Yesterday (August 2), Bitfinex suffered a security breach resulting in the theft of 119,756 BTC (65 million USD), according to Zane Tackett, Director of Community & Product Development for Bitfinex.
As the hack continues to be investigated, many are jumping to conclusions on what really happened. Bitfinex is accused of failing to have offline storage. BitGo, a multisig Bitcoin wallet, did not provide better security. The list goes on and on.
The new accusations are based on policies. Regulations designed by the United States Commodity Futures Trading Commission (CFTC) are said to have prevented the exchange from securing funds in cold storage.
On June 2, the CFTC fined Bitfinex $75,000 for, “offering illegal off-exchange financed retail commodity transactions in bitcoin and other cryptocurrencies and for failing to register as a Futures Commission Merchant (FCM).” The CFTC issued an order stating Bitfinex had failed to deliver funds to traders, and held them in wallets they controlled.
This statement has users believing this kept the China-based exchange from using their own secure offline or cold storage. Keeping funds offline prevents any hackers from accessing your funds or account.
The funds stolen were taken from bitcoin wallets, leading some to believe this theory. If Bitfinex had its own cold storage, the hack could have been prevented.
However, the wallets were under the multi-signature security of BitGo. Though BitGo has stated their servers were not compromised, many are still skeptical on how this theft occurred. For one, BitGo launched BitGo Instant which provides faster transactions with zero confirmations. This new feature has lead many to believe the hacker was able to steal funds without being detected.
Tackett, who has been answering questions on Reddit, briefly mentioned a possible overlook of security practices:
“There were a number of security practices that were in place to make this the most secure, yet transparent way of securing funds and we used the company that prides itself and specializes in bitcoin storage,” he said. “How these practices were bypassed, we're still investigating.”
All we know right now is there was a theft of almost 120,000 BTC. On the other hand, the question of how is not going to end any time soon.