Bitfinex Seeks Communication With Bitcoin Thief

Oilacris

hero member

Activity: 2996

Merit: 609

Quote from: Wind_FURY on October 26, 2016, 08:02:48 PM

Quote from: Wendigo on October 26, 2016, 02:53:09 PM

Most likely it was just another inside job masked as an unfortunate security breach. How surprising eh? Grin

And why would the hacker communicate with them? To get a prison sentence and a nice bunk bed with some sketchy inmate? They are probably off the grid already and all the money is laundered and funneled in offshore accounts overseas.

Yes an inside job is more likely here. Whether or not the owners were in on the hack is the main question. Maybe one of their top employees knew the ins and outs of how Bitfinex secures the Bitcoins and found a way to get access to them. Maybe the hacker may even be someone from inside BitGo, the wallet provider by Bitfinex.

Im thinking the same thing too, its very impossible for an exchange to be hacked so easily which they have already the most secure in terms of holding huge volumes of bitcoin. They are already aware on such situations that might happen but there are really greedy people would really intent to get those huge amounts and as we all know that already reach millions of dollars and would surely be tempted to put a mission even to those staffs itself. Just my speculation.

Wind_FURY

legendary

Activity: 2898

Merit: 1823

Quote from: Wendigo on October 26, 2016, 02:53:09 PM

Most likely it was just another inside job masked as an unfortunate security breach. How surprising eh? Grin

And why would the hacker communicate with them? To get a prison sentence and a nice bunk bed with some sketchy inmate? They are probably off the grid already and all the money is laundered and funneled in offshore accounts overseas.

Yes an inside job is more likely here. Whether or not the owners were in on the hack is the main question. Maybe one of their top employees knew the ins and outs of how Bitfinex secures the Bitcoins and found a way to get access to them. Maybe the hacker may even be someone from inside BitGo, the wallet provider by Bitfinex.

Doamader

hero member

Activity: 756

Merit: 501

Why would the attacker contact or refund bitcoin, the exchange has a problem, something that they didnt said they always claim the coins are safe, and now this had happened, as stated several times its an inside job, someone knew the problem and explored it, 120k bitcoins is by far a huge ammount to get instead wait years to reach those with fees. The coins if werent sold yet it will the attack were done fast and clean, already mixed the bitcoins between 50 or more adress.

Wendigo

legendary

Activity: 2604

Merit: 1036

Most likely it was just another inside job masked as an unfortunate security breach. How surprising eh? Grin

And why would the hacker communicate with them? To get a prison sentence and a nice bunk bed with some sketchy inmate? They are probably off the grid already and all the money is laundered and funneled in offshore accounts overseas.

QuestionAuthority

legendary

Activity: 2156

Merit: 1393

You lead and I'll watch you walk away.

Quote from: cjmoles on October 26, 2016, 02:14:59 PM

Quote from: QuestionAuthority on October 26, 2016, 10:27:47 AM

To communicate with the thief all they need to do is talk into a mirror. LOL

That's what it seems to me too. It's happened too many times before to be just another security exploit. It's always the same story..."Hey, invest here because our security is tight!" Then, "Oops, sorry! We've been hacked!" And, always a plead to the hacker with a bounty offer that never works. Big Vern did things the same way over at Cryptsy....It's a never ending charade fueled by a ceaseless herd of victims....

Yep, they're doing everything a thief would do to divert attention from themselves. That's essentially why I stopped using bitcoin for anything other than a long-term hold investment. Bitcoin is just too attractive to thieving scumbags.

Greenenergy

sr. member

Activity: 441

Merit: 250

I'm well surprised how they are. I though they would just close the shop, but no. They're impressing me !

cjmoles

legendary

Activity: 1176

Merit: 1017

Quote from: QuestionAuthority on October 26, 2016, 10:27:47 AM

To communicate with the thief all they need to do is talk into a mirror. LOL

That's what it seems to me too. It's happened too many times before to be just another security exploit. It's always the same story..."Hey, invest here because our security is tight!" Then, "Oops, sorry! We've been hacked!" And, always a plead to the hacker with a bounty offer that never works. Big Vern did things the same way over at Cryptsy....It's a never ending charade fueled by a ceaseless herd of victims....

Red-Apple

hero member

Activity: 1470

Merit: 655

Quote from: spartacusrex on October 26, 2016, 05:51:23 AM

Since there are too many coins to mix he has 2 options.

1) Keep the 120,000, un-mixable, and currently utterly traceable coins. Then try somehow to get them out. Knowing that your every move is recorded and tracked.

2) Give them back 'most' and get to keep 'a lot' but totally legally.

If he got to keep $20 mil legal, and gave back $50 mil.. I'd do it.

i doubt that your option 2 is a viable option at all, because they will surely press charges against him because he hacked their website and stole a lot of money.

what they usually do with stolen coins is that they leave them be for a long time and then start mixing little by little.

QuestionAuthority

legendary

Activity: 2156

Merit: 1393

You lead and I'll watch you walk away.

To communicate with the thief all they need to do is talk into a mirror. LOL

Roboabhishek

hero member

Activity: 882

Merit: 528

Quote from: Posternut on October 24, 2016, 07:41:38 AM

On August 2nd the Hong Kong-based Bitcoin exchange Bitfinex was compromised for roughly $70 million worth of Bitcoin. According to sources, the attacker managed to drain the exchange through its multi-signature security — gaining 120,000 BTC from the breach. Now the exchange is trying to reach out to the responsible party in an attempt to get its customers’ Bitcoin returned.

https://news.bitcoin.com/bitfinex-seeks-bitcoin-thief/

I dont think the thief will return the btc back and how can bitfinex think to catch the thief when their own website was exploited.

spartacusrex

hero member

Activity: 718

Merit: 545

Since there are too many coins to mix he has 2 options.

1) Keep the 120,000, un-mixable, and currently utterly traceable coins. Then try somehow to get them out. Knowing that your every move is recorded and tracked.

2) Give them back 'most' and get to keep 'a lot' but totally legally.

If he got to keep $20 mil legal, and gave back $50 mil.. I'd do it.

jacafbiz

hero member

Activity: 2128

Merit: 530

PredX - AI-Powered Prediction Market

When I read the news, it seems like a comedy, for me it is harder for the hackers to return the stolen funds than to hack Bitfinex because he/she knows that eyes is on the fund and need to be extra careful not to get caught

Pursuer

legendary

Activity: 1638

Merit: 1163

Where is my ring of blades...

Quote from: Posternut on October 24, 2016, 07:41:38 AM

On August 2nd the Hong Kong-based Bitcoin exchange Bitfinex was compromised for roughly $70 million worth of Bitcoin. According to sources, the attacker managed to drain the exchange through its multi-signature security — gaining 120,000 BTC from the breach. Now the exchange is trying to reach out to the responsible party in an attempt to get its customers’ Bitcoin returned.

https://news.bitcoin.com/bitfinex-seeks-bitcoin-thief/

this is starting to become more and more ridiculous, and I bet it was all a scam that bitfinex pulled themselves to make some ridiculous amount of money and then say it was a hack!

and even if it is all true and there was in fact a hacker, this is so pathetic calling out the hacker and begging him to come back and lets talk!

Quickseller

copper member

Activity: 2996

Merit: 2371

Quote from: franky1 on October 25, 2016, 03:59:11 PM

Quote from: cjmoles on October 25, 2016, 03:56:28 PM

Either way, it just demonstrates the risk involved in trusting centralized services with our money. There has to be a better way of insuring that we remain personally in control of our own wealth. If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence. There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2 exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws

This would not solve the issue of the fact that any fiat in an exchange would still be vulnerable to theft, and the fact that the customer would need to sign a transaction prior to creating a sell order above the current market price.

A hacker could still theoretically steal bitcoin by crediting his exchange account with non-existent fiat to his account, using said fiat to purchase bitcoin, then withdrawing said bitcoin that was purchased with money that does not exist to an address he controls.

MONKEYJUNK

sr. member

Activity: 434

Merit: 250

I really don't know what to think about it...

1) Bitfinex is trying to hide a inside job? Roll Eyes

2) None knows who's the hacker, so this guy have nothing to deal

3) The guy can return the bitcoins, sleep in peace, and bitfinex can give to him X bitcoins/month for some job or whatever

We never know...

franky1

legendary

Activity: 4396

Merit: 4755

Quote from: cjmoles on October 25, 2016, 04:36:19 PM

Quote from: franky1 on October 25, 2016, 03:59:11 PM

Quote from: cjmoles on October 25, 2016, 03:56:28 PM

Either way, it just demonstrates the risk involved in trusting centralized services with our money. There has to be a better way of insuring that we remain personally in control of our own wealth. If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence. There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2 exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws

I know....it makes me wonder....obviously the system wasn't set up correctly because somehow not only were one set of keys compromised, but both sets, which demonstrates to me that they were centralized somewhere that was accessible to a single entity. I can't wrap my mind around that being any other way yet....That's why it's fishy!

issues i see with bitfinex using bitgo multisig is if:
one party makes the keys first, then hands them out. rather than each party having their own key and then telling each other it.
second issue is who is entrusted with the keys after. EG a fail safe key(2 of 3) incase one party went offline permanently. (back door access)
thirdly (also LN's flaw) if the keys are reused it makes them weaker as each use of the same key can gain more info about the keys used

exchanges need to separate the front end (trading engine server), well away from the withdrawal (key holding) server.
this can be done easily and discreetly without needing to give away the key holding servers ip address on the front end server.

cjmoles

legendary

Activity: 1176

Merit: 1017

Quote from: franky1 on October 25, 2016, 03:59:11 PM

Quote from: cjmoles on October 25, 2016, 03:56:28 PM

Either way, it just demonstrates the risk involved in trusting centralized services with our money. There has to be a better way of insuring that we remain personally in control of our own wealth. If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence. There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2 exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws

I know....it makes me wonder....obviously the system wasn't set up correctly because somehow not only were one set of keys compromised, but both sets, which demonstrates to me that they were centralized somewhere that was accessible to a single entity. I can't wrap my mind around that being any other way yet....That's why it's fishy!

franky1

legendary

Activity: 4396

Merit: 4755

Quote from: cjmoles on October 25, 2016, 03:56:28 PM

Either way, it just demonstrates the risk involved in trusting centralized services with our money. There has to be a better way of insuring that we remain personally in control of our own wealth. If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence. There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

multisig. 2of2 exchange has 1, user had the other. funds cant move unless both sign.

i think LN will make this a hell of alot easier, once LN sorts out its flaws

cjmoles

legendary

Activity: 1176

Merit: 1017

Quote from: MingLee on October 25, 2016, 03:49:23 PM

Quote from: cjmoles on October 25, 2016, 03:38:16 PM

Well, the whole thing's fishy and if the thief returned the funds, then that would make it even fishier. The whole thing just makes me wonder how these things are carried off in the first place. The best thing that will come out of this is a new consumer awareness of personal security and the need for more transparent security audits before committing one's resources to a centralized platform.

Could be partly inside job (however unlikely), it is more than likely someone who legitimately hacked the website through some exploit they found (or socially engineered) and exploited it over the course of some period of time to the point where he was able to steal everything.

Either way, it just demonstrates the risk involved in trusting centralized services with our money. There has to be a better way of insuring that we remain personally in control of our own wealth. If we don't have to worry about an inside job, then we have to worry about the centralized service's security competence. There has to be a way of keeping control over one's private keys while utilizing these types of services....it's too risky otherwise.

MingLee

hero member

Activity: 490

Merit: 520

Quote from: cjmoles on October 25, 2016, 03:38:16 PM

Well, the whole thing's fishy and if the thief returned the funds, then that would make it even fishier. The whole thing just makes me wonder how these things are carried off in the first place. The best thing that will come out of this is a new consumer awareness of personal security and the need for more transparent security audits before committing one's resources to a centralized platform.

Could be partly inside job (however unlikely), it is more than likely someone who legitimately hacked the website through some exploit they found (or socially engineered) and exploited it over the course of some period of time to the point where he was able to steal everything.

Topic: Bitfinex Seeks Communication With Bitcoin Thief (Read 1750 times)