Bitcoin Forum
March 28, 2024, 11:15:28 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
Author Topic: Bitfinex HACKED - funds stolen !  (Read 32110 times)
marky89
Hero Member
*****
Offline Offline

Activity: 756
Merit: 502

CryptoTalk.Org - Get Paid for every Post!


View Profile
August 06, 2016, 09:01:58 PM
 #401

I think this would slow down the process of being able to sell bitcoin on their platform, as well as the ability to to debit customers' losses when they have leveraged losses.

Probably not so much, because they only settled accounts to the blockchain once per day. The exception being, if you bought bitcoins and immediately requested to withdraw them. That already took 15-45 minutes generally. Not sure how much this would really add.

The problem with BitGo is that they signed transactions that they should not have signed. I speculate that BitGo was signing transactions they believed to be "internal transfers" between bitfinex accounts, which I suspect are not subject to the limits that bitfinex set, although this is speculation.

They certainly signed transactions they shouldn't have signed. Even if they were internal transfers, that kind of volume (above, say, 20k or 30k) should trigger a circuit breaker. A telephone call, some kind of second step verification...something, rather than simply auto-signing for 120k bitcoins.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.CryptoTalk.org.|.MAKE POSTS AND EARN BTC!.🏆
1711624528
Hero Member
*
Offline Offline

Posts: 1711624528

View Profile Personal Message (Offline)

Ignore
1711624528
Reply with quote  #2

1711624528
Report to moderator
1711624528
Hero Member
*
Offline Offline

Posts: 1711624528

View Profile Personal Message (Offline)

Ignore
1711624528
Reply with quote  #2

1711624528
Report to moderator
1711624528
Hero Member
*
Offline Offline

Posts: 1711624528

View Profile Personal Message (Offline)

Ignore
1711624528
Reply with quote  #2

1711624528
Report to moderator
The grue lurks in the darkest places of the earth. Its favorite diet is adventurers, but its insatiable appetite is tempered by its fear of light. No grue has ever been seen by the light of day, and few have survived its fearsome jaws to tell the tale.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
talks_cheep
Legendary
*
Offline Offline

Activity: 1036
Merit: 1000


View Profile
August 06, 2016, 09:08:22 PM
 #402

I think this would slow down the process of being able to sell bitcoin on their platform, as well as the ability to to debit customers' losses when they have leveraged losses.

Probably not so much, because they only settled accounts to the blockchain once per day. The exception being, if you bought bitcoins and immediately requested to withdraw them. That already took 15-45 minutes generally. Not sure how much this would really add.

The problem with BitGo is that they signed transactions that they should not have signed. I speculate that BitGo was signing transactions they believed to be "internal transfers" between bitfinex accounts, which I suspect are not subject to the limits that bitfinex set, although this is speculation.

They certainly signed transactions they shouldn't have signed. Even if they were internal transfers, that kind of volume (above, say, 20k or 30k) should trigger a circuit breaker. A telephone call, some kind of second step verification...something, rather than simply auto-signing for 120k bitcoins.

The kind of verification you/we all desire cannot happen at bitfinex, they just won't allow it, how else would they be able to steal your bitcoins next time? It was an inside job, blamed on hackers, the hackers were themselves, helping themselves to 120K bitcoins. Clever bitches. I hear they're preparing to re-open again. You fool me once...

dmwardjr
Legendary
*
Offline Offline

Activity: 1302
Merit: 1318


Technical Analyst/Trader


View Profile
August 06, 2016, 09:08:27 PM
 #403

I think this would slow down the process of being able to sell bitcoin on their platform, as well as the ability to to debit customers' losses when they have leveraged losses.

The problem with BitGo is that they signed transactions that they should not have signed. I speculate that BitGo was signing transactions they believed to be "internal transfers" between bitfinex accounts, which I suspect are not subject to the limits that bitfinex set, although this is speculation.

I wasn't referring to trades.  I was referring to withdrawals.  Finex said everyone on their exchange had a BitGo account.  If this is true, Finex, did not use commonsense as I had previously mentioned in terms of withdrawals.

However, you make a great point.  If this was done in a way to make it appear as there were trades and simply transfer to settle trades between accounts, that's an entirely different issue to contend with.

Follow me on Trading View for excellent signals in Bitcoin/US dollar - Bitstamp - https://www.tradingview.com/u/WyckoffMode/.  You can follow me on Twitter at https://twitter.com/ModeWyckoff My YouTube Channel: https://www.youtube.com/channel/UC8IbhpQwrTD6BozJPWnyAHA  My Discord Invite Link: https://discord.com/invite/3EJYTytaTT  My Website is in LIVE BETA: https://wyckoffmode.com/
mayax (OP)
Legendary
*
Offline Offline

Activity: 1456
Merit: 1004


View Profile
August 06, 2016, 10:11:41 PM
 #404

Bitfinex has stolen your funds. It was NO hacker !  They will keep 36% from YOUR money, 23 MIL USD and they will continue the business. How can you let this happen?!!?!?

You must be VERY stupids to leave the things like that.
Quickseller
Copper Member
Legendary
*
Offline Offline

Activity: 2870
Merit: 2298


View Profile
August 06, 2016, 10:27:28 PM
 #405

I think this would slow down the process of being able to sell bitcoin on their platform, as well as the ability to to debit customers' losses when they have leveraged losses.

Probably not so much, because they only settled accounts to the blockchain once per day. The exception being, if you bought bitcoins and immediately requested to withdraw them. That already took 15-45 minutes generally. Not sure how much this would really add.
This would prevent a user from being able to place a sale order without first confirming with BitGo. Also, as I previously mentioned, if a customer opens a leveraged position with BTC as collateral, that declines in value, then the customer would presumably not agree to have BTC withdrawn from his account, even though this would be the appropriate thing to do.

The problem with BitGo is that they signed transactions that they should not have signed. I speculate that BitGo was signing transactions they believed to be "internal transfers" between bitfinex accounts, which I suspect are not subject to the limits that bitfinex set, although this is speculation.

They certainly signed transactions they shouldn't have signed. Even if they were internal transfers, that kind of volume (above, say, 20k or 30k) should trigger a circuit breaker. A telephone call, some kind of second step verification...something, rather than simply auto-signing for 120k bitcoins.
I know that BitGo handles internal transfers differently from outright withdrawals, at least in terms of pricing (a review of their website says that internal transfers are free while withdrawals signed by BitGo start at 0.1% with volume discounts available). It would make sense for there to be different limits between internal transfers and withdrawals.

I wasn't referring to trades.  I was referring to withdrawals.  Finex said everyone on their exchange had a BitGo account.  If this is true, Finex, did not use commonsense as I had previously mentioned in terms of withdrawals.

However, you make a great point.  If this was done in a way to make it appear as there were trades and simply transfer to settle trades between accounts, that's an entirely different issue to contend with.
I understand that when a BitGo customer will need to create a new "account", the BitGo customer (in this case Bitfinex) will provide BitGo two public keys, and BitGo will provide the customer with one public key, all of which will be combined to create a 2-of-3 multi-sig address. Ideally, when bitfinex provides their two public keys, one of the corresponding private keys will be held in offline cold storage, and one of them will be held in their online/hot server.

I am not entirely sure how bitfinex handles the creation of BitGo wallets/accounts when a new bitfinex account is opened. Ideally, Bitfinex and BitGo have exchanged a large quantity of public keys (tens/hundreds of thousands, or even millions), so when a bitfinex customer opens their account, BitGo can simply "activate" 3 wallets/accounts for this customer. BitGo most likely does not have access to bitfinex's business records, so they will simply be told by bitfinex when a new wallet/account needs to be activated. It is possible however that Bitfinex and BitGo exchange keys at the time the new bitfinex account is created, and the attacker provdied BitGo two public keys, and BitGo provided the attacker one public key, and that the attacker would have access to both of the corresponding private keys. This would allow the attacker to potentially first direct BitGo to sign transactions moving customer BTC to these newly created "wallets" and the attacker subsequently using the two private keys that he is in possession of to create a second transaction spending the BTC to an address that he created far away from the bitfinex servers. So BitGo would have only signed "internal transfer" transactions, and the attacker signed the "withdrawal" transactions.

It appears that the attacker was able to work for several hours without detection, which IMO is a very long time for an unauthorized intruder to have access to a server. Based on the statements of bitfinex (and BitGo), it appears that bitfinex was not initially sure how the attacker was able to access their servers, and based on the fact that users are still not able to access their bitfinex accounts, they still may not know. Based on the above, I suspect that the attacker was likely able to use some kind of 0-day attack.

If you assume that the losses at Gox actually happened a long time before Feb 2014, then this is, by far the largest hack/theft of Bitcoin in history.

Most of this is of course, speculation.
john2231
Hero Member
*****
Offline Offline

Activity: 924
Merit: 1001



View Profile
August 06, 2016, 10:49:32 PM
 #406

I don't beleive that bitfinex hack because they can give a 33% back funds to your account..
I think this just their reason that their hack but the truth they are not hack and they sold bitcoin and now the price of bitcoin is low they can deposit or buy bitcoins to give few funds as giveaway to others..
uname
Sr. Member
****
Offline Offline

Activity: 420
Merit: 250


View Profile
August 06, 2016, 11:04:09 PM
 #407

I don't beleive that bitfinex hack because they can give a 33% back funds to your account..
I think this just their reason that their hack but the truth they are not hack and they sold bitcoin and now the price of bitcoin is low they can deposit or buy bitcoins to give few funds as giveaway to others..
yeah come on. that is the reason a third party to steal money from their customers? they just want to look responsible when they launch an scaming. maybe they are right in the hack but the hack is a party of their own

ph4nt0m
Hero Member
*****
Offline Offline

Activity: 591
Merit: 501


Scavenger of Crypto Sorrow


View Profile
August 06, 2016, 11:09:19 PM
 #408

I don't beleive that bitfinex hack because they can give a 33% back funds to your account..
I think this just their reason that their hack but the truth they are not hack and they sold bitcoin and now the price of bitcoin is low they can deposit or buy bitcoins to give few funds as giveaway to others..

If they sold 120k BTC before the event and bought back right after, they could make a good fortune without much trouble. Large centralized exchanges are manipulated. That's how they make real profits. Those 0.2% trade fees are just for maintenance expenses.
joksim299
Legendary
*
Offline Offline

Activity: 2170
Merit: 1014


Bitdice is scam scam scammmmmmmmmmmmmmmmmmmmmmmmmm


View Profile WWW
August 07, 2016, 01:07:59 AM
 #409

I think this would slow down the process of being able to sell bitcoin on their platform, as well as the ability to to debit customers' losses when they have leveraged losses.

Probably not so much, because they only settled accounts to the blockchain once per day. The exception being, if you bought bitcoins and immediately requested to withdraw them. That already took 15-45 minutes generally. Not sure how much this would really add.

The problem with BitGo is that they signed transactions that they should not have signed. I speculate that BitGo was signing transactions they believed to be "internal transfers" between bitfinex accounts, which I suspect are not subject to the limits that bitfinex set, although this is speculation.

They certainly signed transactions they shouldn't have signed. Even if they were internal transfers, that kind of volume (above, say, 20k or 30k) should trigger a circuit breaker. A telephone call, some kind of second step verification...something, rather than simply auto-signing for 120k bitcoins.


overnightmillionaire
Full Member
***
Offline Offline

Activity: 184
Merit: 100



View Profile WWW
August 07, 2016, 01:17:24 AM
Last edit: July 21, 2018, 03:27:25 PM by overnightmillionaire
 #410

Bitfinex handled this the right way.

HaXX0R1337
Sr. Member
****
Offline Offline

Activity: 574
Merit: 252



View Profile
August 07, 2016, 01:21:51 AM
 #411

Well, the thing is that was not one hacker, not even a group.
There was more than one group of hackers, so this is pretty strange... Im amazed that bitfinex had to have hot wallet that big, and thanks to this, hackers were able to steal those btc that have been hold on hot wallet instead of frozen... Im sorry all bitfinex users ;(

▬▬▬▬▬▬

▬▬▬▬▬▬
       ▄▄█████████▄▄
    ▄█████████████████▄
  ▄█████▀▀       ▀▀█████▄
 ▄████▀             ▀████▄
▄████▀    ▄▄▄▄▄▄▄    ▀████▄
█████    █████████    █████
█████    ████████▀    █████
█████     ▄▄▄▄        █████
▀████▄   ██████      ▄████▀
 ▀████   █████▀     ▄████▀
   ▀▀     ▄▄▄    ▄▄█████▀
         █████   █████▀
         ▀███▀    ▀▀
COMPRO
FINANCE
▬▬▬▬▬▬

▬▬▬▬▬▬
▄▄█████████▄▄
▄█████████████████▄
▄█████████████████████▄
▄████████████████▀▀█████▄
▄████████████▀▀▀    ██████▄
████████▀▀▀   ▄▀   ████████
█████▄     ▄█▀     ████████
████████▄ █▀      █████████
▀████████▌▐       ████████▀
▀████████ ▄██▄  ████████▀
▀█████████████▄███████▀
▀█████████████████▀
▀▀█████████▀▀
BitcoinNewsMagazine
Legendary
*
Offline Offline

Activity: 1806
Merit: 1164



View Profile WWW
August 07, 2016, 01:26:44 AM
 #412

Usually the only real winners in lawsuits are the lawyers. I was expecting more than a 36% haircut. I would not be surprised when Bitfinex comes online again if you want to unlock your account and withdraw funds you have to agree to the terms of the socialized loss. If you do not and reserve your right to sue your account stays locked. We will see.

bones261
Legendary
*
Offline Offline

Activity: 1806
Merit: 1826



View Profile
August 07, 2016, 01:29:02 AM
 #413

What on earth am I going to do with BFX tokens? I really don't want a share in an exchange that won't last much longer. I'm going to be stuck with Bitfinex for quite sometime. I had about 269.00 USD, that I received from selling some BTC. Unfortunately, I haven't given Bitfinex my KYC info. I don't intend to. I'll just have to hope they can get the exchange going, so I can purchase a coin that I can exit with.
mayax (OP)
Legendary
*
Offline Offline

Activity: 1456
Merit: 1004


View Profile
August 07, 2016, 02:26:27 AM
Last edit: August 07, 2016, 02:38:27 AM by mayax
 #414

Why should those who did not have anything stolen be robbed? I had 30,000 usd in margin funding, CASH. Why should I lose %36?

Is there any open cases against bitfinex yet? I will be joining, or starting a group lawsuit for all those who lost their money. Yes I am responsible for where I put my money, but they are responsible for making me think their system was secure, and my money was safe.

they are in fact a legal company based in hong kong, that means they are open for money recovery. I'm sure those guys who had a few million in cash on margin funding are already in contact with lawyers.


thieves.

I recommend you to file a complain with Hong Kong police and http://www.sfc.hk or http://www.customs.gov.hk/en/consumer_protection/trade_desc/contact_us/index.html 
through an attorney from your country as soon as possible.

Bitifinex was operated by a Hong Kong company, Renrenbee Limited.

Be sure that the police will investigate your complain.Just fill it. Do not let your money to be stolen by crooks like Bitfinex (well known ex ponzi runners)

Bitfinex said that they alerted a "law enforcement" but they didn't say which one. This a lie. Hong Kong police didn't receive any complaint from Bitfinex regarding to a hack.
metropolia
Sr. Member
****
Offline Offline

Activity: 331
Merit: 250


View Profile
August 07, 2016, 02:49:54 AM
 #415

Bitfinex has stolen your funds. It was NO hacker !  They will keep 36% from YOUR money, 23 MIL USD and they will continue the business. How can you let this happen?!!?!?

You must be VERY stupids to leave the things like that.

just a conspiracy dude, i think bitfinex is stupid and lacks of defense strategy against hackers, that's why they lost money, should have stored money on cold wallet.
shinratensei_
Legendary
*
Offline Offline

Activity: 3052
Merit: 1024


Leading Crypto Sports Betting & Casino Platform


View Profile
August 07, 2016, 03:46:15 AM
 #416

Bitfinex has stolen your funds. It was NO hacker !  They will keep 36% from YOUR money, 23 MIL USD and they will continue the business. How can you let this happen?!!?!?

You must be VERY stupids to leave the things like that.

just a conspiracy dude, i think bitfinex is stupid and lacks of defense strategy against hackers, that's why they lost money, should have stored money on cold wallet.
The possibilities of conspiracy is can happen is always there but if it's correct maybe the using the 3rd parties to pretended to hack their site and stole their funds. but if that's assuming it's correct and wow it's very surprised, and do withdrawal all of your money now. just assuming.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
goinmerry
Legendary
*
Offline Offline

Activity: 2912
Merit: 1083


#SWGT CERTIK Audited


View Profile
August 07, 2016, 04:01:38 AM
 #417

Bitfinex has stolen your funds. It was NO hacker !  They will keep 36% from YOUR money, 23 MIL USD and they will continue the business. How can you let this happen?!!?!?

You must be VERY stupids to leave the things like that.

just a conspiracy dude, i think bitfinex is stupid and lacks of defense strategy against hackers, that's why they lost money, should have stored money on cold wallet.
The possibilities of conspiracy is can happen is always there but if it's correct maybe the using the 3rd parties to pretended to hack their site and stole their funds. but if that's assuming it's correct and wow it's very surprised, and do withdrawal all of your money now. just assuming.

But if they are returning all the lost money then they want to prove that it is not a fake hacking or other thing they call it. Sometimes I think that this is also a marketing strategy. Trying to be popular in doing some big news.

synthgauge
Hero Member
*****
Offline Offline

Activity: 1149
Merit: 502


View Profile
August 07, 2016, 05:47:26 AM
 #418

Overall its not that bad as it looked from the outset, and they are making moves on the way to recovery. I was on the fence stating they would not go full mt. gox, or otherwise this would be a collapse of the western bitcoin world. They propose 36 cut so let them work that out and settle legal ramifications pertaining to loss generalization, this may not be the best possible solution, but the least they could do to bring site functionality back online in the coming hours.
Windpower
Hero Member
*****
Offline Offline

Activity: 532
Merit: 501



View Profile
August 07, 2016, 05:50:39 AM
 #419

Dammit those guys took the 120k bitcoin before I could click on hack. Now what am I to do??? Maybe I could report the thief to FBI and they will get my money for me. After all I am white, they will listen to me!!!!!
smoothie
Legendary
*
Offline Offline

Activity: 2492
Merit: 1473


LEALANA Bitcoin Grim Reaper


View Profile
August 07, 2016, 05:51:47 AM
 #420

What many are forgetting is that up until now Bitfinex has only talked.

Talk is cheap.

Believe what you see and can verify, not what they tell you.

███████████████████████████████████████

            ,╓p@@███████@╗╖,           
        ,p████████████████████N,       
      d█████████████████████████b     
    d██████████████████████████████æ   
  ,████²█████████████████████████████, 
 ,█████  ╙████████████████████╨  █████y
 ██████    `████████████████`    ██████
║██████       Ñ███████████`      ███████
███████         ╩██████Ñ         ███████
███████    ▐▄     ²██╩     a▌    ███████
╢██████    ▐▓█▄          ▄█▓▌    ███████
 ██████    ▐▓▓▓▓▌,     ▄█▓▓▓▌    ██████─
           ▐▓▓▓▓▓▓█,,▄▓▓▓▓▓▓▌          
           ▐▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▌          
    ▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓─  
     ²▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓╩    
        ▀▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▓▀       
           ²▀▀▓▓▓▓▓▓▓▓▓▓▓▓▀▀`          
                   ²²²                 
███████████████████████████████████████

. ★☆ WWW.LEALANA.COM        My PGP fingerprint is A764D833.                  History of Monero development Visualization ★☆ .
LEALANA BITCOIN GRIM REAPER SILVER COINS.
 
Pages: « 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 [21] 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 »
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!