Dedicated FREE FOREX VPS
EUR/USD 
Free FOREX Virtual Private Server
154.850 -0.02%
MT4 Demo Contest, Get $500
GBP/USD 
Sign Up for an Account, Claim 60% Deposit Bonus
AUD/USD 
Free MT4/MT5 VPS 2024
Send E-mail and Get Free Merchandise
$1K Refer a Friend Bonus for Pepperstone Pro clients
Maximize Your Earnings with 100% Deposit bonus
IDX 7,168.54 +0.81%
Trade to Win, $5,000 Monthly Demo Contest
Claim 30% + 15% Deposit Bonus from LiteFinance
Bitcoin 66,837.68 +2.94%
Ethereum 3,201.65 +1.73%
Litecoin 85.47 +1.55%
The Bitfinex hack is one of the most interesting cases in crypto history. So, what actually happened and how did it affect the crypto world?
Cryptocurrency was originally designed partly to increase the security of money transactions by using a decentralized and public ledger called blockchain. Unfortunately, this doesn't necessarily mean that everything that has to do with cryptocurrency is completely secure. In fact, in the last decade, there have been a number of massive crypto hacks that have caused many users to lose their fortunes.
Back in 2016, the well-known crypto exchange Bitfinex was hacked. The hacker managed to steal at least $71 million worth of Bitcoin, making it the second-largest Bitcoin hack at the time after the case of Mt Gox in early 2014, where 744,408 BTC (worth $350 million) was stolen. The news quickly spread and shook the world, but it wasn't until six years later that the stolen money was finally recovered.
The Bitfinex hacking case provides several important lessons for the cryptocurrency industry and users involved in trading and storing digital assets.
Here are some lessons that can be learned from the case:
- Security is a top priority: Security should be a top priority in every cryptocurrency exchange and digital asset storage service.
- User fund protection: Exchanges should take steps to protect user funds and store the majority of assets in secure wallets.
- Transparency and clear communication: This helps build trust and provides users with a better understanding of the situation.
- User education: Proper education can help reduce the risk of fraud and attacks.
- Independent security audits: These audits help identify potential security vulnerabilities and address them before they are exploited by hackers.
The Bitfinex hacking case has provided valuable lessons for the entire cryptocurrency ecosystem. It is important for all stakeholders, including exchanges, developers, and users, to take necessary steps to enhance security and reduce the risk of security breaches in the future. Here's the complete story.
How Did the Hack Happen?
Bitfinex is one of the older crypto exchanges, which was established back in 2012. The exchange is known to offer a wide range of crypto products and trading options, including spot trading, margin accounts, etc. However, Bitfinex has not always done a great job in terms of security. One of the biggest cases dated back to 2016 when the exchange was hacked and about $71 million was stolen by anonymous hackers.
The news and information following the hack were unclear, but the impact was unavoidable. Soon after the hack took place, Bitcoin hit rock bottom. The price dropped by nearly 20%, going as low as $480 before making a recovery. Meanwhile, the exchange Bitfinex went offline with a message announcing the hack was still visible to users. A number of sources stated that the company was still struggling to bring the site back online again. In the meantime, many users have already expressed their distress on Twitter and Reddit, saying that their accounts have been drained.
At that time, no one knew for sure who the culprit was. Bitfinex didn't seem to provide any useful information either. According to some observers, one of the possible causes of the hack was apparently the structure of the accounts in Bitfinex and the use of Bitcoin wallet provider BitGo.
A year prior, Bitfinex and BitGo introduced a new system called multi-signature wallets. In this system, each user will be given a set of keys whose ownership is divided among a number of entities to manage risk. The exchange claimed that it was going to be the era of commingling customer Bitcoin and all of the associated security exposures are over.
This means both companies attempted to find an alternative to the usual method used by most exchanges at the time that basically kept the customers' funds in larger offline wallets and connected hot wallets to meet liquidity demands.
So, two of the user's keys (including one offline) were held by Bitfinex, whereas the third key was used by BitGo to co-sign transactions. In order to withdraw such a huge amount of funds, BitGo would have to approve those transactions.
A little while after the hack, BitGo made an official announcement stating that there was no evidence of a server breach on their end. Some observers then blamed the company for "blindly signing" the withdrawal of nearly 120,000 BTC and wondered why no strong countermeasures were in place following the movement of such enormous size of funds.
The Aftermath
After the hack, Bitfinex announced that the unfortunate event had impacted about 36% of its users' balances. As a responsibility act, the exchange gave impacted users "Recovery Rights Tokens" in the form of BFX. The tokens were fully repaid and available to redeem on April 4, 2017. The exchange claimed that it had increased its trading volume so that it could quickly gain back the stolen money from the hack and repaid the customers.
However, it is important to note that the BFX token was denominated and actually paid back in USD, not BTC. Bitcoin pretty much doubled in price during the period between the hack and the repayment time, so if everything were made equal, Bitfinex users still lost money even after their BFX tokens were redeemed.
Even worse, some users who have lost interest in Bitfinex decided to dump the token on the market for as low as 49 cents on the dollar and the exchange acknowledged purchasing back those tokens at market value, which means it got even more discounts against the liability of the stolen BTC.
Long story short, lots of questions still remained unanswered. A number of conspiracy theories have emerged in the wake of the Bitfinex hack, but most people chose to move on and just like that, the enthusiasm died down. Well, for a couple of years at least.
The Arrest of Ilya Lichtenstein and Heather Morgan
In February 2022, the long silence has finally come to an end and the world is shaken once more. The thing with crypto transactions is that they are publicly visible, so moving the stolen coins all at once could easily reveal who was behind the global theft. For six years, the stolen loot stayed in plain sight while smaller parts of the giant sum occasionally disappeared in the busy traffic of crypto transactions.
At some point, a large movement was made and the huge hiding spot was revealed. Interestingly, the movement wasn't initiated by the hackers themselves, but by two New York-based entrepreneurs. The first person is a Russian émigré and tech investor named Ilya Lichtenstein (34), while the second suspect is his wife Heather Morgan (31), who is an American businesswoman with an alter ego of a satirical rapper named Razzlekhan.
The couple was arrested on February 8 and charged with conspiring to launder Bitcoin that now worth $4.6 billion. They were accused of siphoning off chunks of the stolen funds and trying to hide them in the complex world of digital assets and internet personas. If convicted of both charges, they might have to spend the next 25 years of their lives in jail.
The arrest seemed to shock a lot of the couple's acquaintances and friends who knew them for their goofy personalities on the internet. The image is certainly very different from who they are on the other side: "highly sophisticated criminals" with a mountain of stolen funds in their balance, several fake identities, and a bunch of encrypted devices stacked in their Manhattan apartment.
How It Ties Back to Bitfinex
The arrest of Lichtenstein and Morgan is obviously incredible news in the crypto industry. However, a crucial yet easily overlooked fact of the charges is that the couple was not charged for the initial hack of Bitfinex. The charges just simply accuse them of money laundering, but it doesn't tell us how they could get their hands on the private keys that could control the coins.
According to CoinDesk, the first possibility would be that the couple bought the BTC from the real hacker(s) at a discount or they could merely act as agents for the real hackers, though this option is less likely to give them a direct possession of the keys. It's also possible that they were directly involved with the hack, but the Department of Justice just didn't have enough evidence to charge them with that.
Another interesting fact is that Morgan appears to have a big obsession with the concept of "social engineering", which is a type of hacking that emphasizes the act of manipulating people instead of code. In a presentation at NYC Salon, she explained several intimidation methods that she had used to manipulate individuals and gain access to various organizations.
This is particularly relevant to the Bitfinex hack, which involved compromising multi-signature protections that went through the security provider BitGo. As we've mentioned before, in order to move such a large amount of funds, BitGo would have had to sign off those transactions. This increases the chance that social engineering was involved in the hacking process.
It is also worth mentioning that Morgan came to interview Matt Parrella, the former chief compliance officer at BitGo for a 2020 Forbes column with the title of "Experts share tips on how to protect your business from cybercriminals". This is quite concerning, but it might not mean much considering that Parrella only worked at BitGo in 2019 and 2020.
Lesson Learned
The hacking incident involving Bitfinex offers valuable insights for the cryptocurrency industry and individuals engaged in trading and safeguarding digital assets. Here are key lessons derived from this case.
1. Prioritize Security
Security must be the utmost priority for every cryptocurrency exchange and digital asset storage service. Exchanges should continuously enhance their security infrastructure, adhere to best practices, and conduct thorough security audits to mitigate the risk of attacks.
2. Safeguard User Funds
Exchanges should implement measures to protect user funds and store a significant portion of assets in secure wallets. In the event of a breach or hacking, exchanges should have clear policies and recovery plans in place to compensate for lost funds and minimize the impact on users.
3. Emphasize Transparency and Effective Communication
When a security breach or hacking occurs, it is crucial for exchanges to communicate transparently with users, providing clear information about the incident, the steps taken, and the implications for users. This fosters trust and ensures users have a comprehensive understanding of the situation.
4. Promote User Education
Users should proactively enhance their knowledge of cryptocurrency security and take necessary precautions, such as employing two-factor authentication, utilizing hardware wallets, and exercising caution when sharing personal information. Proper education plays a vital role in reducing the risks of fraud and attacks.
5. Conduct Independent Security Audits
Cryptocurrency exchanges should regularly engage third-party entities to conduct independent security audits, ensuring that their systems adhere to high-security standards. These audits help identify potential security vulnerabilities and address them proactively before malicious actors exploit them.
The Bitfinex hacking incident has imparted invaluable lessons to the entire cryptocurrency ecosystem. It is imperative for all stakeholders, including exchanges, developers, and users, to take proactive measures in enhancing security and mitigating the risks of future security breaches.
Conclusion
The Bitfinex hack case is an interesting one to follow. It shows that the crypto world is certainly not a perfectly safe place yet, at least for now. But on the other hand, the arrest of Lichtenstein and Morgan also proves that the environment is no longer a safe haven for cybercriminals. Although there are still many unanswered questions about what really happened back then and it might take a while before anyone can get their cash back, it's clear that this is a start towards a better and safer future for the crypto industry.
At the end of the day, the best thing you can do as a trader is to protect yourself by only investing with reliable exchanges and always considering the risk before taking any action. This can be done in a number of different ways, such as complying with a regulated exchange that uses KYC and anti-money laundering or diversifying your portfolio.
Tether
BNB
Solana
USDC
XRP
Dogecoin
Toncoin
Cardano
