[Bitfinex Hacked] So , learned the lesson ?

[OmegaStarScream]

Once again , Bitfinex has been hacked and I just want to ask you people , have you learned the lesson yet ? I assume not otherwise you wouldn't keep your funds in an exchange (I'm not speaking with those who kept their bitcoin for short period of time , those accidents happens but I'm mostly speaking for those who had their bitcoins laying there for weeks/months)

I'm not trying to be rude or anything but for the last time , please ... please ! Just withdraw your funds from exchanges . I'm not sure what you got to lose here , this procedure will only secure your coins and make you safer.

[Lauda]

I'd say no. The people who had lost considerable amounts of money there, are at fault, not Bitfinex. Nothing is unhackable, and online exchanges are generally valuable targets for various hackers. It seems like the people in question (who suffered losses) have learnt nothing from Mt.Gox, Cryptsy and so on. Generally, if Bitcoin is stored on an address to which you do not hold the private keys to, then you do not own them. In this case: If it is stored in such a multisignature implementation where online services can just avoid you and move the money from the address, then you don't own them either.

Just withdraw your funds from exchanges .

Exactly. I pulled some that I had left on Bitstamp as soon as Bitfinex went down.

[7788bitcoin]

I guess most people affected are those who earn bitcoin by trading the exchange. Their coins are mostly in the exchanges so that they can trade anytime without waiting for deposit time (1 to 6 confirmations depending on the exchange)- opportunity cost. Besides, they do not need to pay extra for the withdrawal.

Until now no one knows who is the hacker(s)... External or even "internal"?

[Senor.Bla]

obviously not and they probably never will. people are dumb and is definitely easier to let the coins be exposed on some exchanges/online wallets than to learn how to properly store the coins. other people are just lazy. to lazy to keep their money safe (same thing with backups). those things are easy. i am not talking about people checking how the exchanges store the coins etc

[rphk]

Once again , Bitfinex has been hacked and I just want to ask you people , have you learned the lesson yet ? I assume not otherwise you wouldn't keep your funds in an exchange (I'm not speaking with those who kept their bitcoin for short period of time , those accidents happens but I'm mostly speaking for those who had their bitcoins laying there for weeks/months)

I'm not trying to be rude or anything but for the last time , please ... please ! Just withdraw your funds from exchanges . I'm not sure what you got to lose here , this procedure will only secure your coins and make you safer.

yes you right, we should not keep more money on exchanger sites which is the risky one . Always exchange it in time and best is not keep complete money on exchange sites. Best is to convert it to fiat  and use it for need.

[alani123]

Prior to the recent breach, Bitfinex was claiming that they were using secure cold storage and multisig. It's not like users didn't get a warning with Bitfinex's outages, unprofessionalism and previous breaches recently but this false advertising was so over the top.

[Uptrenda]

I've historically been a big advocate of decentralized exchanges but I think in this case the problem is actually much deeper. Here, we have an entity that -has- to manage the state of coins based on real world outcomes as part of their value offering (which is something many merchants have to do, whether they be stock markets, exchanges, and many kinds of other businesses.)

In my view, what's needed is a way to lock coins to a new address type that forces a delayed clearing process for all coins transferred from that address. Transactions could then be revoked by the owner during the clearing phase which would become progressively less likely as the clearing phase progresses. This would be a very simple way to detect fraudulent transactions before its too late, as well as to allow for the creation of cryptographically provable accounting records (with browse-based signing) to be tied to the clearing process for withdrawals.

In English: this would allow an exchange to detect when something doggy was going on with withdrawals without imposing the same limitations of a decentralized exchange (like low liquidity and poor usability.) It would be the best of both worlds which would be great for not only exchanges but all kinds of merchants who are forced to handle Bitcoins directly as part of their business practices.

[20kevin20]

I never hold my money anywhere else than my wallet or somewhere safe. Any website can be hacked anytime. Who would keep their hundreds of thousands somewhere else than their safe/wallet? No one. Same thing goes with BTC. I guess most of us learned the lesson now, but there still are a few not caring about the money. They won't care until it happens to them too.

[Dobmaster]

I just leave 10% of my coins on the exchanges to do some trading. Maybe I should also withdraw.

[OmegaStarScream]

I guess most people affected are those who earn bitcoin by trading the exchange. Their coins are mostly in the exchanges so that they can trade anytime without waiting for deposit time (1 to 6 confirmations depending on the exchange)- opportunity cost. Besides, they do not need to pay extra for the withdrawal.

Until now no one knows who is the hacker(s)... External or even "internal"?

I have no problem waiting several confirmations personally . If that means that I won't lose my coins. I'm not sure about you but I personally prefer to wait up to 1 hour instead of losing hundreds/thousand or million of dollars.

Prior to the recent breach, Bitfinex was claiming that they were using secure cold storage and multisig. It's not like users didn't get a warning with Bitfinex's outages, unprofessionalism and previous breaches recently but this false advertising was so over the top.

I don't get this one either , how could use Multi sig + cold storage and still get hacked for millions of dollars ? I will take my chances and say that this is an inside job.

[Lauda]

Prior to the recent breach, Bitfinex was claiming that they were using secure cold storage and multisig.

They claimed that they had used cold storage? Source?

I didn't lose anything any of the attacks against exchanges, Finex or otherwise, but I just wanted to tell you that you're not the sharpest tool in the shed.

Much sharper than the majority of the rusty tools in the Bitcoin ecosystem. I've yet to suffer a singular loss of any scam, hack and whatnot. Even though a decent amount of people keep advising against keeping coin on exchanges, web wallets and whatnot, people still keep at it.

Traders have no choice but to put their trust in an exchange

I couldn't care less about day-traders, and they aren't the people that I was referring to.

Saying that Finex is not at fault here is hilarious, and frankly you should be embarrassed.

I may have incorrectly written my statement. However, as long as you keep blaming the services for hacks (nothing is unhackable), you will keep suffering losses.

I don't get this one either , how could use Multi sig + cold storage and still get hacked for millions of dollars ? I will take my chances and say that this is an inside job.

There was no cold storage layer. Multi-signature can be hacked by compromising the keys which were all apparently stored at the same layer.

[severaldetails]

Might be a stupid question:
Would it bring more safety if withdrawls on exchanges would be only possible to addresses the user gives his ok to in advance?
Maybe one when he registers, and others only after a certain time period? Let's say a week after the address is applyed at an exchange?

[Lauda]

Would it bring more safety if withdrawls on exchanges would be only possible to addresses the user gives his ok to in advance?

Re-using addresses for such huge amounts ain't a good idea either. Generally, it would be more safe to do that. However, this is a better suggestion and worthy of a new BIP (IMO):

In my view, what's needed is a way to lock coins to a new address type that forces a delayed clearing process for all coins transferred from that address. Transactions could then be revoked by the owner during the clearing phase which would become progressively less likely as the clearing phase progresses. This would be a very simple way to detect fraudulent transactions before its too late, as well as to allow for the creation of cryptographically provable accounting records (with browse-based signing) to be tied to the clearing process for withdrawals.

In English: this would allow an exchange to detect when something doggy was going on with withdrawals without imposing the same limitations of a decentralized exchange (like low liquidity and poor usability.) It would be the best of both worlds which would be great for not only exchanges but all kinds of merchants who are forced to handle Bitcoins directly as part of their business practices.

[18RATTT]

I would like to urge everyone owning Bitcoin to verify 3 things:

1) Pls check if your bitcoin provider is well reputed, backed by top class investors and has a strong engineering team
2) Ask them how they store your bitcoin - how much is stored in hot wallet vs. cold storage
3) Do they have 2 factor authentication enabled for all accounts? 

Regards,
Tiyo from BitX
https://bitx.co

android app: https://play.google.com/store/apps/details?id=co.bitx.android.wallet
ios app: https://itunes.apple.com/id/app/bitx-wallet/id927362479

[Barnabe]

Stop spamming with your barely hidden ad message. Less competition means that you will get more customers anyway, you don't need to spam each topic ...

[truxton]

The answer is a decentralised exchange.  fortunately it already exists. this will be huge: https://bitcointalk.org/index.php?topic=829576.6140

[Velkro]

and I just want to ask you people , have you learned the lesson yet ?

Remember that there is a lot of people that sent btc on the day of hack there, to trade.
These are real victims, people which stored bitcoins for many weeks were designated to lost their money anyway sooner or later on this exchange or on another.

[electronicfactura]

Last time I left Bitcoins was on mintpal that was lesson for me. I didn't loose much money there but still it was from my pocket. Since then I don't trust any exchange to keep my hard earned money there. I downloaded Bitcoin's desktop wallet and have all my funds in my possession. This was another shocking news when I heard last night about Bitfinex's hacked.

[eternalgloom]

Prior to the recent breach, Bitfinex was claiming that they were using secure cold storage and multisig.

They claimed that they had used cold storage? Source?

I've found that claim as well on their website, which can be viewed though Google Cache.
Source: https://webcache.googleusercontent.com/search?q=cache:UvrqjyGeBZYJ:https://www.bitfinex.com/posts/30

But I've also read a couple of articles that claim they were not using any cold storage.

[sotisoti]

There was no cold storage layer. Multi-signature can be hacked by compromising the keys which were all apparently stored at the same layer.

https://web.archive.org/web/20160324083244/https://www.bitfinex.com/pages/security


<sub>Multi-sig Hot wallet
- Provided by BitGo (BitGo FAQ)
- Only holds minimal amounts (~0.5% of customer funds)</sub>


I am a bit confused by their statement: does the hot wallet only hold 0.5% of customer funds? Where are the remaining? (99.5%)