Bitfinex Hot Wallet Hack

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' section to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

BitFinex

Bitfinex wat the largest exchange by volume at this time. It stored the vast majority of funds in proper sold storage, and a relatively small amount was in a hot wallet, which was breached.

The exchange absorbed the loss without impact to customers.

This exchange or platform is based in Hong Kong, or the incident targeted people primarily in Hong Kong.

About BitFinex

"Bitfinex is a Hong Kong-based cryptocurrency exchange owned and operated by iFinex Inc., which is headquartered in Hong Kong and registered in the British Virgin Islands." "The Bitfinex exchange is a popular platform for exchanging cryptocurrencies, also hosting spot and derivatives trading as well as certain lending, borrowing and staking features. Bitfinex came into existence in 2012." "BitFinex offers three main functions - it is a pure bitcoin to fiat exchange, a margin trading exchange and a liquidity provider. The platform offers a number of features available that expand the financial positions you can take - for example, the ability to short Bitcoin via margin trading."

"Bitfinex also has its own utility crypto token called Unus Sed Leo (LEO). Because it restricts a number of regions, Bitfinex U.S. customers are not allowed. On Bitfinex, KYC and Anti-Money Laundering procedures are employed." "It serves all except few countries in the world (mentioned below) and supports both fiat-to-crypto and crypto-to-crypto trades. Other notable features include margin trading, limit and stop orders, over-the-counter (OTC) trades, and others. While there are many options available, everything is laid out in an impressively intuitive fashion, with easy-to-navigate dashboards and menus."

"In May 2015, 1500 bitcoins were stolen during a hack." "Bitfinex los[t] 1,500 bitcoin, worth $400,000 at the time, when its hot wallets, connected directly to the internet, are hacked." "Following the hack, Reddit user gowithbtc tracked an estimated 1474 BTC (approximately $356 thousand USD) funneled away from Bitfinex in approximately eight hours."

"Dear Customer although we keep over 99.5% of users' BTC deposits in secure multisig wallets, the small remaining amount in coins in our hot wallet are theoretically vulnerable to attack. We believe that our hot wallet keys might have been compromised and ask that all of our customer cease depositing cryptocurrency to old deposits addresses. We are in the process of creating a new hot wallet and will advise within the next few hours."

"BitFinex’s hot wallet has been compromised. The hack may have resulted in the loss of only 0.5% of the total funds." "The amount represents 0.06 percent of the company’s total holdings."

"BitFinex' Director of Community and Product Development, Zane Tackett, told Cointelegraph that "trading was not affected" and confirmed that the Bitcoin address posted in the article below does indeed belong to the culprit. He also said they have generated a new hot wallet "using a spare-machine designed especially for scenarios like this.""

"Don't deposit to old BTC addresses. New addresses are online and updates will follow soon."

"Bitfinex indicates it will absorb the losses." "Although this incident is unfortunate, its scale is small and will be fully absorbed by the company. Thanks a lot for your patience and comprehension."

This exchange or platform is based in Hong Kong, or the incident targeted people primarily in Hong Kong.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

Known history of when and how the service was started.
What problems does the company or service claim to solve?
What marketing materials were used by the firm or business?
Audits performed, and excerpts that may have been included.
Business registration documents shown (fake or legitimate).
How were people recruited to participate?
Public warnings and announcements prior to the event.

Don't Include:

Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

When the service was actually started (if different than the "official story").
Who actually ran a service and their own personal history.
How the service was structured behind the scenes. (For example, there was no "trading bot".)
Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Bitfinex Hot Wallet Hack
Date	Event	Description
May 22nd, 2015 12:00:00 AM	First Event	This is an expanded description of what happened and the impact. If multiple lines are necessary, add them here.

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?