back to article $67M in bitcoin stolen as hacking typhoon lashes Hong Kong's Bitfinex

One of the world's most popular Bitcoin exchanges Bitfinex has been torn apart with hackers making off with around US$65 million (£49 million, A$87 million) in the cryptocurrency. The Hong Kong company replaced its homepage with a statement on the hack but did not detail losses or the means by which the site was breached. It …

Page:

  1. Khaptain Silver badge

    Virtuality

    Virtual money stolen from virtual database and virtually no chance of getting anything back....

    It's not easy to transport tonnes of gold (thinking Fort Knox here), but a couple of bytes of data is easily within the means of the scrawniest hacker.

    As much as I don't trust the banks with real money, which is what actually comes out of the distributor, I have a hard time in trusting anyone with Bitcoins and especially their ability to suddenly become vapor...

    Outside of the Black Market Rascals I have a hard time understanding how anyone can trust the world of the Bitcoin Magiciens. ( Yeah, I know I am just being cynical but .....)

    1. Anonymous Coward
      Anonymous Coward

      "suddenly become vapor..."

      Observing from a distance.... Its hard to see how Bitcoin is maintaining such a relatively high value, when this kind of event is a constant possibility... What am I missing here.... A hell of a lot of Bitcoin trades are drug dealer / illegal-arms exchanges that are high risk anyway....???

      1. asdf

        Re: "suddenly become vapor..."

        >Its hard to see how Bitcoin is maintaining such a relatively high value

        Low fungibility really. Still somewhat hard to buy much with them and we all have seen how reliable the exchanges are. People are sitting on them as an investment so supply is low and eating ever more fossil fuels to make new coins.

        1. Anonymous Coward
          Anonymous Coward

          @asdf

          Glad to see someone understands. It would be interesting to graph the "velocity of money" for all bitcoins. I suspect <1% has a very high velocity, being exchanged over and over again, <10% has some velocity (exchanged at least once in the past year) and the majority has NEVER been exchanged since being mined.

      2. timdim

        Re: "suddenly become vapor..."

        It's exactly this reason. The purchasing traffic on the darknet markets has moved from personal to quantities to distributor level in a big way aka go big or go home. A number of the recent high profile MDMA (Ecstasy) overdoses in the UK (Google: Mastercard overdose) are down to dealers purchasing huge quantities of high quality narcotics directly from their favourite markets at a price and convenience level inconceivable a few years ago.

        On-ramps to are relatively unregulated (See LocalBitcoins, Circle, Coinbase for example) meaning anyone can deal narcotics. It's no more the purview of connected individuals.

        While statistics are sparse, if you hang around reddit /r/darknetmarkets for a while you'll get an idea of just how much money is flowing through the system on a daily basis and it is *huge*. Since narcotics are providing a 'real economy' to Bitcoin, it is no longer a purely speculative asset. People want Bitcoin because of what it can for them in the shape of real products (drugs/guns) and services (carding/hacking etc), no longer purely banking on asset appreciation via 'greater fool' theory.

        1. patrickstar

          Re: "suddenly become vapor..."

          You are confusing MDMA, a specific chemical, and "ecstasy". The amount of MDMA that would be likely to kill you wouldn't fit in anything you would recognize as a pill. Rather seems to be the old classic of someone pressing pills containing God-knows-what random chemical and selling it as "ecstasy". Possibly not even an illegal one and thus sourced from China or India and not some darknet market.

          1. timdim

            Re: "suddenly become vapor..."

            No, I'm not confusing MDMA and the street term; Ecstasy. While I'd agree adulterants were commonplace (PMMA being one of the commonly used dangerous substitutes that has caused deaths in the past - see Eric Prydz @ Alexandra Palace event 2011), the recent sweeties have been flagged as containing only MDMA but at a dosages above 260 mg - well above those deemed necessary (Alexander Shulgin stated 125 mg is the optimal dose for MDMA).

            It frankly re-enforces the case for legalizing drugs, but that's another issue.

            1. patrickstar

              Re: "suddenly become vapor..."

              260mg of MDMA HCl is definitely a tad on the high side, but still an order of magnitude or so off the dose where it actually starts killing people on its own. Unless you have some underlying condition, get severely dehydrated, etc, i.e. a linear progression of the usual dangers. There are even quite a few instances of people literally taking grams of the stuff on purpose (attempted suicide or just being idiots) and lived to tell the tale without even ending up in a hospital.

              200mg is, by the way, perfectly enjoyable (or so I've heard...).

              As a sidenote, Sasha was never actually a big fan of MDMA himself - he didn't get the typical effects but rather some giddy intoxicated state. Referred to it as his "low-calorie martini".

              PS. Without knowing this case in particular, I'd suspect poor pill making practices giving a wildly variable dose rather than intentionally ending up with 1/3 the pills they would have with a lower, but still very good, amount.

              Or it could even be intentionally putting out identical pills, some containing a high dose of MDMA and some containing a random chemistry accident. Agree on the legalization point regardless.

      3. Mark 85

        Re: "suddenly become vapor..."

        A hell of a lot of Bitcoin trades are drug dealer / illegal-arms exchanges that are high risk anyway...

        Ransomeware probably should also be included on that list...

      4. simul

        Re: "suddenly become vapor..."

        Keeping your Bitcoin at some sketchy uninsured exchange is a recipe for loss over and over again. Coinbase is insured. So is Kraken, and Gemini and ItBit.

        And... how to prevent this in the future: https://www.reddit.com/r/Bitcoin/comments/4w016b/use_of_payment_channels_to_mitigate_exchange_risk/

    2. M man

      Re: Virtuality

      that like saying i dont trust these new fangled cars with thier immobilsers and double shielded locks, because off this:-

      http://www.itv.com/news/meridian/2016-06-28/warning-after-1-000-cars-left-in-muddy-field-by-airport-parking-companies/

    3. Anonymous Coward
      Anonymous Coward

      Re: Virtuality

      Maybe one of the problems with a magic untraceable crypto-currency is that it doesn't only facilitate the crimes you want to commit.

    4. Alan Brown Silver badge

      Re: Virtuality

      "As much as I don't trust the banks with real money"

      Gold is not real money. Seriously.

      1. Khaptain Silver badge

        Re: Virtuality

        "Gold is not real money. Seriously."

        According to various sources Krugerands are legal tender , and yes, they are made from Gold..

        http://www.randrefinery.com/products_krugerrands.htm

  2. Roq D. Kasba

    Big numbers stolen

    But special big numbers that don't represent anything in the tangible world, so the people who were temporary noon-exclusive stewards of those numbers are really upset.

  3. garalus

    Surely its traceable?

    Except on the black market they don't care about that I guess

    1. Prst. V.Jeltz Silver badge

      Re: Surely its traceable?

      They rarely seem to be able to trace the normal 'real cash' electronic transactions.

      Bitcoins are designed specifically to be untraceable. Literally . I mean that is their only purpose.

      so no.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bitcoins are designed specifically to be untraceable.

        Were they ? If they were, there's a massive fail, as the *addresses* have to be public. If you have enough correlating data (and you *know* the 5-eyes do) then it's trivial to link BTC account to IP address over time to triangulate the individual.

        Although it's interesting that the UK has now started requiring proof of ID for new BTC accounts. I never needed it when I set mine up in 2010.

      2. simul

        Re: Surely its traceable?

        Bitcoins are very traceable. Like cash, they have "serial numbers" (wallet addresses)... and can be traced.

  4. Slx

    No currency system is safe and they're all in reality backed by virtual databases.

    What % of US$, Euro €, Yen, Pounds etc are potentially forged bills/notes or online credit card or other fraud ? Most of the value of all currency is virtual. It's just numbers in a database. There's ultimately no gold in a vault somewhere backing up every bill. They're only worth what the market believes they're worth.

    In comparison to traditional currency, I'm not really seeing that huge a difference. If anything a virtual currency is likely to have more hardcore and better designed security on its transactional infrastructure and will have more ability to react than the slow moving IT departments of traditional banks.

    1. FuzzyWuzzys

      Exactly what I was thinking. In this day and age it's all numbers being shifted from one system to another, the difference is that in the "real world of real money" the banks and governments maintain gold reserves and investments to ensure the currency can be backed up should something fail.

      Banks have insurance against most types of crime but does this Bitcoin exchange/bank have such insurance in place? Surely any currency trading corp must have to be regulated and show the correct due diligence before it's allowed to "play" with money?

      1. Slx

        They don't hold significant gold or reserves to back them up. Not since the end of the gold standard decades ago anyway.

        They're all "fiat" currencies unrelated to anything to back them up in reality.

        The likes of the US$ and € are large reserve currencies and just effectively are valuable because they are what they are - accepted units of exchange / value storage.

        Legal currencies are regulated and will be backed by central bank interventions though.

        The differences between virtual and traditional currency is less than many people think though!

        1. Doctor Syntax Silver badge

          "They don't hold significant gold or reserves to back them up. Not since the end of the gold standard decades ago anyway....The differences between virtual and traditional currency is less than many people think though!"

          Gold as a means of backing up currency worked because it was a substance in limited supply which everyone agreed to treat as valuable. Fiat currencies came about because the essential agreement failed. Bitcoins were devised to be limited in supply. The essential difference between them and gold is that they're virtual, not substantial. As "traditional" currencies are now fiat currencies the virtual currencies are more similar to the now obsolete gold-standard currencies.

          1. 101
            Meh

            Paper and Bitcoin are FIAT money,

            So, let's not go there.

            However for BC to EVER gain credibility leaders must move towards FDIC type insurance and reliable security measures to assure user some 15 year old kid won't wipe out your life's savings in an eye blink. Apparently, the block chain in itself is not secure at all.

            Also, something needs to be done and decided about the extent of BC anonymity. When I go to the market to buy a loaf of bread with money, I don't need to divulge by entire data bank of personal information. NOT SO with bitcoin, they say, by design. WTF?

            I suppose in the end BC will be tracked and documented more than any form of value exchange. It's new fangled and thus suspicious you know. Like rock and roll. Computers. The internet.

      2. Mark 85

        @FuzzyWuzzys

        the banks and governments maintain gold reserves and investments to ensure the currency can be backed up should something fail.

        That's pretty limited as it's protection for themselves. We "little people" will be fending ourselves as will most corporations until things get sorted out.

      3. patrickstar

        Banks and government do no such thing. Gold reserves cover a very small fraction of the currency in circulation. Even then, banks in turn only keep around 10% or so (depending on regulation and accounting standards/tricks) of the already virtual money on "your" account actually around - the rest is being loaned out.

        1. Anonymous Coward
          Anonymous Coward

          @patrickstar - "the rest is being loaned out"

          And that's what is responsible for most of our economic growth over the past century. If banks could only loan money they actually had on hand they couldn't loan much at all - basically only the excess that shareholders had put in as capital. They could only loan out deposits that were made in the form of CDs or other vehicles that were time denominated. No way to loan out your savings or checking account funds, and still preserve the ability for you (and any other depositor) to withdraw it whenever you feel like it.

          Not that there aren't some issues with fractional reserve banking, but those who advocate eliminating it (not saying you are one of those, just speaking generally) don't understand economics at all. The world economy would collapse and be thrown into a depression that would make the 30s look like the 20s within a year, as loans became almost impossible to get no matter how good your credit or how much collateral you have.

    2. Pascal Monett Silver badge

      Yes, today money is virtual until you get some from the ATM. The difference between BitCoin and "normal" money is that banks are under a charter that has been hundreds of years in the making, and must respect financial obligations that have been polished and tweaked by law for centuries.

      BitCoin, on the other hand, thrust itself into existence and, as its very first act, declared itself to be immune from all that legacy law and experience.

      That is why you'll never hear of a bank hacker getting away with millions. There are breaches targeting user credentials, there are isolated thefts on one user account now and then due to insecurities with online banking, but there are no mainframe attacks on central databases. With BitCoin, there are.

      Now that a judge has declared that BitCoin is not funny money, I'm just waiting for all the BitCoin trading to be force-folded into signing up for a proper banking statute world-wide and getting up to speed with what it actually means to be a responsible trader.

      My guess is that all current BitCoin trading places will fold because none of them have any actual finance experience and actual banks will pick up where they left off.

      Time will tell.

      1. Alan Brown Silver badge

        "That is why you'll never hear of a bank hacker getting away with millions."

        So the attacks in Bangaldesh and other locations didn't happen then?

        1. Pascal Monett Silver badge

          @Alan Brown

          That attack was against the SWIFT system, diverting funds from where they should go. It was not an attack on funds in accounts. The system will be patched.

          It also took advantage of a security hole, with an unprotected switch being exploited. That bank should have known better.

          But okay, a hacker did get away with millions. Duly noted. I hope he knows how to run, because he'll be on the run for the rest of his life.

      2. Jugernautilus

        So whats the point of BitCoin then? One virtual currency to replace another, except git rid of all the protections and systems that are in place. Seems it's designed only to facilitate organised crime.

      3. simul

        OMG. $200 million was stolen via SWIFT last month, you complete liar. And over 1 billion a year ago via ... ATM's. Do at least 1 google search before you blame Bitcoin for the a thing that is so much more broken in the world of fiat.

        1. Anonymous Coward
          Anonymous Coward

          Read the comment properly before making a fool of yourself by replying

    3. Alan Brown Silver badge

      "What % of US$, Euro €, Yen, Pounds etc are potentially forged bills/notes"

      For the UK, actual printed/minted cash accounts for 3% of the money in circulation.

      Which means that forged currency isn't a particularly large threat.

      "There's ultimately no gold in a vault somewhere backing up every bill. They're only worth what the market believes they're worth."

      Which means that forged currency IS a particularly large threat. If people stop accepting payments using XYZ currency then it's valueless - and it's worth bearing in mind that this was the final straw for the Roman Empire(*). Once people stopped accepting roman currency the empire collapsed within 18 months.

      (*) In the roman case, after centuries of debasement, a revaluation of the currency intended to bolster confidence had the unintended effect that people refused to accept older coins. It didn't matter that the new coins were OK, what counts in currency is the confidence you can spend it. You can't eat a gold coin.

      1. Slx

        When you consider that cards are the means of payment for most consumer transactions and they are currently losing 16.3 billion US$ Bitcoin is probably doing OK.

    4. Doctor Syntax Silver badge

      "a virtual currency is likely to have more hardcore and better designed security on its transactional infrastructure and will have more ability to react than the slow moving IT departments of traditional banks."

      Did you read the article?

    5. Anonymous Coward
      Anonymous Coward

      "No currency system is safe"

      The difference is, if someone hacked into my bank and emptied everyone's accounts, their insurance and failing that the US government will cover my losses. If someone steals my credit card number and charges stuff to my account, the credit card company will cover my losses. Counterfeit bills can hurt a business that was given them, but it is a pretty small problem. Maybe someone buys a TV for $500 and pays in counterfeit bills so Best Buy loses $500. If someone walks into a Mercedes dealership and gives them a bag full of counterfeit bills and drives off with an SL550, that's their own fault for taking that amount of cash (which they would have to know was likely drug money or someone defrauding the IRS)

      If someone steals my bitcoins, I lose. If you had 1000 bitcoins in that exchange, you lost a half million dollars with no way to get it back. That makes bitcoins a hell of a lot less safe than dollars or pounds in my book.

    6. simul

      Bitcoin is not backed by a database, and it is completely safe. Bitfinex, on the other hand, did some sketchy stuff with their vault.

  5. JimmyPage Silver badge
    Stop

    Confused ... a little.

    Surely the only way to "steal" BitCoins is to insert a record in the blockchain which effectively transfers from an account which *has* BTC into another account ?

    So is the case here, that the exchange was holding the necessary crypto keys which were accessed by the hackers ?

    Is there not a mechanism to reverse the transactions ? Is it not possible to lock the receiving accounts.

    Was any of this thought about when BTC was devised ?

    Are other virtual currencies at risk ?

    The more I read about BTC, the more I am convinced it really was one guy alone. There's too many holes for a committee to have come up with it.

    1. Prst. V.Jeltz Silver badge

      Re: Confused ... a little.

      good questions.

      It seems to me that whoever(s) created bitcoin wanted a digital equivalent of black market hard cash trading with all the pros and cons that that comes with - primarily anonymity, although they seem to have made bank robbery and mugging exciting features too.

    2. Doctor Syntax Silver badge

      Re: Confused ... a little.

      "There's too many holes for a committee to have come up with it."

      I admire your faith in committees.

    3. Speltier

      Re: Confused ... a little.

      It would, if it worked that way.

      In reality, coins or fragments thereof get thrown together into one transaction, mixed all about, and spew out into coins or fragments thereof.

      It would be easy to track a perp if it was just follow a coin with a particular hash not having any of this mixing and thrashing about, find the IP, find the point where that coin was converted into something outside the virtual... nab the perp (or his mule, or the horse he rode in on maybe), and hang them. In reality, as stated elsewhere, you have to sort of triangulate till you have enough confidence you have the perp. Or his mule. Or the horse he rode in on...

  6. Otto is a bear.

    Surprised

    What no conspiracy theories here, what's to say the PLA, FBI, NCA, CIA, or GCHQ haven't done it to undermine bitcoins,and protect government controlled currencies. Maybe, they have just lifted a bunch of cartel funds from the exchange.

    1. Jugernautilus

      Re: Surprised

      Whats to say that they have? Those making an allegation should provide some sort of proof. Not make an allegation and have the target prove otherwise.

  7. Frank Bitterlich

    Limited?

    "...and so limited the scale of the breach..." So, a $67M theft is a "limited breach".

    Makes me wonder what an unlimited thaft would have looked like.

    I'm pretty ignorant about how BTC works in depth, but I wonder whether this scale of theft would have taken some time to execute, and if so, why there were no systems in place that have raised a red flag somewhere (in the context of "withdrawal limits in place at Bitfinex and many other exchanges were mysteriously bypassed".

    1. razorfishsl

      Re: Limited?

      The fraud would take about 6 minutes.

      That is how long a transaction generally takes to get added into the blockchain.

    2. allthecoolshortnamesweretaken

      Re: Limited?

      Unlimited breach = somehow being able to steal much more than what was actually there.

  8. Version 1.0 Silver badge

    Real Virtual Storms

    I've noticed for many years (living on the Gulf coast in North America) that whenever we have a tropical storm or hurricane, I see a significant uptick in Trojans and other infections arriving at our mail server and a lot of banging on the firewall as soon as the weather turns nasty. This continues for several days after the storm and then everything goes back to normal.

    1. Keven E

      Re: Real Virtual Storms

      Because most spammers and auto phishers are taking advantage of your pool boys, bellhops and valets, your beachcombers and lifeguards, your athletes and naturalists all hunkering down in the basement on the internet clicking thier way through a reality they can't right then be an active part of (without threat of life and/or limb from the storm...) opening up emails which during the normal course of a week they would just ignore or be too busy to even delete...lol

  9. Anonymous Coward
    Anonymous Coward

    "Trust"

    You don't have to trust anyone with your Bitcoin. You can store your wallet locally, you can keep a paper wallet, you can keep a wallet on your phone, back it up, encrypt it, do whatever you feel is necessary to secure it. You can even get a hardware wallet if you want extra security. There is no need to store your coins in an online exchange at all.

    There's also numerous uses for Bitcoin besides the black market. If you're into video games or movies, you could sell a bunch of your old games on OpenBazaar with no fees, then walk into any branch of CeX and buy some new ones with Bitcoin.

    There are many legitimate uses for Bitcoin and many ways to store them without trusting third-party cloud services.

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like