Hong Kong-based Bitcoin exchange Bitfinex reported that hackers have stolen some 119,756 Bitcoin, or about $65m in cash at current prices – the latest security compromise involving cryptocurrency, in what is turning out to be a testing year.
The enormous $65m bitcoin theft follows on from a similar amount in Ethereum’s currency ether, which was exploited by a coding weakness in the smart contract system of The DAO about a month and a half ago.
Bitfinex is the largest exchange by volume on the BTC-USD pair representing about 50% of volume.
News of the security breach sent the price of Bitcoin crashing to around $500, but it has subsequently rallied to $535 leaving it down 12% for the day.
“We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen. We are undertaking a review to determine which users have been affected by the breach.
“While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.
“The theft is being reported to — and we are co-operating with — law enforcement.”
Bitfinex was hacked last year in May when 1459 Bitcoins were lost. Their hot wallet system for customer deposits was breached, which at the time represented 0.5% of all customer deposits. BitFinex subsequently teamed up with BitGo to implement individual multi signature wallets for users.
The Bitfinex theft is the second largest Bitcoin hack to occur after Mt.Gox in early 2014, which saw a total of 850K Bitcoin lost. This hack occurred through a technical term known as transaction malleability where the exchange was duped into re-sending withdrawals which were changed before being submitted to the network for validation.
Bitstamp was hacked in 2015 with the loss of 19,000 BTC which represented 12% of its total BTC deposits at the exchange. The Bitstamp hack was carried out through a sophisticated targeting of employees using malware that ultimately gave hackers access to servers containing Bitstamp’s hot wallet funds.
It’s certainly turning out to be a testing year for cryptocurrency security. The DAO hack saw some $60m of ether compromised from a smart contract which led to Ethereum implementing a hard fork. Shapeshift lost over $230,000 due to a disgruntled ex-employee with access to internal systems. Gatecoin, also headquartered in Hong Kong, was hacked in May to the tune of $2m (250 Bitcoin and 185K Ether); the hacker managed to bypass the exchange’s control limits whereby only 5% of customer deposits were stored in the hot wallet by routing new deposits into the hot wallet too.
Charles Hayter, CEO & founder, CrytoCompare told IBTimes: “It is not clear on what the capital buffers are at Bitfinex, although if we take last year’s figures of 300K BTC and apply a generous doubling, we can speculate that 20% of all funds have been lost.
“With users funds secured using multisignature technology in partnership with BitGo a lot more is at stake for the backbone of the Bitcoin industry with its stalwarts and prided tech under fire.
“With uncertainty comes volatility. With the block reward halving out of the way there is no clear path for bitcoin especially with divisions reappearing on the scaling debate. This Bitfinex hack muddies the waters again for Bitcoin and opens up raw wounds in echoes of Mt Gox.”
Bitfinex volume on the BTC-USD Pair is usually around 30-60K BTC per day. Today the trailing 24 hour volume is over 150K BTC.
Market shares are already shifting with Bitstamp resuming its dominant position with a 14% market share, although this is closely followed by BTCe and Coinbase both with 13% of the market each, according to CryproCompare