ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.


24hr ---

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story


Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
Ether Price Analysis
Contact Us

Bitfinex Didn't Fight The CFTC Regulations, Which Catalyzed A Security Breach




Bitfinex was recently hacked resulting in the theft of approximately 119,756 bitcoins. In June 2016, the CFTC issued an order against Bitfinex to protect consumers and comply with law and regulations, but achieved an opposite result.

Bitfinex suspended trading yesterday due to a breach in their security.

This breach, caused by a hack, resulted in the theft of 119,756 BTC. No fiat currency was stolen. The Commodity Futures Trading Commission (CFTC) fined Bitfinex $75,000 this past June and ordered that the exchange change its practices and comply with the Commodity Exchange Act and regulations. Bitfinex paid the fine and complied with CFTC by changing its practices. Some are speculating that the actions taken by Bitfinex in complying with the CFTC directly correlate to this security breach.

The details of this hacking incident are limited and Bitfinex declined to release additional information since there is an ongoing investigation. However, based on the information that is available it is likely that the CFTC regulations may have catalyzed the occurrence of this security breach. The CFTC is not solely to blame for this security breach. Bitfinex is also responsible because they failed to exercise procedural options available to them which could have prevented this incident from occurring.

On September 17, 2015, the CFTC ruled that bitcoin and other virtual currencies are encompassed in the definition of, and properly defined as, commodities. Title VII of the Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010, Public Law 111-203, 124 Stat. 1376 (2010) amended the Commodity Exchange Act to add, among other things, new authority over certain leveraged, margined, or financed retail commodity transactions. Therefore, the CFTC has jurisdiction over certain leveraged, margined, or financed retail commodity transactions involving bitcoin and other virtual currencies.     

On June 2, 2016, the CFTC issued an Order filing and simultaneously settling charges against Bitfinex. The Order found that from April 2013 to at least February 2016, Bitfinex permitted users to borrow funds from other users on the platform in order to trade bitcoin on a leveraged, margined, or financed basis which constitutes a futures contract. The Order also found that Bitfinex did not actually deliver those bitcoins to the traders who purchased them rather Bitfinex held the bitcoins in deposit wallets that it owned and controlled which triggers compliance of CFTC regulations pursuant to the Commodity Exchange Act (the Act).

Actual delivery denotes the act of giving real and immediate possession to the buyer or the buyer’s agent. U.S. Commodity Futures Trading Comm'n v. Hunter Wise Commodities, LLC, 749 F.3d 967, 978-9 (11th Cir. 2014). Electronic transfer of documents indicating control or possession without physical transfer of the commodity does not constitute actual delivery. Id. If actual delivery is made, then the CFTC does not have jurisdiction. This actual delivery rule is an exception to CFTC jurisdiction.

The CFTC found that Bitfinex did not meet this definition of actual delivery because Bitfinex placed customers’ bitcoins in a cold storage wallet where Bitfinex, not the buyer, had actual control and possession. Cold storage in the context of bitcoin refers to keeping a reserve of bitcoins offline. Therefore in order to comply with the CFTC, Bitfinex either had to register with the CFTC or provide buyers with the actual delivery of their bitcoins.

Bitfinex paid the CFTC a fine and agreed to, among other things, cease and desist from their cold storage practices even though cold storage is known as the most secure method of storing bitcoin and other virtual currencies. Bitfinex replaced their cold storage for bitcoin with segregated customer wallets so that each user has their own bitcoin wallet. Bitfinex was able to do so by implementing Bitgo onto their platform. The hacking incident allegedly was a result of this change in practice.

Subsequently, on August 2, 2016, Bitfinex discovered a security breach and halted all trading, deposits and withdrawals. This security breach is still not resolved and Bitfinex claims that this breach was not internal. The stolen bitcoins were not insured and Bitfinex stated, “Although this incident is unfortunate, its scale is small and will be fully absorbed by the company.” Bitfinex seems to be taking the blame but the CFTC has equal if not greater blame in this incident as well.

The CFTC addressed a problem with Bitfinex but the solution turned out to be more disastrous and harmful than the problem itself. The CFTC intended to protect consumers to prevent fraud with the exchanges. However, the results contradicted what was originally intended. Consumers were not protected; rather they were exposed to massive risk. The CFTC failed to take into consideration the unique form and characteristics of bitcoin and virtual currency. Replacing the cold storage method exposed consumers to the risk of a security breach. Hackers can only compromise funds if stored online. Cold storage is a security measure that prevents theft from hackers. There should have been a compromise here possibly in the form of amending the actual delivery exception specifically for bitcoin and other virtual currencies. Doing so likely could have prevented this theft from occurring. 

Bitfinex is also to blame because they did not perform their due diligence. Instead of immediately giving the CFTC an offer for settlement Bitfinex could have made a request for an administrative hearing and argued for their cold storage practices while keeping within the actual delivery exception. Although this method would have taken more time, effort and resources, it would pale in comparison to the $67 million loss caused by the hack.

Going forward, exchanges should keep in mind that they have the ability to challenge the law and regulatory action, and advocate their positions in court. Although tedious and laborious the results could be very beneficial and could avoid disasters like this from occurring in the future.

Jeffrey Berns

Jeffrey K. Berns is the Managing Partner and head of the Los Angeles office for Berns Weiss Inc. Over the course of his 25-year legal career, he has tenaciously fought for the rights of consumers, concentrating his practice on consumer lending and consumer fraud class actions. Among his other accomplishments, he led a group of 20 law firms that prosecuted cutting-edge class action cases against financial institutions, such as Countrywide, Wells Fargo, and JPMorgan Chase, concerning destructive negative amortization loans that unknowingly caused borrowers to assume tens of thousands of dollars of additional debt. These efforts led to settlements comprising hundreds of millions of dollars in cash payments and substantial loan modification relief. Visit for more info.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest bitfinex, CFTC or other Ethereum law and legislation news.