Bitcoin Losses to Hit All Users of Hacked Exchange Bitfinex

Archived From: Finance
  • Page :
  • 1
  • Text Only
Voting History
rated:
http://www.wsj.com/articles/bitfinex-to-spread-losses-from-cyber... Please note that Bitfinex is the largest non China based exchange.

Member Summary
Staff Summary
Thanks for visiting FatWallet.com. Join for free to remove this ad.

Can someone explain to me how you can steal bitcoins if they all have a unique serial number known to all?

stanolshefski said:   Can someone explain to me how you can steal bitcoins if they all have a unique serial number known to all?
  
Only if you can guarantee I won't be prosecuted for conspiracy.

stanolshefski said:   Can someone explain to me how you can steal bitcoins if they all have a unique serial number known to all?
  As I understand it when you trade at Bitfinex or similar you basically give them your coins and they hold them in escrow like a bank holds a deposit. Well Bitfinex holds them in a wallet just like you do. So what must have happened is that someone got the keys to one or more of the wallets that Bitfinex holds its customers coins in escrow in and then transferred those coins out to another wallet. Or tricked the Bitfinex website code that interacts with its wallets to issue transfers to the hacker of wallet contents belonging to others.  I don't think the coins have an actual serial number that sticks with them over time but rather the quantity of coins is the pertinent transaction tracked between wallets. Since wallets can have aliases only known to the wallet holder as long as one breaks up  transactions by size, or time and uses the hidden aliases then I think tracking of individual coins/groups is mostly lost. I say mostly because maybe someone or entity with big computers and smarts with super detailed effort to match every transaction may be able to match a very high # of the transaction since most people aren't trying to hide them with aliases. Then what is left is a much smaller number of hidden ones that become much easier to make educated guess about since most other transaction are already matched. I could be totally wrong about any of this because I stopped reading about bitcoins years ago when it became clear I screwed up bad by not making serious coins in the CPU viable days when I actually experimented with the whole thing and thought it not more than a mere curiosity.  

I think it's hilarious that Bitfinex partnered up with a third party called BitGo that promised 100% insurance coverage in the event of this type of theft. You will be shocked to learn that they have determined this to be a "non-covered event."

http://www.newsbtc.com/2016/08/04/bitgo-bitfinex-hacking-fiasco/

Looks like BitGo was insured by Innovation Insurance Group, but BitGo is pointing its finger at Bitfinex saying we weren't hacked, you were, the insurance doesn't apply, and removed a post about said insurance. Ah, the murky world of emerging technologies.

I simply don't understand keeping more than a transactional amount of BTC in an exchange.

Nothing prevents you from printing your wallet info and putting a copy in your safe and/or safe deposit box, or sending a huge wallet to your lawyer ON PAPER or the magnetic media of your choice.

I've got about $80 (depending on today's price) in BTC on Coinbase. That's less than I plan on spending in BTC on any given day...

Well, on the bright side, it's just like real money. You can lose it all.

I too, got something like $20 in Coinbase and that's all the BC I got.

ZenNUTS said:   Well, on the bright side, it's just like real money. You can lose it all.

I too, got something like $20 in Coinbase and that's all the BC I got.

  I have more than that there.  They've posted some info on their website about their security and insurance they have.  Of course things are only safe until the next hacker figure things out.  They also don't give you any private keys.  Bitcoin experts tell you it's safer to cold-store your own BTC/private keys, but if you lose those you're out of luck. 

I do use Coinbase because it's convenient and easy to use.  I hope since they're based in the U.S., it's safer.  Dealing with a company in Hong Kong but registered in the British Virgin Islands wouldn't be a place where I would store much of my money in.

Crazytree said:   I think it's hilarious that Bitfinex partnered up with a third party called BitGo that promised 100% insurance coverage in the event of this type of theft. You will be shocked to learn that they have determined this to be a "non-covered event."

http://www.newsbtc.com/2016/08/04/bitgo-bitfinex-hacking-fiasco/

Because it is a non-covered event. Signatures were correct. Bitfinex used shitty code base written by people who had no business writing the code, did not hire competent developers who cost lots of money and got owned. 

mythosaz said:   I simply don't understand keeping more than a transactional amount of BTC in an exchange.

Nothing prevents you from printing your wallet info and putting a copy in your safe and/or safe deposit box, or sending a huge wallet to your lawyer ON PAPER or the magnetic media of your choice.

I've got about $80 (depending on today's price) in BTC on Coinbase. That's less than I plan on spending in BTC on any given day...

  Welcome to dumb requirements of financial regulators. For customer's protection, cold storage is no longer considered to be useful, instead it all has to be hot storage in segregated wallets.

mythosaz said:   I simply don't understand keeping more than a transactional amount of BTC in an exchange.

Nothing prevents you from printing your wallet info and putting a copy in your safe and/or safe deposit box, or sending a huge wallet to your lawyer ON PAPER or the magnetic media of your choice.

I've got about $80 (depending on today's price) in BTC on Coinbase. That's less than I plan on spending in BTC on any given day...

  For the case of Bitfinex, peer to peer lending of fiat (USD) and cryptocurrencies is one of the main reasons people had a lot there. The day of the hack there were about $38 million dollars lent out from users to other users trading on margin (going long BTC, LTC, ETH, and ETC), 24,400 BTC lent out, 492,800 ETH, and 38,400 LTC.

Just file a claim with the FDIC....

So I see they've privatized the profits and socialized the losses. Just like the 'real' banks.

EvilCapitalist said:   
Crazytree said:   I think it's hilarious that Bitfinex partnered up with a third party called BitGo that promised 100% insurance coverage in the event of this type of theft. You will be shocked to learn that they have determined this to be a "non-covered event."

http://www.newsbtc.com/2016/08/04/bitgo-bitfinex-hacking-fiasco/

Because it is a non-covered event. Signatures were correct. Bitfinex used shitty code base written by people who had no business writing the code, did not hire competent developers who cost lots of money and got owned. 

  That's not how an insurance product works... negligence does not obviate coverage.

Crazytree said:   
EvilCapitalist said:   
Crazytree said:   I think it's hilarious that Bitfinex partnered up with a third party called BitGo that promised 100% insurance coverage in the event of this type of theft. You will be shocked to learn that they have determined this to be a "non-covered event."

http://www.newsbtc.com/2016/08/04/bitgo-bitfinex-hacking-fiasco/

Because it is a non-covered event. Signatures were correct. Bitfinex used shitty code base written by people who had no business writing the code, did not hire competent developers who cost lots of money and got owned. 

  That's not how an insurance product works... negligence does not obviate coverage.

  
Pass the popcorn. This is fun to watch for sure. Good thing BitGo does not underwrite homeowner policies ... lol

stanolshefski said:   Can someone explain to me how you can steal bitcoins if they all have a unique serial number known to all?
  
Best known way is tumblers: 
First is that bitcoins don't really have a serial number, so much as they have a public record of all transactions. That public record is what confirms who has what, for example
-MinerA successfully mines block and receives 25 bitcoins
-MinerA pays 11.2 bitcoins to address ABC
-MinerA pays 2.9 bitcoins to address BCD
Now from all of the public transactions, a public ledger is known: MinerA=10.9, ABC=11.2 BCD=2.9.

Now you can track the bitcoins that ABC has back to the original block, since there is a direct line to line link. What a tumbler does is attempt to hide that trail, effectively laundering it.

ABC puts in 4 bitcoins, XYZ puts in 3, BFD puts in 5, and so on. Each person creates a few new addresses that are unique and have no trace to the original, but that they control.
Tumbler takes those 12 bitcoins and all are paid into his address, lets call it TMBL. From there, TMBL makes the following transactions
TMBL pays 1 bitcoins to addresses COF, XDR, PJX, KTT, and 2 bitcoins to WQX, BRS, JIV, and XOB
ABC controls COF, XDR, and WQX, so their original 4 is now equal to 1 + 1 + 2, but there is not longer a direct tie between those and the originals. At this point even if ABC stole those, how would you get them back?

Now add in that TMBL is going to be randomly the time for these payouts, randomizing the amount they payout, and with much higher quantities of people, you can see how quickly the money becomes anonymous.

Crazytree said:   
EvilCapitalist said:   
Crazytree said:   I think it's hilarious that Bitfinex partnered up with a third party called BitGo that promised 100% insurance coverage in the event of this type of theft. You will be shocked to learn that they have determined this to be a "non-covered event."

http://www.newsbtc.com/2016/08/04/bitgo-bitfinex-hacking-fiasco/

Because it is a non-covered event. Signatures were correct. Bitfinex used shitty code base written by people who had no business writing the code, did not hire competent developers who cost lots of money and got owned. 

  That's not how an insurance product works... negligence does not obviate coverage.

Unless negligence on the part of the covered party is specifically excluded, which of course it is.

It is cryptographic authentication. The policy essentially was "If someone steals your money because we failed to cryptographically authenticate the request and allowed the transaction, we will make you whole". They did not fail to authenticate the withdrawal. Bitfinex failed to guard its signing key.
 

EvilCapitalist said:   
Crazytree said:   
EvilCapitalist said:   
Crazytree said:   I think it's hilarious that Bitfinex partnered up with a third party called BitGo that promised 100% insurance coverage in the event of this type of theft. You will be shocked to learn that they have determined this to be a "non-covered event."

http://www.newsbtc.com/2016/08/04/bitgo-bitfinex-hacking-fiasco/

Because it is a non-covered event. Signatures were correct. Bitfinex used shitty code base written by people who had no business writing the code, did not hire competent developers who cost lots of money and got owned. 

  That's not how an insurance product works... negligence does not obviate coverage.

Unless negligence on the part of the covered party is specifically excluded, which of course it is.

It is cryptographic authentication. The policy essentially was "If someone steals your money because we failed to cryptographically authenticate the request and allowed the transaction, we will make you whole". They did not fail to authenticate the withdrawal. Bitfinex failed to guard its signing key.

  You guys really have Stockholm Syndrome with this whole Bitcoin thing.  90% of insurance claims arise out of negligent events... it's pretty much the whole purpose of having insurance not a lot of meteors are falling out of the Sky and wiping out property.  I am fairly certain insurance law in most states forbids the exclusion of such negligent events.  In other words, this was not a real insurance product anyone who can say they relied upon it may have a fraud claim against all involved.



Disclaimer: By providing links to other sites, FatWallet.com does not guarantee, approve or endorse the information or products available at these sites, nor does a link indicate any association with or endorsement by the linked site to FatWallet.com.

Thanks for visiting FatWallet.com. Join for free to remove this ad.

While FatWallet makes every effort to post correct information, offers are subject to change without notice.
Some exclusions may apply based upon merchant policies.
© 1999-2017