Pages:
Author

Topic: Bitfinex Seeks Communication With Bitcoin Thief (Read 1753 times)

hero member
Activity: 2996
Merit: 609
Most likely it was just another inside job masked as an unfortunate security breach. How surprising eh?  Grin
And why would the hacker communicate with them? To get a prison sentence and a nice bunk bed with some sketchy inmate? They are probably off the grid already and all the money is laundered and funneled in offshore accounts overseas.

Yes an inside job is more likely here. Whether or not the owners were in on the hack is the main question. Maybe one of their top employees knew the ins and outs of how Bitfinex secures the Bitcoins and found a way to get access to them. Maybe the hacker may even be someone from inside BitGo, the wallet provider by Bitfinex.

Im thinking the same thing too,  its  very  impossible  for an exchange to be hacked so easily which  they  have already  the  most  secure   in terms  of  holding  huge volumes  of  bitcoin. They are  already  aware    on such situations  that  might  happen  but there are really greedy people would  really intent  to   get those  huge amounts and  as we all know that already reach millions of dollars and would surely  be tempted to put   a  mission  even  to those  staffs  itself. Just  my speculation.
legendary
Activity: 2898
Merit: 1823
Most likely it was just another inside job masked as an unfortunate security breach. How surprising eh?  Grin
And why would the hacker communicate with them? To get a prison sentence and a nice bunk bed with some sketchy inmate? They are probably off the grid already and all the money is laundered and funneled in offshore accounts overseas.

Yes an inside job is more likely here. Whether or not the owners were in on the hack is the main question. Maybe one of their top employees knew the ins and outs of how Bitfinex secures the Bitcoins and found a way to get access to them. Maybe the hacker may even be someone from inside BitGo, the wallet provider by Bitfinex.
hero member
Activity: 756
Merit: 501
Why would the attacker contact or refund bitcoin, the exchange has a problem, something that they didnt said they always claim the coins are safe, and now this had happened, as stated several times its an inside job, someone knew the problem and explored it, 120k bitcoins is by far a huge ammount to get instead wait years to reach those with fees. The coins if werent sold yet it will the attack were done fast and clean, already mixed the bitcoins between 50 or more adress.
legendary
Activity: 2604
Merit: 1036
Most likely it was just another inside job masked as an unfortunate security breach. How surprising eh?  Grin
And why would the hacker communicate with them? To get a prison sentence and a nice bunk bed with some sketchy inmate? They are probably off the grid already and all the money is laundered and funneled in offshore accounts overseas.
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
To communicate with the thief all they need to do is talk into a mirror. LOL

That's what it seems to me too.  It's happened too many times before to be just another security exploit.  It's always the same story..."Hey, invest here because our security is tight!"  Then, "Oops, sorry!  We've been hacked!"  And, always a plead to the hacker with a bounty offer that never works.  Big Vern did things the same way over at Cryptsy....It's a never ending charade fueled by a ceaseless herd of victims....

Yep, they're doing everything a thief would do to divert attention from themselves.  That's essentially why I stopped using bitcoin for anything other than a long-term hold investment. Bitcoin is just too attractive to thieving scumbags.
sr. member
Activity: 441
Merit: 250
I'm well surprised how they are. I though they would just close the shop, but no. They're impressing me !
legendary
Activity: 1176
Merit: 1017
To communicate with the thief all they need to do is talk into a mirror. LOL

That's what it seems to me too.  It's happened too many times before to be just another security exploit.  It's always the same story..."Hey, invest here because our security is tight!"  Then, "Oops, sorry!  We've been hacked!"  And, always a plead to the hacker with a bounty offer that never works.  Big Vern did things the same way over at Cryptsy....It's a never ending charade fueled by a ceaseless herd of victims....
hero member
Activity: 1470
Merit: 655
Since there are too many coins to mix he has 2 options.

1) Keep the 120,000, un-mixable, and currently utterly traceable coins. Then try somehow to get them out. Knowing that your every move is recorded and tracked.

2) Give them back 'most' and get to keep 'a lot' but totally legally.

If he got to keep $20 mil legal, and gave back $50 mil.. I'd do it.

i doubt that your option 2 is a viable option at all, because they will surely press charges against him because he hacked their website and stole a lot of money.

what they usually do with stolen coins is that they leave them be for a long time and then start mixing little by little.
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
To communicate with the thief all they need to do is talk into a mirror. LOL
hero member
Activity: 882
Merit: 528
On August 2nd the Hong Kong-based Bitcoin exchange Bitfinex was compromised for roughly $70 million worth of Bitcoin. According to sources, the attacker managed to drain the exchange through its multi-signature security — gaining 120,000 BTC from the breach. Now the exchange is trying to reach out to the responsible party in an attempt to get its customers’ Bitcoin returned.

https://news.bitcoin.com/bitfinex-seeks-bitcoin-thief/

I dont think the thief will return the btc back and how can bitfinex think to catch the thief when their own website was exploited.
hero member
Activity: 718
Merit: 545
Since there are too many coins to mix he has 2 options.

1) Keep the 120,000, un-mixable, and currently utterly traceable coins. Then try somehow to get them out. Knowing that your every move is recorded and tracked.

2) Give them back 'most' and get to keep 'a lot' but totally legally.

If he got to keep $20 mil legal, and gave back $50 mil.. I'd do it.
hero member
Activity: 2128
Merit: 530
PredX - AI-Powered Prediction Market
When I read the news, it seems like a comedy, for me it is harder for the hackers to return the stolen funds than to hack Bitfinex because he/she knows that eyes is on the fund and need to be extra careful not to get caught
legendary
Activity: 1638
Merit: 1163
Where is my ring of blades...
On August 2nd the Hong Kong-based Bitcoin exchange Bitfinex was compromised for roughly $70 million worth of Bitcoin. According to sources, the attacker managed to drain the exchange through its multi-signature security — gaining 120,000 BTC from the breach. Now the exchange is trying to reach out to the responsible party in an attempt to get its customers’ Bitcoin returned.

https://news.bitcoin.com/bitfinex-seeks-bitcoin-thief/

this is starting to become more and more ridiculous, and I bet it was all a scam that bitfinex pulled themselves to make some ridiculous amount of money and then say it was a hack!

and even if it is all true and there was in fact a hacker, this is so pathetic calling out the hacker and begging him to come back and lets talk!
copper member
Activity: 2996
Merit: 2374
Either way, it just demonstrates the risk involved in trusting centralized services with our money.  There has to be a better way of insuring that we remain personally in control of our own wealth.  If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence.  There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2   exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws
This would not solve the issue of the fact that any fiat in an exchange would still be vulnerable to theft, and the fact that the customer would need to sign a transaction prior to creating a sell order above the current market price.

A hacker could still theoretically steal bitcoin by crediting his exchange account with non-existent fiat to his account, using said fiat to purchase bitcoin, then withdrawing said bitcoin that was purchased with money that does not exist to an address he controls.
sr. member
Activity: 434
Merit: 250
I really don't know what to think about it...

1) Bitfinex is trying to hide a inside job?  Roll Eyes

2) None knows who's the hacker, so this guy have nothing to deal

3) The guy can return the bitcoins, sleep in peace, and bitfinex can give to him X bitcoins/month for some job or whatever

We never know...
legendary
Activity: 4410
Merit: 4766
Either way, it just demonstrates the risk involved in trusting centralized services with our money.  There has to be a better way of insuring that we remain personally in control of our own wealth.  If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence.  There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2   exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws

I know....it makes me wonder....obviously the system wasn't set up correctly because somehow not only were one set of keys compromised, but both sets, which demonstrates to me that they were centralized somewhere that was accessible to a single entity.  I can't wrap my mind around that being any other way yet....That's why it's fishy! 

issues i see with bitfinex using bitgo multisig is if:
one party makes the keys first, then hands them out. rather than each party having their own key and then telling each other it.
second issue is who is entrusted with the keys after. EG a fail safe key(2 of 3) incase one party went offline permanently. (back door access)
thirdly (also LN's flaw) if the keys are reused it makes them weaker as each use of the same key can gain more info about the keys used

exchanges need to separate the front end (trading engine server), well away from the withdrawal (key holding) server.
this can be done easily and discreetly without needing to give away the key holding servers ip address on the front end server.
legendary
Activity: 1176
Merit: 1017
Either way, it just demonstrates the risk involved in trusting centralized services with our money.  There has to be a better way of insuring that we remain personally in control of our own wealth.  If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence.  There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2   exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws

I know....it makes me wonder....obviously the system wasn't set up correctly because somehow not only were one set of keys compromised, but both sets, which demonstrates to me that they were centralized somewhere that was accessible to a single entity.  I can't wrap my mind around that being any other way yet....That's why it's fishy! 
legendary
Activity: 4410
Merit: 4766
Either way, it just demonstrates the risk involved in trusting centralized services with our money.  There has to be a better way of insuring that we remain personally in control of our own wealth.  If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence.  There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2   exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws
legendary
Activity: 1176
Merit: 1017
Well, the whole thing's fishy and if the thief returned the funds, then that would make it even fishier.  The whole thing just makes me wonder how these things are carried off in the first place.  The best thing that will come out of this is a new consumer awareness of personal security and the need for more transparent security audits before committing one's resources to a centralized platform.
Could be partly inside job (however unlikely), it is more than likely someone who legitimately hacked the website through some exploit they found (or socially engineered) and exploited it over the course of some period of time to the point where he was able to steal everything.

Either way, it just demonstrates the risk involved in trusting centralized services with our money.  There has to be a better way of insuring that we remain personally in control of our own wealth.  If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence.  There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.
hero member
Activity: 490
Merit: 520
Well, the whole thing's fishy and if the thief returned the funds, then that would make it even fishier.  The whole thing just makes me wonder how these things are carried off in the first place.  The best thing that will come out of this is a new consumer awareness of personal security and the need for more transparent security audits before committing one's resources to a centralized platform.
Could be partly inside job (however unlikely), it is more than likely someone who legitimately hacked the website through some exploit they found (or socially engineered) and exploited it over the course of some period of time to the point where he was able to steal everything.
Pages:
Jump to: