Bitfinex Security Breach: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Another 30 minutes complete. Analysis and spreading out the About section further to construct the initial article. Put in place information from further review of the ErgoBTC Twitter posts.)
(Another 30 minutes and included the statement about the coin control effectiveness. Included tons of other tweets and data from ErgoBTC, and added blockchain transactions to timeline and technical analysis.)
Line 18: Line 18:


"In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet (Wallet 1CGA4s5)."
"In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet (Wallet 1CGA4s5)."




Line 27: Line 28:


“There were a lot of reasons for why we went with this implementation with BitGo; one, a big one, was transparency,” said Tackett. “Everyone has their own wallet that they can watch on the blockchain. They can see their bitcoin at any time, and we settle it once per day.” ”Bitfinex subsequently decided to generalize the losses - “Upon logging into the platform, customers will see that they have experienced a generalised loss percentage of 36.067%." The rest was distributed as BFX tokens and “these tokens will eventually be exchanged either for repayment by Bitfinex or for shares in its parent company iFinex Inc.”
“There were a lot of reasons for why we went with this implementation with BitGo; one, a big one, was transparency,” said Tackett. “Everyone has their own wallet that they can watch on the blockchain. They can see their bitcoin at any time, and we settle it once per day.” ”Bitfinex subsequently decided to generalize the losses - “Upon logging into the platform, customers will see that they have experienced a generalised loss percentage of 36.067%." The rest was distributed as BFX tokens and “these tokens will eventually be exchanged either for repayment by Bitfinex or for shares in its parent company iFinex Inc.”




Line 67: Line 69:
|Main Event
|Main Event
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|-
|April 14th, 2021 11:06:00 AM MDT
|Blockchain Transaction
|<ref name=":2">[https://twitter.com/ErgoBTC/status/1492937572800155653 ErgoBTC - "But what of the post-2019 spending from the hack addresses? Unspent coins sourced from the hack addresses range from 1 to many hops away." - Twitter] (Mar 15, 2023)</ref><ref name=":3">https://oxt.me/transaction/34b76a3d94f9411e45d9a688503984544a038b3f6e4e4909f9c77c535b2c13cc (Jan 25, 2024)</ref>.
|-
|December 22nd, 2021 7:42:00 AM MST
|Blockchain Transaction
|<ref name=":2" /><ref name=":4">https://oxt.me/transaction/34b76a3d94f9411e45d9a688503984544a038b3f6e4e4909f9c77c535b2c13cc (Jan 25, 2024)</ref>.
|-
|December 22nd, 2021 10:07:00 AM MST
|Blockchain Transaction
|<ref name=":2" /><ref name=":5">https://oxt.me/transaction/ffedf444de6957333f092ad433f733f98b7194048147b2cf2f436370a4b998b8 (Jan 25, 2024)</ref>.
|-
|-
|January 31, 2022
|January 31, 2022
Line 79: Line 93:
|ErgoBTC Post
|ErgoBTC Post
|ErgoBTC posts to highlight to irony that the thief had previously laundered the funds carefully and methodically through a dark net marketplace, and subsequently changed to storing them on a cloud service provider<ref>[https://twitter.com/ErgoBTC/status/1491141864447430656 ErgoBTC - "So let me get this straight. The guy that was using AlphaBay in 2017 to launder these coins was also keeping them in an encrypted file "in the cloud"?" - Twitter] (Mar 15, 2023)</ref>.
|ErgoBTC posts to highlight to irony that the thief had previously laundered the funds carefully and methodically through a dark net marketplace, and subsequently changed to storing them on a cloud service provider<ref>[https://twitter.com/ErgoBTC/status/1491141864447430656 ErgoBTC - "So let me get this straight. The guy that was using AlphaBay in 2017 to launder these coins was also keeping them in an encrypted file "in the cloud"?" - Twitter] (Mar 15, 2023)</ref>.
|-
|February 8th, 2022 4:13:00 PM MST
|Comparison To Colonial Pipeline
|ErgoBTC shares his conclusions on the Colonial Pipeline ransomware attack, however this is deemed to be unrelated to the Bitfinex situation<ref>[https://twitter.com/ErgoBTC/status/1491188473797431297 ErgoBTC - "I think this is the thread you are referring to. FYI, I do not believe these conclusions are relevant to the BFX situation." - Twitter] (Mar 15, 2023)</ref>.
|-
|-
|February 13th, 2022 12:03:00 PM MST
|February 13th, 2022 12:03:00 PM MST
|ErgoBTC Publishes Analysis
|ErgoBTC Publishes Analysis
|The Twitter account ErgoBTC is actively investigating and discussing post-2019 spending from hack addresses related to the hack<ref name=":0">[https://twitter.com/ErgoBTC/status/1492937524037275651 ErgoBTC - "The BFX hack seizure. A mountain of evidence in an apparent straightforward analysis. Coins tracked across custodial entities sent to exchanges with the couples IDs. Some thoughts from following the followers." - Twitter] (Mar 15, 2023)</ref>. Unspent coins from the hack addresses are being analyzed based on the number of hops away they are from the source. The prosecutor's mention of "The Launderers" as a flight risk implies the Department of Justice's control over a separate "dirty" wallet. The crucial unanswered question is how "The Launderers" obtained control of the private keys for the hacked coins, with speculation about potential scenarios, including purchasing from the hackers or working remotely with a third party. The possibility of "The Launderers" being the actual hackers is raised, though they have not been charged under the Computer Fraud and Abuse Act (CFAA). The investigation is ongoing, and the focus is on off-chain aspects, hinting at a larger, yet-to-be-revealed story<ref name=":0">[https://twitter.com/ErgoBTC/status/1492937524037275651 ErgoBTC - "The BFX hack seizure. A mountain of evidence in an apparent straightforward analysis. Coins tracked across custodial entities sent to exchanges with the couples IDs. Some thoughts from following the followers." - Twitter] (Mar 15, 2023)</ref>.
|The Twitter account ErgoBTC is actively investigating and discussing post-2019 spending from hack addresses related to the hack<ref name=":0">[https://twitter.com/ErgoBTC/status/1492937524037275651 ErgoBTC - "The BFX hack seizure. A mountain of evidence in an apparent straightforward analysis. Coins tracked across custodial entities sent to exchanges with the couples IDs. Some thoughts from following the followers." - Twitter] (Mar 15, 2023)</ref>. Unspent coins from the hack addresses are being analyzed based on the number of hops away they are from the source. The prosecutor's mention of "The Launderers" as a flight risk implies the Department of Justice's control over a separate "dirty" wallet. The crucial unanswered question is how "The Launderers" obtained control of the private keys for the hacked coins, with speculation about potential scenarios, including purchasing from the hackers or working remotely with a third party. The possibility of "The Launderers" being the actual hackers is raised, though they have not been charged under the Computer Fraud and Abuse Act (CFAA). The investigation is ongoing, and the focus is on off-chain aspects, hinting at a larger, yet-to-be-revealed story<ref name=":0">[https://twitter.com/ErgoBTC/status/1492937524037275651 ErgoBTC - "The BFX hack seizure. A mountain of evidence in an apparent straightforward analysis. Coins tracked across custodial entities sent to exchanges with the couples IDs. Some thoughts from following the followers." - Twitter] (Mar 15, 2023)</ref>. It is also noted that "The Complaint showed that tracking the early 2017 BTC spends was futile for passive observers thanks to AlphaBay’s coin control<ref name=":6">[https://twitter.com/ErgoBTC/status/1492937532849410052 ErgoBTC - "Most importantly, The Complaint showed that tracking the early 2017 BTC spends was futile for passive observers thanks to AlphaBay’s coin control." - Twitter] (Jan 25, 2024)</ref>." and that breaking funds into smaller wallets occurs naturally<ref name=":7">[https://twitter.com/ErgoBTC/status/1492937560196362241 ErgoBTC - "Speaking of the collaboration between regime dot gov and regime dot biz, there seems to be some miss-information around the implications of not spending the entirety of your wallet balance to a third party in a single tx." - Twitter] (Mar 15, 2023)</ref>.
|-
|February 13th, 2022 2:03:00 PM MST
|ErgoBTC Poloniex Deposit Addresses
|<ref name=":8">[https://twitter.com/ErgoBTC/status/1492967675269632007 ErgoBTC - "Forgot to Copy+Pasta the Poloniex Deposit TxIDs. Knowing volume, timing, and source/destination are usually easy enough to find the referenced txs." - Twitter] (Mar 15, 2023)</ref>.
|-
|February 13th, 2022 3:48:00 PM MST
|ErgoBTC More Tweet
|TBD<ref>[https://twitter.com/ErgoBTC/status/1492994167823388679 ErgoBTC - "Be sure to get the "early and wrong" hot takes from the dot govs corporate sponsors. Wouldn't want to get it right the first time!" - Twitter] (Mar 15, 2023)</ref>.
|-
|-
|February 16th, 2022 8:33:00 AM MST
|February 16th, 2022 8:33:00 AM MST
|Wall Street Journal Article
|Wall Street Journal Article
|The Wall Street Journal reports that federal investigators, after years of pursuing clues in the 2016 Bitfinex cryptocurrency exchange hack where thieves stole bitcoin now valued at $4.5 billion, tracked down suspects Ilya "Dutch" Lichtenstein and Heather R. Morgan using a $500 Walmart gift card linked to their emails and cloud service providers<ref name=":1">[https://www.wsj.com/articles/bitcoin-bitfinex-hack-crypto-laundering-morgan-lichtenstein-11644953617 A Crucial Clue in the $4.5 Billion Bitcoin Heist: A $500 Walmart Gift Card - The Wall Street Journal] (Jan 24, 2024)</ref>. The Justice Department seized $3.6 billion in bitcoin allegedly controlled by the couple, marking its largest financial seizure. Lichtenstein and Morgan were charged with money laundering and fraud. The investigation exploited advanced forensic tools and efforts to combat crypto crime. The couple allegedly laundered stolen bitcoin through various accounts, and the case highlights the challenges of tracing cryptocurrency transactions despite its perceived anonymity. The public nature of blockchain ledgers played a crucial role in the investigation, revealing patterns and connections through cluster analysis<ref name=":1">[https://www.wsj.com/articles/bitcoin-bitfinex-hack-crypto-laundering-morgan-lichtenstein-11644953617 A Crucial Clue in the $4.5 Billion Bitcoin Heist: A $500 Walmart Gift Card - The Wall Street Journal] (Jan 24, 2024)</ref>. The article was copied to Fox Business where it is available without a paywall<ref>[https://www.foxbusiness.com/retail/crucial-clue-4-5-billion-bitcoin-heist-500-walmart-gift-card A crucial clue in the $4.5 billion Bitcoin heist: A $500 Walmart gift card - Fox Business] (Jan 24, 2024)</ref>. Some users have criticized the title of the article, considering it "click-bait"<ref>[https://twitter.com/ErgoBTC/status/1493971774408642561 ErgoBTC - "Excellent clickbait headline. 10/10" - Twitter] (Mar 15, 2023)</ref>.
|The Wall Street Journal reports that federal investigators, after years of pursuing clues in the 2016 Bitfinex cryptocurrency exchange hack where thieves stole bitcoin now valued at $4.5 billion, tracked down suspects Ilya "Dutch" Lichtenstein and Heather R. Morgan using a $500 Walmart gift card linked to their emails and cloud service providers<ref name=":1">[https://www.wsj.com/articles/bitcoin-bitfinex-hack-crypto-laundering-morgan-lichtenstein-11644953617 A Crucial Clue in the $4.5 Billion Bitcoin Heist: A $500 Walmart Gift Card - The Wall Street Journal] (Jan 24, 2024)</ref>. The Justice Department seized $3.6 billion in bitcoin allegedly controlled by the couple, marking its largest financial seizure. Lichtenstein and Morgan were charged with money laundering and fraud. The investigation exploited advanced forensic tools and efforts to combat crypto crime. The couple allegedly laundered stolen bitcoin through various accounts, and the case highlights the challenges of tracing cryptocurrency transactions despite its perceived anonymity. The public nature of blockchain ledgers played a crucial role in the investigation, revealing patterns and connections through cluster analysis<ref name=":1">[https://www.wsj.com/articles/bitcoin-bitfinex-hack-crypto-laundering-morgan-lichtenstein-11644953617 A Crucial Clue in the $4.5 Billion Bitcoin Heist: A $500 Walmart Gift Card - The Wall Street Journal] (Jan 24, 2024)</ref>. The article was copied to Fox Business where it is available without a paywall<ref>[https://www.foxbusiness.com/retail/crucial-clue-4-5-billion-bitcoin-heist-500-walmart-gift-card A crucial clue in the $4.5 billion Bitcoin heist: A $500 Walmart gift card - Fox Business] (Jan 24, 2024)</ref>. Some users have criticized the title of the article, considering it "click-bait"<ref>[https://twitter.com/ErgoBTC/status/1493971774408642561 ErgoBTC - "Excellent clickbait headline. 10/10" - Twitter] (Mar 15, 2023)</ref>.
|-
|February 18th, 2022 9:05:00 AM MST
|ErgoBTC More Tweet
|TBD is this related?<ref>[https://twitter.com/ErgoBTC/status/1494704545041203201 ErgoBTC - "The Regime dot Biz's compliance as a growth driver sales pitch runs contra to everything crypto means and stands for." - Twitter] (Mar 15, 2023)</ref>
|}
|}


== Technical Details ==
== Technical Details ==
See analysis from ErgoBTC<ref name=":0" />. TBD more reviewing.
See analysis from ErgoBTC<ref name=":0" /><ref name=":6" /><ref name=":7" /><ref>[https://twitter.com/ErgoBTC/status/1492937565560872969 ErgoBTC - "Regardless, the analysis is straight forward. >A combo of on-chain/links across multiple accounts/custodial entities >Similar account credentials and use noted at Poloniex and Bittrex  >A spreadsheet including relevant account login info was found in The Launderers cloud storage" - Twitter] (Mar 15, 2023)</ref><ref>[https://twitter.com/ErgoBTC/status/1492937577871069186 ErgoBTC - "The prosecutor’s rationale for calling “The Launderers” a flight risk, seems to hint that the DOJ is also in control of this separate "dirty" wallet. Encrypted? Fire up the GPUs." - Twitter] (Mar 15, 2023)</ref><ref>[https://twitter.com/ErgoBTC/status/1492937528483135492 ErgoBTC - "First attributions central to the case. VCE1 and VCE4 as Poloniex and Bittrex, respectively. Attribution courtesy of the abbreviated BTC addresses in The Complaint flow diagrams." - Twitter] (Mar 15, 2023)</ref><ref>[https://twitter.com/ErgoBTC/status/1492937542341169152 ErgoBTC - "We’ve had trouble finding any evidence of this missing cluster, and remained a bit of a mystery until The Complaint was issued. This diagram has enough details to explain where AB’s cluster went from Spring 2016 till shutdown." - Twitter] (Mar 15, 2023)</ref><ref name=":2" /><ref>[https://twitter.com/ErgoBTC/status/1492937536712413184 ErgoBTC - "AlphaBay among the largest DNMs (2nd only to Hydra?) started in 2015 and operated two known classic wallet clusters. One active through fall of 2015. The other active through spring 2016. But a gap betwen ABs  shutdown in July 2017." - Twitter] (Mar 15, 2023)</ref><ref>[https://twitter.com/ErgoBTC/status/1492937548062154755 ErgoBTC - "The deposit addresses on the left side of the diagram: And their spends. All single use addresses and single UTXO spends (no cluster)." - Twitter] (Mar 15, 2023)</ref><ref>[https://twitter.com/ErgoBTC/status/1492937583675985925 ErgoBTC - "Working remotely with someone else? >Maybe a justified reason for keeping the private keys in cloud storage as this allows remote access to a third party. >> Does this make the last hack address with a BTC balance a trap? 1DTbSm28AJnePwzFXzCnNasVF1xi6XrVSQ" - Twitter] (Mar 15, 2023)</ref><ref>[https://twitter.com/ErgoBTC/status/1492937555662229505 ErgoBTC - "With a bit of coin control and pseudonymity, a passive observer has no way of knowing he is seeing AB activity. (Sidenote: Anyone know of AB2’s coin control?) Of course this doesn’t apply to LEA’s and their corporate sponsors data sharing agreements." - Twitter] (Mar 15, 2023)</ref>. TBD more reviewing.
 
Blockchain Transactions: <ref name=":3" /><ref name=":4" /><ref name=":5" />
 
Blockchain Addresses: <ref>https://oxt.me/address/1HaQbNXKuad7FEj4Yuosho3ZxKGtroYehc (Jan 25, 2024)</ref><ref>https://oxt.me/address/16UPkXBDP8jPiDd9iFjKwQ6BPouZh5MUTQ (Jan 25, 2024)</ref><ref>https://oxt.me/address/19VEBJAbYHShSmAjmZh2RDX6s79cWZtL3Z (Jan 25, 2024)</ref><ref>https://oxt.me/address/1g1RjLuos5kdgrBLxdfugTCy4zEsyErvk (Jan 25, 2024)</ref>
 
Poloniex Deposits: <ref name=":8" />


== Total Amount Lost ==
== Total Amount Lost ==
Line 109: Line 145:


"The early movement of the stolen funds involved extensive layering activity that employed the peel chain technique. As part of this layering, a portion of the stolen funds were deposited gradually (an indication of peel chain activity) into AlphaBay accounts. The AlphaBay accounts were used as a pass-through for the stolen BTC. Depositing and withdrawing BTC at AlphaBay allowed LICHTENSTEIN and MORGAN to break up the stolen BTC trail on the blockchain. After being moved into accounts at AlphaBay, the stolen BTC was withdrawn, layered, and ultimately deposited into VCEs around the world, as described in pertinent part immediately below."
"The early movement of the stolen funds involved extensive layering activity that employed the peel chain technique. As part of this layering, a portion of the stolen funds were deposited gradually (an indication of peel chain activity) into AlphaBay accounts. The AlphaBay accounts were used as a pass-through for the stolen BTC. Depositing and withdrawing BTC at AlphaBay allowed LICHTENSTEIN and MORGAN to break up the stolen BTC trail on the blockchain. After being moved into accounts at AlphaBay, the stolen BTC was withdrawn, layered, and ultimately deposited into VCEs around the world, as described in pertinent part immediately below."
According to ErgoBTC, the AlphaBay strategies appear to have been effective to break the blockchain fund trail<ref name=":6" />.


=== Bitfinex Redemption Program Completed ===
=== Bitfinex Redemption Program Completed ===

Revision as of 12:25, 25 January 2024

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

BitFinex

In August 2016, Bitfinex was the largest cryptocurrency exchange platform at the time of the attack. This breach affected a significant portion of the bitcoin on the platform, which were stored in a new and supposedly more secure way. While multiple others exchanges utilize BitGo (including BitStamp and Kraken), Bitfinex was the only one doing so without the majority of funds in cold storage. This is notable as the first attack that is known to target a multi-sig wallet scheme. Bitfinex was using a new scheme which gave each customer a 2 of 3 multi-sig wallet, with a unique key stored in a database. Bitfinex held one of the keys offline, and a third key was held with third party BitGo.

In response to the hack, Bitfinex removed a portion of the balance on every customer’s account, and replaced it with Bitfinex (BFX) Tokens. Over time, the exchange continued to operate, and was able to recover the sum lost to customers within a year. Bitfinex continues to operate today as one of the largest exchanges in the world, having officially paid all customers back. As part of the process, 0.023% of the bitcoin was also returned by government and law enforcement.

The theft remained officially unsolved for 6 years. Finally, at the end of January 2022, the FBI announced that they had seized the funds, now worth $3.5b. It is yet unclear what will happen to those seized funds.

This exchange or platform is based in Hong Kong, or the incident targeted people primarily in Hong Kong.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28][29][30][31][32][33][34][35][36][37][38][39][40][41]

About BitFinex

"Bitfinex is a Hong Kong-based cryptocurrency exchange owned and operated by iFinex Inc., which is headquartered in Hong Kong and registered in the British Virgin Islands." "The Bitfinex exchange is a popular platform for exchanging cryptocurrencies, also hosting spot and derivatives trading as well as certain lending, borrowing and staking features. Bitfinex came into existence in 2012." "BitFinex offers three main functions - it is a pure bitcoin to fiat exchange, a margin trading exchange and a liquidity provider. The platform offers a number of features available that expand the financial positions you can take - for example, the ability to short Bitcoin via margin trading."

"Bitfinex also has its own utility crypto token called Unus Sed Leo (LEO). Because it restricts a number of regions, Bitfinex U.S. customers are not allowed. On Bitfinex, KYC and Anti-Money Laundering procedures are employed." "It serves all except few countries in the world (mentioned below) and supports both fiat-to-crypto and crypto-to-crypto trades. Other notable features include margin trading, limit and stop orders, over-the-counter (OTC) trades, and others. While there are many options available, everything is laid out in an impressively intuitive fashion, with easy-to-navigate dashboards and menus."

“In August 2016, nearly $72 million worth of BTC (almost 120,000 Bitcoins) was stolen from Bitfinex.” “Unknown people used a bug in the multisignature system, which was supported by BitGo's partner company. The hackers deceived the BitGo algorithms in an unknown way, forcing them to approve transactions and withdrew about 120,000 BTC from the hot wallet, worth the equivalent of $72 million at the exchange rate at that time.”

"In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet (Wallet 1CGA4s5)."


"Zane Tackett, Director of Community & Product Development for Bitfinex, told Reuters on Wednesday that 119,756 bitcoins had been stolen from users’ accounts and that the exchange hadn’t yet decided how to address customer losses..."

“Due to the magnitude of the attack and the fact that Bitfinex did not publish the details of their internal investigation, the hack created a strange confusion in the crypto community at the time.” “If one had to take a blind guess, one would suspect that the hacker obtained the private keys held by Bitfinex, coupled with API access to BitGo to instruct BitGo to sign the withdrawals. Additional trickery would probably be required to circumvent BitGo's daily withdrawal limits.”

“the US government did interfere with, fine, and modify the operations of Bitfinex. But as far as [one researcher could] tell, the government's touch was incredibly gentle. First, they fined Bitfinex only $75K, a slap on the wrist, three months' salary for a valley dev, for not having spent the three months of a developer's time on some needed key management structure. Second, they made sure that Bitfinex kept its funds not in a master omnibus account, but in multisig accounts for each individual registered with bitfinex. Essentially, the regulators wanted to see that the coins were delivered to individuals, as opposed to held in one giant pool. This little accounting twist was all that was required to satisfy the regulators, who generally seem clueless and out of the picture as far as security measures go. All the relevant decisions about protecting the private keys, then, rest with Bitfinex.”

“There were a lot of reasons for why we went with this implementation with BitGo; one, a big one, was transparency,” said Tackett. “Everyone has their own wallet that they can watch on the blockchain. They can see their bitcoin at any time, and we settle it once per day.” ”Bitfinex subsequently decided to generalize the losses - “Upon logging into the platform, customers will see that they have experienced a generalised loss percentage of 36.067%." The rest was distributed as BFX tokens and “these tokens will eventually be exchanged either for repayment by Bitfinex or for shares in its parent company iFinex Inc.”


This exchange or platform is based in Hong Kong, or the incident targeted people primarily in Hong Kong.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Bitfinex Security Breach
Date Event Description
August 3rd, 2016 7:20:00 AM MDT Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
April 14th, 2021 11:06:00 AM MDT Blockchain Transaction [42][43].
December 22nd, 2021 7:42:00 AM MST Blockchain Transaction [42][44].
December 22nd, 2021 10:07:00 AM MST Blockchain Transaction [42][45].
January 31, 2022 Law Enforcement Wallet Access Law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys. Blockchain analysis confirmed that almost all 10 of those addresses were directly linked to the hack.
February 1, 2022 Law Enforcement Seizure Law enforcement seizes the funds in the Bitfinex theft addresses, transferring the funds to a new address. This activity is noted on the blockchain and causes the price of the LEO token to go on a massive rally.[46]
February 8th, 2022 1:08:00 PM MST ErgoBTC Post ErgoBTC posts to highlight to irony that the thief had previously laundered the funds carefully and methodically through a dark net marketplace, and subsequently changed to storing them on a cloud service provider[47].
February 8th, 2022 4:13:00 PM MST Comparison To Colonial Pipeline ErgoBTC shares his conclusions on the Colonial Pipeline ransomware attack, however this is deemed to be unrelated to the Bitfinex situation[48].
February 13th, 2022 12:03:00 PM MST ErgoBTC Publishes Analysis The Twitter account ErgoBTC is actively investigating and discussing post-2019 spending from hack addresses related to the hack[49]. Unspent coins from the hack addresses are being analyzed based on the number of hops away they are from the source. The prosecutor's mention of "The Launderers" as a flight risk implies the Department of Justice's control over a separate "dirty" wallet. The crucial unanswered question is how "The Launderers" obtained control of the private keys for the hacked coins, with speculation about potential scenarios, including purchasing from the hackers or working remotely with a third party. The possibility of "The Launderers" being the actual hackers is raised, though they have not been charged under the Computer Fraud and Abuse Act (CFAA). The investigation is ongoing, and the focus is on off-chain aspects, hinting at a larger, yet-to-be-revealed story[49]. It is also noted that "The Complaint showed that tracking the early 2017 BTC spends was futile for passive observers thanks to AlphaBay’s coin control[50]." and that breaking funds into smaller wallets occurs naturally[51].
February 13th, 2022 2:03:00 PM MST ErgoBTC Poloniex Deposit Addresses [52].
February 13th, 2022 3:48:00 PM MST ErgoBTC More Tweet TBD[53].
February 16th, 2022 8:33:00 AM MST Wall Street Journal Article The Wall Street Journal reports that federal investigators, after years of pursuing clues in the 2016 Bitfinex cryptocurrency exchange hack where thieves stole bitcoin now valued at $4.5 billion, tracked down suspects Ilya "Dutch" Lichtenstein and Heather R. Morgan using a $500 Walmart gift card linked to their emails and cloud service providers[54]. The Justice Department seized $3.6 billion in bitcoin allegedly controlled by the couple, marking its largest financial seizure. Lichtenstein and Morgan were charged with money laundering and fraud. The investigation exploited advanced forensic tools and efforts to combat crypto crime. The couple allegedly laundered stolen bitcoin through various accounts, and the case highlights the challenges of tracing cryptocurrency transactions despite its perceived anonymity. The public nature of blockchain ledgers played a crucial role in the investigation, revealing patterns and connections through cluster analysis[54]. The article was copied to Fox Business where it is available without a paywall[55]. Some users have criticized the title of the article, considering it "click-bait"[56].
February 18th, 2022 9:05:00 AM MST ErgoBTC More Tweet TBD is this related?[57]

Technical Details

See analysis from ErgoBTC[49][50][51][58][59][60][61][42][62][63][64][65]. TBD more reviewing.

Blockchain Transactions: [43][44][45]

Blockchain Addresses: [66][67][68][69]

Poloniex Deposits: [52]

Total Amount Lost

The total amount lost has been estimated at $72,000,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Initial Fund Movement Through AlphaBay

"According to court documents, Lichtenstein and Morgan allegedly conspired to launder the proceeds of 119,754 bitcoin that were stolen from Bitfinex’s platform after a hacker breached Bitfinex’s systems and initiated more than 2,000 unauthorized transactions. Those unauthorized transactions sent the stolen bitcoin to a digital wallet under Lichtenstein’s control."

"[B]eginning in or around January 2017, a portion of the stolen BTC moved out of Wallet 1CGA4s in a series of small, complex transactions across multiple accounts and platforms. This shuffling, which created a voluminous number of transactions, appeared to be designed to conceal the path of the stolen BTC, making it difficult for law enforcement to trace the funds."

"The early movement of the stolen funds involved extensive layering activity that employed the peel chain technique. As part of this layering, a portion of the stolen funds were deposited gradually (an indication of peel chain activity) into AlphaBay accounts. The AlphaBay accounts were used as a pass-through for the stolen BTC. Depositing and withdrawing BTC at AlphaBay allowed LICHTENSTEIN and MORGAN to break up the stolen BTC trail on the blockchain. After being moved into accounts at AlphaBay, the stolen BTC was withdrawn, layered, and ultimately deposited into VCEs around the world, as described in pertinent part immediately below."

According to ErgoBTC, the AlphaBay strategies appear to have been effective to break the blockchain fund trail[50].

Bitfinex Redemption Program Completed

By April 3rd, 2017, "Bitfinex [was] pleased to announce redeeming 100% of all issued and outstanding BFX tokens. This [was] the final redemption of BFX tokens created in August 2016. After these redemptions, no BFX tokens [would] remain outstanding." "A combination of factors led to [that] seminal moment for Bitfinex, including a dramatic uptick in equity conversions; record operating results in March; and, the decision to reduce our reserves in favor of this opportunity. We are tremendously grateful to all of our customers and new shareholders for helping us get to this point." "The 2017 transfers notwithstanding, the majority of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022."

Minor Movements Of Stolen Funds

"Over the [subsequent] five years, approximately 25,000 of those stolen bitcoin were transferred out of Lichtenstein’s wallet via a complicated money laundering process that ended with some of the stolen funds being deposited into financial accounts controlled by Lichtenstein and Morgan. The remainder of the stolen funds, comprising more than 94,000 bitcoin, remained in the wallet used to receive and store the illegal proceeds from the hack."

Major Movement Of Stolen Funds

In "July 2020 and April 2021 — linked addresses [made] several transactions worth hundreds of millions." On July 27th, 2020, "The market-tracking and market-moving Twitter account [Whale Alert] documented nine transactions that saw about 2,550 total bitcoin (~$27 million) move from wallets associated with the 2016 hack into new unknown addresses." On April 14th, 2021, "More than $760 million worth of Bitcoin, stolen from cryptocurrency exchange Bitfinex in 2016, were moved to new accounts."

Seizure Of Bitfinex Stolen Funds

"After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein. Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure."

"On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys. Blockchain analysis confirmed that almost all 10 of those addresses were directly linked to the hack. Between January 31, 2022, and February 1, 2022, law enforcement obtained approval to execute a lawful seizure supported by probable cause under exigent circumstances and used the private keys from LICHTENSTEIN’s file to seize Wallet 1CGA4’s remaining balance of approximately 94,636 BTC, [now] worth $3.629 billion."

On "February 1, 2022 these addresses [which were seized by law enforcement made] various transactions. A total of 94,643 BTC (approximately $3.6 billion) [was] transferred to a new address." "The U.S. government becomes the 5th largest holder of Bitcoin in a single address." "The LEO token reached a new all-time high after the U.S. government seized the stolen funds, but before it was public information."

Arrests Of Ilya Lichtenstein and Heather Morgan

On "February 8, 2022 the U.S. Department of Justice announces they have obtained over 94,000 Bitcoin and arrested a couple laundering funds from the Bitfinex hack."

"Two individuals were arrested this morning in Manhattan for an alleged conspiracy to launder cryptocurrency that was stolen during the 2016 hack of Bitfinex, a virtual currency exchange, presently valued at approximately $4.5 billion. Thus far, law enforcement has seized over $3.6 billion in cryptocurrency linked to that hack."

“Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division. “The arrests today show that we will take a firm stand against those who allegedly try to use virtual currencies for criminal purposes.”

"Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, New York, are scheduled to make their initial appearances in federal court today at 3:00 p.m. in Manhattan." "Lichtenstein and Morgan are charged with conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison, and conspiracy to defraud the United States, which carries a maximum sentence of five years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors."

Bitfinex announced that they were "pleased that the U.S. Department of Justice has today announced that it has recovered a significant portion of the bitcoin stolen during the August 2016 security breach. We have been cooperating extensively with the DOJ since its investigation began and will continue to do so."

"Bitfinex will work with the DOJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin. Bitfinex intends to provide further updates on its efforts to obtain a return of the stolen bitcoin as and when those updates are available."

"If Bitfinex receives a recovery of the stolen bitcoin, as described in the UNUS SED LEO token white paper, Bitfinex will, within 18 months of the date it receives that recovery use an amount equal to 80% of the recovered net funds to repurchase and burn outstanding UNUS SED LEO tokens. These token repurchases can be accomplished in open market transactions or by acquiring UNUS SED LEO in over-the-counter trades, including directly trading bitcoin for UNUS SED LEO."

"David Silver, a lawyer who specializes in financial and cryptocurrency-related fraud, said since the seizure was announced Tuesday he has received dozens of calls from individuals saying they lost money in the 2016 online heist and they want to get their coins back. Twitter has been whipped into a frenzy as well, with posters asking how to claim lost crypto. Justice Department officials said they plan to establish a court process for victims to reclaim the stolen digital assets, which have since surged in value."

"Figuring out to whom the crypto belongs may not be simple, however. Bitfinex considers that it has made investors whole, and said in a statement Tuesday that it will “follow appropriate legal processes to establish our rights to a return of the stolen bitcoin.” If Bitfinex and users start off on a collision course, the legal battle probably would be protracted."

Total Amount Recovered

The total amount recovered has been estimated at $72,000,000 USD.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

While more secure than a traditional single-signature wallet would have been, two of the signatures were “online” and therefore, this can effectively be considered to be a form of hot wallet. The damage was limited because Bitfinex noticed the issue quickly. Had the new storage scheme been more widely used or Bitfinex failed to notice as quickly, the situation could have been much worse.

Platforms, in general, should consider all hot wallets breachable, and have insurance. This could be a self insurance treasury, a third party with a comprehensive policy that adequately covers all loss in the hot wallet, or an industry insurance fund as we propose in our framework.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Infographic: An Overview of Compromised Bitcoin Exchange Events (Jan 30, 2020)
  2. Bitfinex users to share 36% of bitcoin losses after hack - BBC News (Feb 3, 2020)
  3. 100 Crypto Thefts: A Timeline of Hacks, Glitches, Exit Scams, and other Lost Cryptocurrency Incidents (Jan 25, 2020)
  4. Lessons Learned from the Biggest Crypto Hacks in History (Feb 26, 2020)
  5. A Look Back on Some of the Most Devastating Crypto Hacks | Fintech Singapore (Feb 27, 2020)
  6. Crypto Exchange Hacks in Review: Proactive Steps and Expert Advice (Mar 2, 2020)
  7. How the Bitfinex Heist Could Have Been Avoided (Mar 3, 2020)
  8. nukumu comments on Bitfinex down due to bitcoin security breach (Mar 2, 2020)
  9. After the Bitfinex Hack, Here’s Why Bitstamp Is Sticking With BitGo (Mar 2, 2020)
  10. Bitstamp exchange hacked, $5M worth of bitcoin stolen | ZDNet (Mar 2, 2020)
  11. Top 6 Biggest Bitcoin Hacks Ever (Mar 2, 2020)
  12. Bitcoin Scams and Cryptocurrency Hacks List - BitcoinExchangeGuide.com (Mar 5, 2020)
  13. SlowMist Hacked - SlowMist Zone (Jun 26, 2021)
  14. To Recover Stolen Bitcoin, Bitfinex Offers Hackers a Hefty Cut of the Funds | PCMag (Jun 26, 2021)
  15. Over 10,000 blacklisted BTC from 2016 Bitfinex hack on the move (Aug 7, 2021)
  16. Bitfinex | Latest Bitfinex News by Cointelegraph (Aug 7, 2021)
  17. Bitfinex Review (2021) - Is It Trustworthy? (Aug 7, 2021)
  18. Bitfinex Exchange Reviews, Live Markets, Guides, Bitcoin charts (Aug 7, 2021)
  19. Bitfinex Exchange: User Review Guide - Master The Crypto (Aug 7, 2021)
  20. Couple arrested in $3.5B Bitcoin laundering scheme - YouTube (Feb 12, 2022)
  21. DOJ Arrests New York Couple In $3.6 Billion Bitcoin Laundering Scheme - YouTube (Feb 12, 2022)
  22. The Crypto Couple Charged For Laundering $3.6 Billion in Bitcoin | Forbes Investigates - YouTube (Feb 12, 2022)
  23. Married Couple Steals $4.5 Billion in Bitcoin Heist [Bitfinex] - YouTube (Feb 12, 2022)
  24. DOJ recovers $3.6B from 2016 Bitfinex hack (Feb 12, 2022)
  25. https://www.justice.gov/opa/press-release/file/1470186/download (Feb 12, 2022)
  26. Meet the ‘Crocodile of Wall Street' - YouTube (Feb 13, 2022)
  27. Millennial couple CAUGHT for attempting to launder billions in Bitcoin | Exactly HOW they did it - YouTube (Feb 16, 2022)
  28. https://www.bitfinex.com/posts/198 (Feb 19, 2022)
  29. Who will get bitcoin back after arrests in Bitfinex hack? - Los Angeles Times (Feb 19, 2022)
  30. https://www.bitfinex.com/posts/766 (Feb 19, 2022)
  31. Behind The 3 6b Recovery Of Bitfinex Hack Funds (Feb 19, 2022)
  32. https://www.justice.gov/opa/pr/two-arrested-alleged-conspiracy-launder-45-billion-stolen-cryptocurrency?utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-9wELOd9uwa_FD8lUcfMf1ifpG5WiYTGXFBCyo1FGh5VIAwPplSKXJf1Bdi8SRg0VX1r-12 (Feb 19, 2022)
  33. https://www.justice.gov/opa/press-release/file/1470211/download (Feb 19, 2022)
  34. Whale Alert: $27M From 2016 Bitfinex Hack Is on the Move - CoinDesk (Feb 19, 2022)
  35. Hackers move $760 million from the 2016 Bitfinex hack - The Record by Recorded Future (Feb 19, 2022)
  36. Bitfinex cryptocurrency seizure won't deter cybercriminals - Tech Monitor (Feb 19, 2022)
  37. @TheJusticeDept Twitter (Feb 19, 2022)
  38. https://bitinfocharts.com/top-100-richest-bitcoin-addresses.html?utm_source=hs_email&utm_medium=email&_hsenc=p2ANqtz-9wELOd9uwa_FD8lUcfMf1ifpG5WiYTGXFBCyo1FGh5VIAwPplSKXJf1Bdi8SRg0VX1r-12 (Feb 19, 2022)
  39. https://www.nbcnews.com/politics/justice-department/two-arrested-allegedly-trying-launder-billions-stolen-bitcoin-rcna15352 (Feb 19, 2022)
  40. https://www.fridayeveryday.com/bitcoin-heist-rapper-heather-morgan-lived-in-hong-kong/ (Apr 23, 2022)
  41. Razzlekahn Part 1 Establishing Some Background (Jun 5, 2022)
  42. 42.0 42.1 42.2 42.3 ErgoBTC - "But what of the post-2019 spending from the hack addresses? Unspent coins sourced from the hack addresses range from 1 to many hops away." - Twitter (Mar 15, 2023)
  43. 43.0 43.1 https://oxt.me/transaction/34b76a3d94f9411e45d9a688503984544a038b3f6e4e4909f9c77c535b2c13cc (Jan 25, 2024)
  44. 44.0 44.1 https://oxt.me/transaction/34b76a3d94f9411e45d9a688503984544a038b3f6e4e4909f9c77c535b2c13cc (Jan 25, 2024)
  45. 45.0 45.1 https://oxt.me/transaction/ffedf444de6957333f092ad433f733f98b7194048147b2cf2f436370a4b998b8 (Jan 25, 2024)
  46. ErgoBTC - "Previous spends of the BFX hack coins were methodically isolated, slowly mixed, or slowly sent to Hydra (DNM). The most recent spends were swept to a *SINGLE* address. The complete opposite in terms of privacy from previous activity." - Twitter (Jan 24, 2024)
  47. ErgoBTC - "So let me get this straight. The guy that was using AlphaBay in 2017 to launder these coins was also keeping them in an encrypted file "in the cloud"?" - Twitter (Mar 15, 2023)
  48. ErgoBTC - "I think this is the thread you are referring to. FYI, I do not believe these conclusions are relevant to the BFX situation." - Twitter (Mar 15, 2023)
  49. 49.0 49.1 49.2 ErgoBTC - "The BFX hack seizure. A mountain of evidence in an apparent straightforward analysis. Coins tracked across custodial entities sent to exchanges with the couples IDs. Some thoughts from following the followers." - Twitter (Mar 15, 2023)
  50. 50.0 50.1 50.2 ErgoBTC - "Most importantly, The Complaint showed that tracking the early 2017 BTC spends was futile for passive observers thanks to AlphaBay’s coin control." - Twitter (Jan 25, 2024)
  51. 51.0 51.1 ErgoBTC - "Speaking of the collaboration between regime dot gov and regime dot biz, there seems to be some miss-information around the implications of not spending the entirety of your wallet balance to a third party in a single tx." - Twitter (Mar 15, 2023)
  52. 52.0 52.1 ErgoBTC - "Forgot to Copy+Pasta the Poloniex Deposit TxIDs. Knowing volume, timing, and source/destination are usually easy enough to find the referenced txs." - Twitter (Mar 15, 2023)
  53. ErgoBTC - "Be sure to get the "early and wrong" hot takes from the dot govs corporate sponsors. Wouldn't want to get it right the first time!" - Twitter (Mar 15, 2023)
  54. 54.0 54.1 A Crucial Clue in the $4.5 Billion Bitcoin Heist: A $500 Walmart Gift Card - The Wall Street Journal (Jan 24, 2024)
  55. A crucial clue in the $4.5 billion Bitcoin heist: A $500 Walmart gift card - Fox Business (Jan 24, 2024)
  56. ErgoBTC - "Excellent clickbait headline. 10/10" - Twitter (Mar 15, 2023)
  57. ErgoBTC - "The Regime dot Biz's compliance as a growth driver sales pitch runs contra to everything crypto means and stands for." - Twitter (Mar 15, 2023)
  58. ErgoBTC - "Regardless, the analysis is straight forward. >A combo of on-chain/links across multiple accounts/custodial entities >Similar account credentials and use noted at Poloniex and Bittrex >A spreadsheet including relevant account login info was found in The Launderers cloud storage" - Twitter (Mar 15, 2023)
  59. ErgoBTC - "The prosecutor’s rationale for calling “The Launderers” a flight risk, seems to hint that the DOJ is also in control of this separate "dirty" wallet. Encrypted? Fire up the GPUs." - Twitter (Mar 15, 2023)
  60. ErgoBTC - "First attributions central to the case. VCE1 and VCE4 as Poloniex and Bittrex, respectively. Attribution courtesy of the abbreviated BTC addresses in The Complaint flow diagrams." - Twitter (Mar 15, 2023)
  61. ErgoBTC - "We’ve had trouble finding any evidence of this missing cluster, and remained a bit of a mystery until The Complaint was issued. This diagram has enough details to explain where AB’s cluster went from Spring 2016 till shutdown." - Twitter (Mar 15, 2023)
  62. ErgoBTC - "AlphaBay among the largest DNMs (2nd only to Hydra?) started in 2015 and operated two known classic wallet clusters. One active through fall of 2015. The other active through spring 2016. But a gap betwen ABs shutdown in July 2017." - Twitter (Mar 15, 2023)
  63. ErgoBTC - "The deposit addresses on the left side of the diagram: And their spends. All single use addresses and single UTXO spends (no cluster)." - Twitter (Mar 15, 2023)
  64. ErgoBTC - "Working remotely with someone else? >Maybe a justified reason for keeping the private keys in cloud storage as this allows remote access to a third party. >> Does this make the last hack address with a BTC balance a trap? 1DTbSm28AJnePwzFXzCnNasVF1xi6XrVSQ" - Twitter (Mar 15, 2023)
  65. ErgoBTC - "With a bit of coin control and pseudonymity, a passive observer has no way of knowing he is seeing AB activity. (Sidenote: Anyone know of AB2’s coin control?) Of course this doesn’t apply to LEA’s and their corporate sponsors data sharing agreements." - Twitter (Mar 15, 2023)
  66. https://oxt.me/address/1HaQbNXKuad7FEj4Yuosho3ZxKGtroYehc (Jan 25, 2024)
  67. https://oxt.me/address/16UPkXBDP8jPiDd9iFjKwQ6BPouZh5MUTQ (Jan 25, 2024)
  68. https://oxt.me/address/19VEBJAbYHShSmAjmZh2RDX6s79cWZtL3Z (Jan 25, 2024)
  69. https://oxt.me/address/1g1RjLuos5kdgrBLxdfugTCy4zEsyErvk (Jan 25, 2024)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Bitfinex_Security_Breach&oldid=5411"