Bitfinex Hack

Bitcoin and the Story of Antifragility #5 - Big Losses at Bitfinex

By hifi.crypto | HiFi Crypto | 15 Feb 2022

Read now to learn how custodying your Bitcoin with a cryptocurrency exchange can never be totally safe, no matter the level of security the exchange offers.

Lonny was frantic. He was searching for a clue on his phone and in his email, but was coming up empty. Bitfinex customer support was no help either and the representative was basically ignoring him. His Bitcoin were missing and he had no idea why and no one to help him.

Granted, it was only about 20 Bitcoin. He was starting to hear chatter on Reddit about people who had lost a lost more. But he had put his life savings into Bitcoin, and he needed them back. Who had taken them? And how had they possibly managed to take Bitcoin from so many people at once? He may never know the truth.

The above account is a fictionalized dramatization that is loosely based on the reported events surrounding the Bitfinex hack of 2016. As such, it should not be taken as factual.

The Bitcoin blockchain is extremely secure. Tens of thousands of powerful machines are constantly working to protect the network from double spends and other attacks. Public-key cryptography ensures that illicitly moving funds from one Bitcoin wallet to another is essentially impossible unless the corresponding private key is obtained by a hacker. And the irreversibility of Bitcoin transactions ensures that no one can roll back your Bitcoin transfer after it has been confirmed on the blockchain.

However, Bitcoin’s robust security can at times be a double-edged sword, usually as a result of user error. For example, the private key protecting your Bitcoin is only as safe as you keep it. And if someone steals your private key and moves your Bitcoin out of your wallet, no force on earth can cancel the transaction and put them back.

History has provided a host of powerful examples on why protecting your Bitcoin is of paramount importance, and the Bitfinex hack in 2016 definitely qualifies. Users and outsiders alike were stunned when Bitfinex took down its website, halted trading and withdrawals, and announced that nearly 120,000 Bitcoin has been stolen directly from customer accounts. It was the largest Bitcoin theft since the Mt. Gox hack, and the community was experiencing severe déjà vu due to the similarities between the two events.

In an ironic twist of fate, Bitfinex had recently removed customers’ funds from pooled depositories into segregated multisig wallets in an attempt to prevent hacks like the one that happened shortly thereafter. But, as we already discussed, Bitcoin are only as safe as the holder keeps them, and Bitfinex’s configuration was apparently not up to the task.

What’s In A Multisig?

The vast majority of Bitcoin wallets are singlesig, meaning that only one private key is associated with and can sign transactions for each wallet. Multisig wallets though allow for multiple private keys to be associated with a single Bitcoin wallet, and a quorum of keys (for example, 2-of-3 or 3-of-5 private keys) is required in order to sign a transaction and send it across the blockchain. Multisig wallets are often considered safer than singlesig wallets because multisigs can eliminate a single point of failure. In other words, someone has to steal multiple keys from you instead of one in order to steal your Bitcoin. Your holdings are also better protected from total loss if you misplace a private key since other private keys are still available with which to sign a Bitcoin transaction.

In 2016, Bitfinex appears to have established multisig wallets for which the company held two of the three available private keys, while entrusting the third and final key to Bitgo, a company specializing in custody of digital assets. To Bitfinex’s credit, sources claimed that the company held one of the two private keys it custodied in cold storage. However, I find their choice to not allow customers to custody one of the private keys themselves (at least those who felt adept enough to do so) interesting to say the least, as it could have further decreased hackers’ ability to acquire a sufficient number of keys. Although that may not have made a difference in the 2016 hack since insiders claim that the keys in cold storage weren’t compromised during the hack, leading outsiders to speculate that the keys Bitfinex kept online were accessed and that Bitgo then used the keys it held to sign off on all the transactions the hackers initiated.

A Happy Ending?

Perhaps all is not lost for the customers affected by the Bitfinex hack. Early last week, the United States Department of Justice announced that around 80% of the Bitcoin stolen in the hack had been seized and a husband-wife duo was being charged with laundering the funds through a variety of transfers, coinjoins, asset purchases, and other means.

The married couple in question appears to have kept the private keys securing the stolen Bitcoin online in a cloud storage account. While their choice to keep the private keys online was almost assuredly crucial to the government’s ability to recover the stolen Bitcoin, it also serves as a reminder that those of us who haven’t obtained Bitcoin through illicit means should keep our private keys secured offline. After all, if the hackers can obtain Bitfinex’s online private keys, and the government can obtain the hackers’ online private keys, why should your private keys be safe if you choose to keep them online?

Like what you see, but not a subscriber yet?

Consider subscribing for two weekly emails about Bitcoin and Crypto, subscriber giveaways, real-time community discussions and more!

Subscribe Now

Can’t Get Enough Bitcoin In Your Life? Follow me on Social Media:

Follow Me On Social Media

Follow Me

Bitcoin is my passion and my mission is to give as many people as possible the chance to learn how it can change their lives for the better. Want to support me and my mission?

Make a Donation

Blockchain Word of the Day


Want to learn more Blockchain words?

Check Out The Glossary

🙋🏽‍♂️Did you enjoy this edition of The HiFi Crypto Letters?

This 3-question survey is your chance to tell me how I can improve the newsletter for you.

Share Your Thoughts

This is not financial advice. This newsletter and related content are for informational purposes only. Cryptocurrencies and digital assets can be risky. Always do your own research before making any sort of investment.

How do you rate this article?




I am an avid Bitcoin enthusiast. I publish the HiFi Crypto Letters, a twice weekly newsletter on Bitcoin:

HiFi Crypto
HiFi Crypto

My goal is to provide education on Bitcoin and related topics.

Send a $0.01 microtip in crypto to the author, and earn yourself as you read!

20% to author / 80% to me.
We pay the tips from our rewards pool.