2016 Crypto Hack: Bitfinex Hid a Report that Flagged Safety Flaws: OCCRP
119,000 Bitcoins were stolen in 2016 as a result of security vulnerabilities that Bitfinex concealed.
Exchange of cryptocurrencies The confidential study that Bitfinex released in August 2016 and which linked its security flaws to the theft of over 119,000 bitcoins from the site was never made public. around the time, the stolen bitcoins were valued around $71 million, or almost $3.2 billion in today’s currency.
An international network of investigative journalists known as OCCRP said it has access to a confidential study that purportedly shows Bitfinex failed to put in place the technological, financial, and operational safeguards that Bitgo, its digital security partner, had advised. The network added that Ledger Labs, a blockchain services company based in Canada, published the study on behalf of iFinex, the company that owns and runs Bitfinex.
OCCRP provided more information, stating that the investigation asserts Bitfinex implemented a security system that assigned two of its three security keys to an administrator. To perform a crucial function on the exchange, such as moving bitcoins, the keys were needed. Furthermore, Bitfinex committed the error of storing two of the three keys on a same workstation, according to OCCRP, which cited the document. It did, however, warn that although it is unknown if the machine was affected during the hack, having access to it might grant a hacker complete control over the internal workings of the cryptocurrency exchange as well as “security tokens.” According to the journalistic network, a detailed analysis of the source Internet Protocol address in the classified report indicated that the breach was most likely orchestrated from Poland.
Bitfinex informed OCCRP that the report’s Ledger Labs study was “incomplete” and “incorrect.” The Bitfinex statement that there was “evidence of negligence…on the part of other counterparties that led to the hack” was also cited by the network.
Bitfinex also restated similar issues in an undated statement that was uploaded on its website, stating that “assertions made by the OCCRP are factually incorrect.” The cryptocurrency exchange also took issue with a Wired report on the subject, whose journalist collaborated with the OCCRP on the piece.
While the Bitfinex hacker is still at free, US prosecutors indicted an American couple in February of last year for trying to launder over $4.5 billion in cryptocurrencies connected to the incident in 2016. Ilya Lichtenstein and Heather Morgan, the pair who carried out the attack, had more than 94,000 bitcoins seized by the government, according to a statement released by the US Department of Justice (DOJ). At the time, the bitcoins were valued more than $3.6 billion.
The prosecutor further mentioned that Bitfinex’s BTCs, which were obtained through more than 2,000 illegal transactions, were transferred to a cryptocurrency wallet that was managed by Lichtenstein. The pair entered a not guilty plea and are awaiting trial, according to OCCRP.