The Hong Kong-based bitcoin exchange Bitfinex suspended trading on Tuesday after discovering a security breach. A hacker or hackers pulled off a massive heist of nearly 120,000 bitcoins. At the time of the theft, 119,756 bitcoins would have been worth about $72 million. After the breach announcement, the price of bitcoin crashed; current exchange rates place the value at around $65 million.
“Some of our users have had their bitcoins stolen,” Zane Tackett, Bitfinex’s director of community and product development, said on Reddit. “The bitcoin was stolen from users’ segregated wallets,” he told Reuters.
Trading was halted as the breach investigation kicked off. Bitfinex is cooperating with law enforcement and “top blockchain analytic companies.”
The official breach announcement stated:
We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen. We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up.
About .75 percent of all bitcoin in circulation were stolen. The Wall Street Journal said the “hack marks one of the largest thefts in bitcoin’s short history.” Tuur Demeester, editor in chief at Adamant Research, said it was the third largest theft in bitcoin.
Antony Lewis, a Singpore-based bitcoin expert, said: “It’s the biggest USD exchange, so outside China it’s the one that everyone has an account with. It’s very liquid, folk can trade on margin, lots of daily volume.”
While it is unknown if the heist was an inside job or if hackers gained access externally, Tackett said he was “nearly 100 percent certain” no one in the company was behind the theft.
Bloomberg added that Bitfinex had a partnership with Palo Alto, California-based BitGo, “which uses multiple-signature security to store user deposits online, allowed for faster confirmation and withdrawals.” When the partnership was announced, Bitfinex said, “Since we now enforce multi-institutional second-factor authentication (Bitfinex will be the first factor and BitGo the second factor), attackers are required to compromise both institutions before getting funds.”
After this bitcoin theft, BitGo spokesman Joe Volat said, “To date, BitGo’s investigation has found no evidence of any compromise of its servers or services. We believe that multi-sig security technology on which BitGo’s systems are based was not affected.”
Bitfinex said, “As we account for individualized customer losses, we may need to settle open margin positions, associated financing and/or collateral affected by the breach.” The exchange added, “We will look at various options to address customer losses later in the investigation.”
“We are deeply concerned about this issue, and we are committing every resource to try to resolve it,” Bitfinex wrote. “We ask for the community’s patience as we unravel the causes and consequences of this breach.”