoin Price Index (BPI) data reveals," reports CoinDesk. "This price was roughly 20% lower than the day's opening of $607.37 and 27% below the high of $658.28 reached on Saturday, July 30th, when the digital currency began pushing lower."
This discussion has been archived. No new comments can be posted.

Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen

Comments Filter:
  • I feel like I've heard this story before, from other BitCoin exchanges. I'm sure these guys are super honest and trustworthy, though.

    • What?!

      The users upload their wallets to the site and keep them there?
      It doesn't use real bitcoins?

      If they were only offering the trading then how can someone have THEIR money stolen? Isn't it THEIR bitcoins and whatever other currency which they use as an intermediate / medium for faster transactions if any which was stolen?

    • by murdocj ( 543661 )

      Yes, it was a hack, just like when a pro athlete sends out an inappropriate picture because their twitter was hacked.

      • Yes, it was a hack, just like when a pro athlete sends out an inappropriate picture because their twitter was hacked.

        In the case you're thinking of, today's news is that some porn producer saw the picture and signed the kid up for a contract. This, plus a starring basketball career. Who said there are no more opportunities for today's young people?

        • by murdocj ( 543661 )

          somehow I think Draymond is going to make a little more money playing b-ball than he will in the porn industry. Unless he's got something that no other guy has.

    • by JustAnotherOldGuy ( 4145623 ) on Tuesday August 02, 2016 @08:42PM (#52632439)

      I feel like I've heard this story before, from other BitCoin exchanges. I'm sure these guys are super honest and trustworthy, though.

      Bitcoin exchanges seem to be hacked on a regular basis. Whether it's a genuine hack or insider funny-business hardly matters at this point. The take-away is that Bitcoin exchanges just aren't a safe place to keep your virtual money, which means there doesn't seem to be a safe place to store virtual money.

      Yes yes, I know, "but banks get robbed every day!" the Bitcoin enthusiasts will say.

      And that's true, but when a bank gets robbed you don't lose your money. This, to me, is what keeps me away from doing anything with Bitcoin (or any other virtual currency, for that matter). Go ahead, rob my bank. I won't lose any money. When Bitcoin reaches that level of security, then I'll consider it as a viable medium of exchange.

      • by Chris ( 4631445 ) on Tuesday August 02, 2016 @08:54PM (#52632489)

        I've never lost any BitCoins. People are just stupid. Stop handing your BitCoins over to third parties. This isn't an issue with BitCoins. It's an issue with stupid. I store my BitCoins on *MY* computer. Not someone else's computer. I have some control over the level of security I wish to maintain. Now I don't run Apple's OS X or Microsoft's Windows OS so it's not like I am taking a big risk here. It's not that you can't compromise GNU/Linux... but the reality is I don't install random software on my computer either. I stick to which has been evaluated by the experts and is properly or semi-properly maintained.

        • hope you have robust offisite backups that are secured

          The linux kernel and software ecosystem is a bit sloppy from security and maturity perspective, there are better open source OS with better security libraries

          • I'd agree that there is no completely secure system, but nobody is breaking into GNU/Linux systems en mass. Not of individual users. Targeted attacks maybe. But that's not likely against low-level BitCoin users. These third parties could spend a lot more energy securing there own setups to thwart these attacks too, but they don't.

          • "hope you have robust offisite backups that are secured

            The linux kernel and software ecosystem is a bit sloppy from security and maturity perspective, there are better open source OS with better security libraries"

            Maybe you mean offlne not offsite. There's this thing cryptocoiners call paper wallet which stores the crypto keys in printed forms, which are naturally kept offline until the moment you import them into your wallet program by scanning their machine-readable QR codes or if you're incredibly patien

            • Offsite is also important. If my house burns down, I still have my offsite assets. If I had an offline bitcoin wallet there, those bitcoin would be gone.

            • no I meant offsite, for when your home and QR paper burn to the ground or get flooded, etc.

        • I store my BitCoins on *MY* computer.

          What if your computer crashes or gets stolen or is destroyed in a fire?

          I know what happens to my money if my bank is robbed or hacked or burns down: nothing. Nothing at all.

          I'm no fan of banks, but the way things are structured they seem like a pretty safe place to store your money.

        • by Donwulff ( 27374 )

          Stop using BitCoins! If only people weren't using BitCoins for anything, it would be a perfect currency!

        • How do you trade your Bitcoins if they are in a wallet on your computer? Your suggestion doesn't help people who trade on the exchanges.

        • by Jeremi ( 14640 )

          Now I don't run Apple's OS X or Microsoft's Windows OS so it's not like I am taking a big risk here.

          Not to disagree, but perhaps your biggest security advantage is that the hackers of the world have no particular reason to suspect there is a significant profit to be gained by hacking your (as far as anyone knows) random computer.

          The computers at SomeWellKnownBitcoinExchange.com, OTOH, are assumed to be holding large amounts of bitcoin, since they need to do so in order to fill their function, and thus they are going to be hacker magnets 24/7/365. And all it takes is one security hole (or dishonest employ

      • > Bitcoin exchanges seem to be hacked on a regular basis.

        I'm not sure it's regular. It's definitely frequent, and often by the owners of hte Bitcoin exchange themselves.

        • I'm not sure it's regular. It's definitely frequent...

          That's kind of what "regular" means.

          • by ASDFnz ( 472824 )

            That's kind of what "regular" means.

            Not really.

            A train that leaves the station at 12:00 every day is regular. If it leaves 7 times a week (at whatever time or day) it departs frequently.

            • Yes, really

              regular
              reylr/
              adjective

              1. arranged in or constituting a constant or definite pattern, especially with the same space between individual instances.

              2. done or happening frequently.

            • I'll have a regular coke, please.

      • by Kjella ( 173770 ) on Tuesday August 02, 2016 @10:05PM (#52632851) Homepage

        Bitcoin exchanges seem to be hacked on a regular basis. Whether it's a genuine hack or insider funny-business hardly matters at this point. The take-away is that Bitcoin exchanges just aren't a safe place to keep your virtual money, which means there doesn't seem to be a safe place to store virtual money.

        Since we're already using wallet analogies, would you walk around with your life's savings in your wallet? Do you expect all stores to stop handling cash because you got mugged in a back alley or tricked by a pickpocket? Money you have on exchanges is like money you've taken to the marketplace, it's where you can spend them but you also run a risk of losing them. If you want a secure wallet, create a cold storage wallet and burn it to a CD and put it in a bank vault, then you'll have the security of a bank vault. Just make sure that if you ever need it you access it from a secure device, for example a live CD like Tails to transfer as much as needed to a "hot" wallet. Like putting money in the real wallet we once used to have.

        • Re: (Score:2, Insightful)

          Since we're already using wallet analogies, would you walk around with your life's savings in your wallet?

          No, I use a bank (several banks, actually) to store my money. That way if the bank gets robbed, I still have my money.

          -

          If you want a secure wallet, create a cold storage wallet and burn it to a CD and put it in a bank vault, then you'll have the security of a bank vault

          I already have a secure wallet- it's called a "bank vault". That's where my "large" money and certain valuables are stored.

          -

          Just make sure that if you ever need it you access it from a secure device

          My "secure device" is a bank vault, backed by the FDIC. Works pretty well, to be honest.

          • by horza ( 87255 )

            If the bank gets robbed, the insurance replaces your money. You pay for this in bank fees. Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank. That way you get the security without all the extortionate transfer fees.

            Phillip.

            • I don't pay bank fees. if you do enough business with a bank generally they will pay you with perks and the like to ensure they keep your business and the first thing they do is remove fees. And enough business is generally not all that much, a credit card that you keep paid off and your income going in is usually enough for most of them, they make their money from the fees they charge places you shop at.
            • If the bank gets robbed, the insurance replaces your money. You pay for this in bank fees.

              Except I pay no bank fees. None. In fact, the bank offers me goodies like a free safety deposit box to hopefully prevent me from moving my money to another bank.

              -

              Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank.

              LOL! Have you been paying attention? Saying that "your money will be as safe as in a bank" is absolutely untrue, and the fact that we're discussing this in a thread titled "Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen" makes me think you have serious issues with reading comprehension.

              If it's such a great idea, feel free to star

              • The fine print: I am absolutely not claiming that setting up a Bitcoin insurance scheme like the FDIC would be tenable or easy. But for all your snark and slam on the OP's reading comprehension ability, you certainly haven't been paying much attention.

                Except I pay no bank fees. None. In fact, the bank offers me goodies like a free safety deposit box to hopefully prevent me from moving my money to another bank.

                You definitely pay for the FDIC. As usual, peace of mind doesn't come for free. Without FDIC fees, your bank would pass out more freebies to attract customers. They make so much money on the interest they earn using the money you park there that they don't nee

            • > You pay for this in bank fees. Nothing to stop somebody starting a Bitcoin insurance, so your money will be as safe as in a bank. That way you get the security without all the extortionate transfer fees.

              I can't imagine what the insurance rates could be for Bitcoin exchanges. Definitely a specialty insurance product, if it even exists.

              First off, the underwriter would do their due diligence, and see a number of catastrophic losses at Bitcoin exchanges. An exchange gets hacked, it loses EVERYTHING. Compa

      • by horza ( 87255 )

        Actually when banks get robbed you can lose your money. It happens all the time. Sometimes you get a portion back, in the UK the government guarantees up to £75,000, or in the case where the Spanish banks where supposed to be holding your money for property investment you get none back. Try looking up what happened to those with their money in the Cyprus and Icelandic banks.

        Phillip.

        • Actually when banks get robbed you can lose your money.

          The FDIC limit here in the US is $250,000 per account. Deposits held in different ownership categories are separately insured, up to at least $250,000, even if held at the same bank. You can rob my bank every day if you like, and I'll still have my money (it's spread across multiple accounts).

          Show me a Bitcoin exchange or bank with this level of security or insurance. Until that happens, I'll have no interest in Bitcoin.

          Honestly, sometimes I think Bitcoin is just a very clever, long-running scam that acquir

    • by golodh ( 893453 ) on Wednesday August 03, 2016 @01:56AM (#52633729)
      I'm happy to hear that yet another piece of "alternative", "stick-it-to-The-Man" payment infrastructure has been burgled. Really.

      It injects a much needed note of caution and realism into the dream of technologically focused, realism-challenged (and therefore irresponsible) amateur social engineers.

      You see, a large part of the appeal of bitcoin comes from its aura of "under the radar", "the authorities need never find out" financial transactions.

      This holds an attraction for several groups, of which two are problematic: outright criminals and their "lets-dodge-the-system" libertarian cousins.

      I believe that outright criminals like the possibility of doing financial transactions without giving out your real name. Think "dark net" transactions involving in cybercrime services, malware, botnet control, stolen data, stolen credentials, drugs, weapons, etc. Think suppliers in "Silk Road" transactions.

      I think that "lets-dodge-the-system" libertarians, who often figure as end-users of illegal goods and services are attracted to the possibility of doing "under the radar" financial transactions for the same reason: their real name can be kept undisclosed. In part they're happy to purchase illegal goods, in part they're ideologically motivated (as in "we need to grow alternative economy that's outside "government" or "system" control because all government is bad and "the system" is designed to screw us over").

      For the first group (criminals) I believe it serves as a useful deterrent, or at least a risk and a complication.

      For the second group it serves as a salutary reminder that their fellow citizens are at least as reprehensible as "the government" and just as capable of screwing them over as any "institution". After all, the institutions we have have evolved over several centuries, if not millennia, to strike a balance between freedom, safeguards, responsibility, accountability and free-for-all banditry. Something that starry-eyed, technology fixated "bash-the-system" enthusiasts will only appreciate if hammered home by personal or close-to-personal experience.

      Where and how new technologies like bitcoin should fit into our society remains to be seen (and experimentally determined). However, our existing institutions have very real merits and safeguards that have evolved because of human nature itself. Such safeguards (which we all too often take for granted) are lacking from new technological developments and are just as important as the basic functionality. A reminder of which can only be positive.

      • by horza ( 87255 )

        I'm happy to hear that yet another piece of "alternative", "stick-it-to-The-Man" payment infrastructure has been burgled. Really.
        Then you are rather a sick individual.

        You see, a large part of the appeal of bitcoin comes from its aura of "under the radar", "the authorities need never find out" financial transactions.
        No it isn't. A large part of the appeal of mobile phones to terrorists is ease of communication, however most people are not terrorists. I think a lot of people are interested because you can tr

      • by AmiMoJo ( 196126 )

        The really easy fix is for the exchange to have insurance. If they don't have insurance, don't do business with them.

    • So. If a bank robbery occurs in the US does that mean that the dollar is worth less, or is to blame?

      What about if there is a robbery in France? Does the Euro suffer?

      Thefts of this nature are thefts. Pure and simple. Why go after the exchanges? Because that's where the bitcoin is.

      See Willie Sutton:" I Rob Banks Because That's Where the Money Is "
  • by bobbied ( 2522392 ) on Tuesday August 02, 2016 @08:29PM (#52632401)

    YET ANOTHER exchange get's taken to the cleaners and looses scads of other folk's coin? Fools and their money are too soon parted.

    For Pete's sake folks, DON'T keep your coin on deposit on some exchange, either buy something or convert it back into cash because *all* digital currency things are hacking magnets... And what do you think the hackers do with your coins when they steal them? Why they convert them to cash or buy something ASAP...

    Would you keep your money in a bank if they kept getting robbed and YOU where the one who lost? Or if you kept gold coins in their vault and it kept getting broken into would you keep your coins there? No way. So why keep your BitCoin someplace where somebody else provides the security and YOU take the risk? Keep them on your own devices OFF LINE, until you need to use them.

    • I agree. What kind of loosers get's taken to the cleaners like that? Derp.
    • Re: (Score:2, Insightful)

      Would you keep your money in a bank if they kept getting robbed and YOU where the one who lost?

      Exactly.

      Basically you have to hope that no one robs the exchange, because then you're screwed. And whether it's a real robbery by an outside entity or it's the owners stealing the coins, you're still screwed either way.

      This glaring vulnerability has always made me leery of Bitcoin. You bear ALL the risk with no insurance whatsoever. Why would anyone agree to that?

      • Really it's not even a RISK that you MIGHT lose your money in bitcoin, it is virtually guaranteed if you hold bitcoin long enough. Bitcoin depends on the security of the SHA-2 hash algorithm. Once SHA-2 is broken, everyone can generate all the BTC they want easily, sending the value to zero.

        There have been dozens of hash algorithms. A few which have been popular over the years include RIPEMD, MD5, DES-based (crypt()), SHA-0, SHA-1, and now SHA-2. The first four listed have all been cracked. SHA-1 is most

        • Really it's not even a RISK that you MIGHT lose your money in bitcoin, it is virtually guaranteed if you hold bitcoin long enough. Bitcoin depends on the security of the SHA-2 hash algorithm. Once SHA-2 is broken, everyone can generate all the BTC they want easily, sending the value to zero.

          That's a very good point.

          I'm curious to know what the Bitcoin enthusiasts have to say about this eventuality, because you're right: sooner or later, SHA-2 will be cracked.

          • by Donwulff ( 27374 ) on Wednesday August 03, 2016 @01:58AM (#52633737)

            Or, if you were really concerned, you could just Google it: https://eprint.iacr.org/2016/167.pdf
            "Broken SHA256: For a broken SHA256, meaningful
            collisions or pre-images suggest that new transactions
            should not be accepted. However, as we saw in Sec-
            tion 4.3, unless a broken hash results in majority power,
            an adversary cannot alter historical blocks or transactions.
            The same can be said for hard-coding known public keys
            with unspent outputs: even if the adversary gets a differ-
            ent key that hashes to the same value, deriving the private
            key should be infeasible if the signature scheme is still
            strong. The plans for SHA256 thus seem to be more pru-
            dent than necessary, but since they necessitate a hard fork,
            rehashing the entire blockchain to add new checkpoints
            or hardcoding public keys can only increase the security
            of the transition period, but perhaps at a cost of efficiency."

            A little plain-english translation would also be, that BitCoin and other cryptocurrencies (As well as, arguably, the security of every credit card in your pocket and bank transaction and online login and...) doesn't rely on the hash being "unbreakable", it just relies on it being non-trivial, and barring a general quntum computer, we know it to be non-trivial. In fact, the credit-card in your pocket is more vulnerable to single hash being broken, and the whole working principle of BitCoin (mining) is "cracking SHA-2".

            The threat-model for BitCoin isn't that the hash will be broken, but that it will become significantly easier for one party; this is a special case of the general majority-hashing-power threat, where the "adversary" covertly through subterfuge or technology obtains majority hashing power. This in fact has happened before (Multiple times at least if you include Satoshi Nakamoto himself) and the world didn't come to an end.

            This is not to say that I'm a BitCoin enthusiast, or even that I'm saying it's unbreakable, I'm just saying it's far more complicated and also analyzed, at least by other people than the BitCoin core developers, than a simple "OMGZORZS they gonna crack da hash!!!!111" :)

            • > doesn't rely on the hash being "unbreakable", it just relies on it being non-trivial, and barring a general quntum computer, we know it to be non-trivial. ... the whole working principle of BitCoin (mining) is "cracking SHA-2".

              Indeed Bitcoin is based on the presumption that preimage of a complete SHA-256 is very, very hard - infeasible. The difficulty level is how many bits of the hash need to match. Unfortunately, it's not true that "we know it to be non-trivial". We have strong evidence that there IS

          • If they were paying attention, they would probably say that can switch to a new version which uses SHA-3 or another hash. That's true IF they make the switch BEFORE SHA-2 is broken the rest of the way.

            However, five years ago, in 2011, a preimage attack was demonstrated 52 out of 64 rounds. It's ALREADY half broken, so the next step will probably be a complete compromise and there is no indication that BTC intends to upgrade before they are fucked.

            A preimage may not break some applications that have long i

        • Presumably these are the same people who keep thinking you can make uncrackable DRM.

          I don't disagree with your post in general, but there actually is uncrackable DRM. Nobody yet has cracked Cinavia protection for Blu Ray discs. Cinavia is an audio watermark that is optional for Blu Ray and DVD discs. No player is required to support it for DVD but all Blu Ray players are now required to support it on Blu Ray discs. It's expensive so it's not used by most studios. Now there is one company (DVD Ranger I think) who claims they cracked it but testing showed that all they did was find a w

          • There is DRM that hasn't been cracked yet, and there is DRM that's very hard to crack. I don't think there is uncrackable DRM. To use a Blu-Ray, I have to have the contents and keys in my possession somehow.

          • "Protected" Blu Ray discs do in fact get copied. So it is not an uncrackable DRM.

            > there is one company (DVD Ranger I think) who claims they cracked it but testing showed that all they did was find a way to replace the audio during ripping with a Cinavia free AC-3 file

            Maybe. Unless you can point to some updated information, people *speculated* that *maybe* that's what DVD Ranger does. DVD Ranger said no, they remove it. We can't be sure. However later, in 2015, Slysoft was removing it, and I haven't seen

    • by Cyberax ( 705495 )
      Except that your local wallet can also be lost, eaten by a virus or cleaned out by Bitcoin-savvy malware.
      • Except that your local wallet can also be lost, eaten by a virus or cleaned out by Bitcoin-savvy malware.

        But your local wallet when off line and stuffed in your mattress is more secure than being on an exchange where it's grouped together with other hapless users' BitCoin to make a bigger target. In fact, as bad as stuffing money in a mattress is for both security and return on investment, BitCoin is worse. Why use them?

        This is one of the PRIMARY reasons I do not recommend BitCoin for ANYTHING except quick online transactions for amounts you can afford to lose. It's just not safe compared to the other option

    • by AmiMoJo ( 196126 )

      You have to keep your bitcoins with an exchange if you want to, you know, exchange them. Exchanges work by matching buyers and sellers and adding their percentage. To sell your bitcoins for fiat currency you put them in your account on the exchange and set a sell price. When someone comes along offering at least that much, the exchange transfers the bitcoins to them and the cash to you.

      Keeping your bitcoins offline is fine, as long as you don't want to swap them for real money. Since the range of goods and

      • Oh I understand the meaning of "exchange" and why they are a necessary evil. But I am saying that you use said evil only as much and only when necessary. You are a fool if you keep any digital currency on deposit at one for extended periods of time where it is at risk. You are quite literally better off stuffing your BitCoin (or any other digital currency) in your mattress on USB thumb drives...

        You see the problem here is that "exchanges" are NOT "banks" and you are letting somebody you don't know hold so

      • On any given day is there really $60 million worth waiting to exchange?

  • by Applehu Akbar ( 2968043 ) on Tuesday August 02, 2016 @09:12PM (#52632583)

    Let's all hope this was ransomware proceeds.

  • by thisisauniqueid ( 825395 ) on Wednesday August 03, 2016 @01:43AM (#52633689)
    This probably happens all the time in real banks, given how antiquated their IT systems are. You just don't hear about it, because the bank doesn't want to undermine your confidence, and can ask the Federal Reserve to bail them out. Not so with Bitcoin.
  • Bitcoin: The ultimate bug bounty program.

  • Reports say the thieves made their getaway using a silver, late model laptop

Byte your tongue.

Working...