Bitfinex Offers $3.5 Million Bounty for Stolen Bitcoin

smaxz

sr. member

Activity: 430

Merit: 253

VeganAcademy

Quote from: marky89 on August 20, 2016, 04:22:09 PM

Quote from: smaxz on August 14, 2016, 04:37:12 PM

so did they lose this coin through a simple address collision or what?

After all these exchange "hacks", an address collision? Cheesy

It's pretty clear that Bitfinex had a very insecure security implementation. One of their 2-of-3 multisig keys was on an online server -- okay, that's understandable because they need automated withdrawals. But apparently, with only the use of an API key (whose credentials may or may not have been located on the same, or another online server) and Bitfinex's hot key, BitGo would sign off on any transaction, no matter the size or depletion of reserves.

BitGo really dropped the ball here. They co-signed every single fraudulent transaction. That means they don't locally enforce any security flags or limits whatsoever -- they just take the first signer's word for it. That's a complete misuse of multi-sig. I hope BitGo burns for this.

this in itself does not explain how the coins were appropriated though does it?

Quote from: unamis76 on August 14, 2016, 05:55:19 PM

Quote from: smaxz on August 14, 2016, 04:37:12 PM

so did they lose this coin through a simple address collision or what?

The coins were hacked... a collision is practically impossible.

you seem pretty confident, does anyone have details on how this "hack" was perpetrated?

Wapinter

legendary

Activity: 2632

Merit: 1026

Hire me for Bounty Management

Quote from: OmegaStarScream on August 14, 2016, 07:12:35 AM

Bitfinex has offered a reward for the return, or info leading to the return, of the Bitcoin stolen in the recent hack.

Reddit user someguy916 posted in the /r/Bitcoin subreddit inquiring as to how much of a reward Bitfinex would be willing to offer for the stolen coins. Zane Tackett, Director of Community and Product development, responded with an offer for a small percentage:

Quote

5% of recovery and for information leading to recovery (but no bounty if no recovery); if multiple persons lead to recovery, share pro rata

Source : https://cointelegraph.com/news/bitfinex-offers-35-million-bounty-for-stolen-bitcoin

Get to work guys Roll Eyes

I still don't understand how It's impossible to trace them though , I mean If we take in consideration that anything on the blockchain is traceable ... they should track some users addresses till they reach the ADDRESS needed.

I think they are just making fool and nothing else.They no very well that it is not possible to trace the coins now.If they are so concerned about it,why dont they distribute that money among people who lost their money

Anon_7716

full member

Activity: 154

Merit: 100

Quote from: Specter2112 on August 20, 2016, 07:20:13 PM

So... my neighbor has an open wifi, or I go into the local coffee shop, use their free wifi to do my deeds at. You traced the thief back to starbucks? That's going to stand up well in a court of law.

I think what they are hoping is that the thief is going to talk, show off, and someone will rat them out. Either way, that is still just circumstantial and again, good luck getting your coins back.

Specter

A thief can already what they want, will surely be lurking with safe and they will not show their identity. If that is the case then they will get a big problem in his life. I don't know what they will do about the bitcoin results they get from hackers bitfinex, the most important is the price of bitcoin is not experiencing a bad thing

Specter2112

newbie

Activity: 12

Merit: 0

So... my neighbor has an open wifi, or I go into the local coffee shop, use their free wifi to do my deeds at. You traced the thief back to starbucks? That's going to stand up well in a court of law.

I think what they are hoping is that the thief is going to talk, show off, and someone will rat them out. Either way, that is still just circumstantial and again, good luck getting your coins back.

Specter

Hazir

legendary

Activity: 1596

Merit: 1005

★Nitrogensports.eu★

Ok, so far I understand that Bitfinex investigators can't seem to track these coins at all.
I imagine that there is possible scenario that hackers baited by that offer will give back the coins to avoid being hunted.

But Bitfinex can grab that returned coins whole ~$60kk and never tell us that they indeed received it back.
I know I am being paranoid here but I still think that this is somewhat inside job more that a external attack.

Doamader

hero member

Activity: 756

Merit: 501

First who hacked bitfinex isnt a noob, he or she knew what were doing, and for sure knew the exchange would try to recover the coins,soo the hacker by now had bought several altcoins, and had used mixer services almost instant, the news about the hacker took how many hours to be public? Only the owners of mixer service can maybe trace where the bitcoins went, even with they had took a fee, they can track the money,they have acess, soo just them can maybe find the coins hacked.

raymond541

hero member

Activity: 821

Merit: 501

$3.5 Million Bounty its really very big offer.Its really very tough to trace them but its possible but I think coin are not on that address.If its happened then its really very tough.I don't really a programmer but lets try.$3.5 Million Bounty how how I can leave alone.

marky89

hero member

Activity: 756

Merit: 502

CryptoTalk.Org - Get Paid for every Post!

Quote from: deadpoolx on August 20, 2016, 06:00:33 PM

Where are the bounty hunters for this one?

Companies like Chainalysis and their competitors. If the coins ever move, they will watch for eventual movement into centralized services (exchanges, online wallet providers, casinos, etc). Then law enforcement may contact those companies for more information about who deposited those coins. Then they press that person for how they came into possession of the coins. Maybe there's a weak link somewhere -- to get cash in hand requires interfacing with a person, if not a business. But I'm guessing that these coins will sit untouched for a long, damn time.

deadpoolx

hero member

Activity: 560

Merit: 500

Where are the bounty hunters for this one?

marky89

hero member

Activity: 756

Merit: 502

CryptoTalk.Org - Get Paid for every Post!

Quote from: smaxz on August 14, 2016, 04:37:12 PM

so did they lose this coin through a simple address collision or what?

After all these exchange "hacks", an address collision? Cheesy

It's pretty clear that Bitfinex had a very insecure security implementation. One of their 2-of-3 multisig keys was on an online server -- okay, that's understandable because they need automated withdrawals. But apparently, with only the use of an API key (whose credentials may or may not have been located on the same, or another online server) and Bitfinex's hot key, BitGo would sign off on any transaction, no matter the size or depletion of reserves.

BitGo really dropped the ball here. They co-signed every single fraudulent transaction. That means they don't locally enforce any security flags or limits whatsoever -- they just take the first signer's word for it. That's a complete misuse of multi-sig. I hope BitGo burns for this.

talks_cheep

legendary

Activity: 1036

Merit: 1000

Whoever in Bitfinex posted the reward offer should look at the mirror and see the face of the thief staring back. This is nothing more than a publicity stunt. They are trying to pin the blame on an outside hacker when it clearly was an inside job.

Bitcoinpro

legendary

Activity: 1344

Merit: 1000

CIA

Money please

squatz1

legendary

Activity: 1666

Merit: 1285

Flying Hellfish is a Commie

This is a waste, no hacker would turn in all of the cash he stole just for a simple %5 with a 110% of being traced by the tons of people affected by the hack once the person is discovered.

Would just be dumb for the hacker to submit to this, but it would be nice to see the victims compensated.

Kakmakr

legendary

Activity: 3430

Merit: 1957

Leading Crypto Sports Betting & Casino Platform

A company in so much trouble, should not splash money around to offer $3 500 000 bounties, but rather use that money to hire security experts to plug the holes in their security or to upgrade their systems to scrutinize their own employees. This looks like a inside job, not someone hacking from the outside. ^hmmmm^

beerlover

legendary

Activity: 2842

Merit: 1152

This may possibly be a good move for BitFinex sine they'd be receiving quite a lot of help from multiple fellow hackers in tracing those stolen coins. However, this may also increase the difficulty of having to trace the coins since the hackers would easily hide their coins through mixers.

electronicash

legendary

Activity: 3066

Merit: 1049

Eloncoin.org - Mars, here we come!

Its almost impossible to track the coins with all the mixers these days. Any jack ass can just move the coins elsewhere which couldn't be suspicious enough.
He may buy some altcoins from an exchange, mix it again and run.

Quote from: stingers on August 14, 2016, 10:19:23 PM

Quote from: 7788bitcoin on August 14, 2016, 07:49:02 AM

The chance of getting back to coins is virtually zero. They are just trying to tell everyone that they are "trying"... Even if they find the hacker, they can't do anything as the coins are not recognized by the law as a currency.

Also there is no way to prove that the hacker even holds the address to which the coins have been sent.
I still don't think there is any hack, this is just some BS by a BS exchange.

But that I can believe.

stingers

legendary

Activity: 1183

Merit: 1013

Quote from: 7788bitcoin on August 14, 2016, 07:49:02 AM

The chance of getting back to coins is virtually zero. They are just trying to tell everyone that they are "trying"... Even if they find the hacker, they can't do anything as the coins are not recognized by the law as a currency.

Also there is no way to prove that the hacker even holds the address to which the coins have been sent.
I still don't think there is any hack, this is just some BS by a BS exchange.

QuestionAuthority

legendary

Activity: 2156

Merit: 1393

You lead and I'll watch you walk away.

Where would they get the $3.5 million?

Quote

Dear ~~Suckers~~ Bitfinex customers:

We regret to inform you that in order to have enough money to pay a reward just in case someone catches us the "hacker", we will be upping the amount of ~~worthless~~ priceless tokens we give you instead of your money to 40%.

ROTFLMAO,
Bitfinex Team

gentlemand

legendary

Activity: 2590

Merit: 3008

Welt Am Draht

Quote from: raphma on August 14, 2016, 11:44:23 AM

if i can have all the stolen money, why should i have only 5%?...

I agree that 5% is measly but the hacker may have a hard time disposing of 100,000 or more coins. Who knows, perhaps they have buyers lined up, if not then it may take a long time to offload them all. A quick one time payment from Bitfinex might be tempting.

Yakamoto

legendary

Activity: 1218

Merit: 1007

Quote from: OmegaStarScream on August 14, 2016, 07:12:35 AM

Bitfinex has offered a reward for the return, or info leading to the return, of the Bitcoin stolen in the recent hack.

Reddit user someguy916 posted in the /r/Bitcoin subreddit inquiring as to how much of a reward Bitfinex would be willing to offer for the stolen coins. Zane Tackett, Director of Community and Product development, responded with an offer for a small percentage:

Quote

5% of recovery and for information leading to recovery (but no bounty if no recovery); if multiple persons lead to recovery, share pro rata

Source : https://cointelegraph.com/news/bitfinex-offers-35-million-bounty-for-stolen-bitcoin

Get to work guys Roll Eyes

I still don't understand how It's impossible to trace them though , I mean If we take in consideration that anything on the blockchain is traceable ... they should track some users addresses till they reach the ADDRESS needed.

Technically it is possible to trace the coins, but you're asking for people with time on their hands to track the guy down. And even once you know what the hacker's address is, even if you get that far, there are still a bunch of other things that have to be identified, like who the hacker is specifically. If they never really do anything with it, there's no way to get a glimpse into who they are, and it would require cooperation from people the hacker sends funds to. Which could be an issue if he only sends funds into the darknet.

Topic: Bitfinex Offers $3.5 Million Bounty for Stolen Bitcoin (Read 2258 times)