One of the largest cryptocurrency exchanges by volume, Bitfinex, was hacked in August 2016. They suffered a substantial monetary loss of 72 million USD in cryptocurrencies (based on exchange rates from August 2016) that was eventually returned to traders in form of redemption tokens, or RRT. Before that happened, users got a “haircut” – a socialized loss of 36% regardless of whether their assets were affected.
RRT is a token issued on the Omni platform to makeup for the USD value of the loss that was tradeable and eventually was paid for to the USD value of the user losses. This was a unique solution and some people who traded the token actively made good profits on it.
Zane Tackett mentioned throughout the original article has since stopped working for Bitfinex.
Original post from August 2016:
Reddit’s reactions
If you are reading this bit chances are you didn’t miss all the drama. The best source of information is probably their status page at bitfinex.statuspage.io, though the information is scarce. Zane Tackett /u/zanetackett is trying to keep the facade of the company and panic hasn’t kicked in but as for useful info he doesn’t provide much.
During the heist, only BTC assets were in fact taken by the hacker. Bad news for all ETH, ETC or LTC traders is that even though their assets were not affected by the hack, it seems they are lost too - just as USD assets, which were unaffected as well.
Aug 6, 2016: The most likely outcome is some form socialized loss - a haircut - if it can be made in a legal way. The official statement however is still “we have not decided yet”. Most traders conclude it was actually quite expected after the spectacular 24h downtime couple of weeks earlier during wild price movements. Though Kraken fails like this too, repeatedly, and no hack occured as of yet - so take out of it what you like.
Recording of Zane Tackett’s press conference on Whalepool TS:
Yes, Bitfinex takes part in paying the missing money. All customers will get a haircut of 36%. The hack wasn’t done via logging into customers accounts. There will be a shitcoin released to pay for the 36% that will not be paid back right now. No details about the hack.
Will it affect the general trust in cryptocurrencies?
Collectively, high-profile exchange hacks like MtGox and Bitfinex have set #Bitcoin back...
— #BubbleMoku (@CarpeNoctom) 5 August 2016
Was the Bitfinex hack an inside job?
Maybe.
#Bitcoin #HackLeak exposed.
— Beetcoin (@Beetcoin) 4 August 2016
hypot. P2SH stats vs Futures @OKCoinBTC, hack info = value.
HD: https://t.co/CH4kErhTfs pic.twitter.com/GI4nzBXQf7
Can we learn from our mistakes for the next time?
Some say it was plain as a yoghurt that Finex would get hacked since it had strange downtimes during busy times - but so do many exchanges. It was hosted on an AWS - experts might cringe at that but Gemini also run on AWS and OKCoin International was too. Ask the bot coders - they know where to put their codes to be in the same datacenter as the exchange. There is no exchange that would keep their own bare metal in a server room. Cost cutting wins.
Only thing we can do is to NEVER baghold or anything like that: Send money to exchange, do the trade, send them to Trezor.
Who runs Bitfinex anyway?
Bitfinex’s CEO is a Dutchman Jean-Louis van der Velde. Here is his LinkedIn. Their risk manager is also public on LinkedIn - here. Their PR representative Zane Tackett is well known to anyone on Reddit - /u/zanetackett, loyal till his death and beyond. His boss is Phill Potter. However none of these people actually developed Bitfinex. The platform was made by a freelance sysadmin Raphael Nicolle with codebase from Bitcoinica, an exchange that was hacked back in the 2012.
Is someone liable for something? They had BitGo which is insured..?
Bitfinex used to advertize on their website the assets were insured through BitGo which handled their wallets.
The insurance however doesn’t cover this hack. BitGo supplied Bitfinex with an implementation of segregated user-specific wallets to fill the regulatory requirements that were raised by futures regulatory commissions - margin swaps offered on Finex were basically a futures product without the user specific wallets. However Bitfinex had complete control over the BitGo implementation and turned off some of its security functions (like, limits on withdrawals) for convenience.
USD funds for verified USA customers that came from US bank accounts were insured via SynapsePay.
Are now other exchanges that use BitGo vulnerable?
Kraken uses BitGo but with a different setup:
Poloniex … Well, who knows anything about Poloniex, right?
Is there still hope?
Bitfinex reps said the company will not pay for the losses of its customers. Bitstamp did, but the loss was smaller and they had VC funding. The only way a VC might want to flow into Bitfinex would probably be via an acquisition.
Bitfinex’s daily volume was known and it seems that a hack of this size wasn’t such a big hit really. However, Bitfinex reps refuse to state the exchange’s net worth.
The price action coming from this?
There was a major dump.