Hackers have stolen £49 million of bitcoins from the systems of Hong Kong-based bitcoin exchange Bitfinex.
Bitfinex took to its website to announce the hack but did not detail exactly how much was lost, or how the heist was carried out.
Zane Tackett, Bitfinex's community and product development director, disclosed the number of stolen bitcoins to Bitfinex customers via Reddit, claiming 119,756 bitcoins were taken – but the number could grow. He has been busy answering customer inquiries, promising updates will be posted to the social network site tomorrow.
Bitfinex's security firm Bitgo took to Twitter to announce that it has not found any evidence of a breach of its servers. The company said customer bitcoin wallets are held separately, which limited the scale of the breach.
Bitfinex halted all trading, digital token deposits and withdrawals. The exchange did not confirm if it had any plans to reimburse affected customers.
The exchange released a statement saying, “While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up. The theft is being reported to — and we are co-operating with — law enforcement.”
Speculating on what may have happened, Emin Gün Sirer, professor at Cornell and hacker, wrote on his blog: “If one had to take a blind guess, one would suspect that the hacker obtained the private keys held by bitfinex, coupled with API access to BitGo to instruct BitGo to sign the withdrawals. Additional trickery would probably be required to circumvent BitGo's daily withdrawal limits.”
Jon Geater, chief technology officer of Thales e-Security, told SCMagazineUK.com: “We as an industry are working to develop blockchain, a key underlying technology on which bitcoin runs, in order to take advantage of the exciting opportunities it opens up for connected markets and online living. But the world has to realise that blockchain and bitcoin are not magic: they are not silver bullets to all security and state interference problems; they are only technology. There's a long way to go before we find the right balance of security and risk and speed and usability.”
And Geater added, “Remember that security problems rarely go away: they only move around. So in blockchain although some issues of transaction validation and identity are improvements on the previous art, other things get harder to underpin that. And with individual user sovereignty a central part of the bitcoin philosophy the balance of user and central control is a very tough circle to square.”
News of the hack broke at around the time Hong Kong was dealing with Typhoon Naida, a storm with winds up to 137kph that closed streets and most businesses.
Reports of the hack sent the value of Bitcoin falling, with the Financial Times reporting that “bitcoin prices slid 20 percent from $604 to $482 late in the US day, marking a two-month low. By late afternoon in Hong Kong on Wednesday they had recovered to $544.71, according to itBit, another dollar-based exchange.”
Alexandra Gheorghe, security specialist, Bitdefender told SC: “This breach reminds users of the risks of storing their Bitcoins outside of their direct control, in a local database on a possibly insecure site. Unfortunately, evaluating the security of Bitcoin trading platforms is extremely difficult as there is no regulatory framework or entity in charge of security practices. Very often, information on who is accountable is also hazy, or even, in extreme cases, completely missing.”
The Crown Commercial Service (CCS) awarded a place on the G-Cloud 8 framework agreement to Credits for the supply of distributed ledger technology (DLT), enabling the Credits Blockchain platform-as-a-service to be used by organisations across the UK public sector including central and local government, the devolved administrations, health, education, emergency services, defence and not-for-profits such as housing associations and charities.Nick Williamson, chief executive officer of Credits told SCMagazineUK.com, "Credits is pleased to have been awarded a place on the G-Cloud 8 platform. We are excited by the huge potential of Distributed Ledger Technology for many different government and public sector applications, and are looking forward to working with UK public sector organisations to improve the efficiency and effectiveness of their services for UK taxpayers."