There was a sitcom TV show that came out about a decade ago called called Breaking In https://www.imdb.com/title/tt1630574/
In the 1st episode someone was supposed to steal an exotic car from a dealership to test their security. Wound up doing a mission impossible thing to bypass the security and get the car, drones, cloned security keys, etc. They wound up stealing the wrong car. They were then standing in front of the correct dealership and one guy turns to the other and says no way you are going to be able to pull this off now. The other one looks around and says "They really need a gate here" then picks up a rock, smashes the large window in front and gets the car.
What's the point? If you don't pull the gate down, there really is no point in doing anything else.
If Bitfinex didn't pull down their gate, or even have one, is it really a hack?
-Dave
Topic: Ilya Lichtenstein Admits to Being Bitfinex Hacker in Court (Read 77 times)
However, that it was like a weekend project, didn't occur to me. What I can remember is that when I used it many years ago as a newbie, it was a giant in the industry, competing against the popular Bittrex. The assumption, albeit naïve, was that the larger the exchange is, the better security it has. Bitfinex was at the top of the food chain. Much was expected from them.
It was large, yes, but Mt Gox was one of the (if not "the") largest too when it was hacked, and so were some others (Cryptsy etc). Size doesn't mean it's technically sound, often the opposite. I recall having basic issues like trouble having my e-mail verified etc so I wouldn't be surprised if they just ignored security guidelines and kept private keys in a text file somewhere. IIRC Bitgo had said that Bitfinex did not follow their (Bitgo's) procedures so all that fancy third party security system was meaningless too.
Everything seemed to have turned awry after the hack. The hack appeared brilliantly planned and executed
Was it though? I admit I haven't been following any recent revelations but back in the day it looked like Bitfinex fucked up hugely (e.g. left a major exploit unpatched for months and a script kiddie got lucky), then tried to save their face by making it sound like they were unfortunate victims of some government-level hacking attack.
Also keep in mind that $4.5 billion being mentioned in the news is nonsense, those coins were worth maybe $80 million at the time. Still a huge amount but not billions and Bitfinex was accordingly shoddy with their systems (I used it briefly in 2015 or 16 and it felt like some dude's weekend project rather than a serious financial institution).
Well, it could have been childish negligence on the part of Bitfinex. If the reports were true, there were fundamental security failures found like keeping 2 of 3 security keys in a single device such that having access to that device could mean having access to the entire operating system, among others.
However, that it was like a weekend project, didn't occur to me. What I can remember is that when I used it many years ago as a newbie, it was a giant in the industry, competing against the popular Bittrex. The assumption, albeit naïve, was that the larger the exchange is, the better security it has. Bitfinex was at the top of the food chain. Much was expected from them.
Yeah, it was only around $80 million, but the market was also much smaller at that time. Compared today when Bitcoin is worth hundreds of billions, it was probably just a single-digit billion at that time. That it happened to a powerhouse in the industry actually sent shockwaves to the entire market causing the price to plunge.
@suchmoon. This information might be incorrect, however, I remember that there was also a situation where Bitfinex partnered with Bitgo as a security solution and that it would have been impossible to steal the funds without both keys held by someone from Bitfinex and Bitgo to sign a transaction. There were speculations that the hack was an inside job but they were ignored by Bitfinex and the exchange's own users.
Everything seemed to have turned awry after the hack. The hack appeared brilliantly planned and executed
Was it though? I admit I haven't been following any recent revelations but back in the day it looked like Bitfinex fucked up hugely (e.g. left a major exploit unpatched for months and a script kiddie got lucky), then tried to save their face by making it sound like they were unfortunate victims of some government-level hacking attack.
Also keep in mind that $4.5 billion being mentioned in the news is nonsense, those coins were worth maybe $80 million at the time. Still a huge amount but not billions and Bitfinex was accordingly shoddy with their systems (I used it briefly in 2015 or 16 and it felt like some dude's weekend project rather than a serious financial institution).
I still find it difficult to believe that they're actually the masterminds behind this.
I guess we will never know or at least for the next few decades if this couple is actually a setup by the one who actually worked as the mastermind behind all this. And since both pleaded guilty then they are going to be serving in prison which is yet to report I mean the tenure.
I didn't see any information related to the recovery of stolen funds, is there any?
Everything seemed to have turned awry after the hack. The hack appeared brilliantly planned and executed, something that remained a puzzle for years for investigators. And then all of a sudden there was a cloud storage with a spreadsheet of addresses and passwords. It seemed off, kind of out of the script.
Although the laundering part was quite detailed, has there been a detailed account presented by the government as to the actual hack? Which vulnerabilities were actually exploited? Was it Bitfinex's? BitGo's? Or the system that was implemented by the two platforms?
I don't know if the Netflix documentary on this incident is already out, but I hope it is heavier on the hacking part rather than on the laundering part.
Although the laundering part was quite detailed, has there been a detailed account presented by the government as to the actual hack? Which vulnerabilities were actually exploited? Was it Bitfinex's? BitGo's? Or the system that was implemented by the two platforms?
I don't know if the Netflix documentary on this incident is already out, but I hope it is heavier on the hacking part rather than on the laundering part.
Could be he is 'the fall guy' or it could be he got lucky and found a vulnerability.
Enough luck can overcome lack of skill. Which would explain how they got caught.
Could also be that he knew systems security and such but not crypto which also might have also lead to their capture since he did not know how to hide it.
Will be interesting to see how it continues to play out. I think there is more to the story. But who knows, Bitfinex could have also just been that incompetent and left a big gaping hole someplace that anyone could have found, he just go there 1st.
-Dave
Enough luck can overcome lack of skill. Which would explain how they got caught.
Could also be that he knew systems security and such but not crypto which also might have also lead to their capture since he did not know how to hide it.
Will be interesting to see how it continues to play out. I think there is more to the story. But who knows, Bitfinex could have also just been that incompetent and left a big gaping hole someplace that anyone could have found, he just go there 1st.
-Dave
I still find it difficult to believe that they're actually the masterminds behind this.
Since he was 20 his only arguments on hackernews were about deceitful marketing, spam generation, selling fake food supplements, techniques of consumer persuasion, and pumping and dumping of companies with VC capital followed by quick exits. Not hard at all to imagine this guy at the steering wheel.
For those who don't know about the incident, or just don't remember, Bitfinex was hacked back in 2016, and last year, a couple was arrested and charged.
Today, the husband pleaded guilty to the money laundering conspiracy charges and admitted to being the hacker[1].
I have seen a few videos and documentaries about this case when they were first caught and I must say, I still find it difficult to believe that they're actually the masterminds behind this.
[1] https://www.coindesk.com/business/2023/08/03/new-york-resident-ilya-lichtenstein-admits-to-being-bitfitnex-hacker-in-court-appearance-cnbc/
Today, the husband pleaded guilty to the money laundering conspiracy charges and admitted to being the hacker[1].
I have seen a few videos and documentaries about this case when they were first caught and I must say, I still find it difficult to believe that they're actually the masterminds behind this.
[1] https://www.coindesk.com/business/2023/08/03/new-york-resident-ilya-lichtenstein-admits-to-being-bitfitnex-hacker-in-court-appearance-cnbc/
Jump to: