Bitfinex Offers $3.5 Million Bounty for Stolen Bitcoin

[Kakmakr]

A company in so much trouble, should not splash money around to offer $3 500 000 bounties, but rather use that money to hire security experts to plug the holes in their security or to upgrade their systems to scrutinize their own employees. This looks like a inside job, not someone hacking from the outside. ^hmmmm^

[squatz1]

This is a waste, no hacker would turn in all of the cash he stole just for a simple %5 with a 110% of being traced by the tons of people affected by the hack once the person is discovered.


Would just be dumb for the hacker to submit to this, but it would be nice to see the victims compensated.

[Bitcoinpro]

CIA

Money please

[talks_cheep]

Whoever in Bitfinex posted the reward offer should look at the mirror and see the face of the thief staring back. This is nothing more than a publicity stunt. They are trying to pin the blame on an outside hacker when it clearly was an inside job.

[marky89]

so did they lose this coin through a simple address collision or what?

After all these exchange "hacks", an address collision?

It's pretty clear that Bitfinex had a very insecure security implementation. One of their 2-of-3 multisig keys was on an online server -- okay, that's understandable because they need automated withdrawals. But apparently, with only the use of an API key (whose credentials may or may not have been located on the same, or another online server) and Bitfinex's hot key, BitGo would sign off on any transaction, no matter the size or depletion of reserves.

BitGo really dropped the ball here. They co-signed every single fraudulent transaction. That means they don't locally enforce any security flags or limits whatsoever -- they just take the first signer's word for it. That's a complete misuse of multi-sig. I hope BitGo burns for this.

[deadpoolx]

Where are the bounty hunters for this one?

[marky89]

Where are the bounty hunters for this one?

Companies like Chainalysis and their competitors. If the coins ever move, they will watch for eventual movement into centralized services (exchanges, online wallet providers, casinos, etc). Then law enforcement may contact those companies for more information about who deposited those coins. Then they press that person for how they came into possession of the coins. Maybe there's a weak link somewhere -- to get cash in hand requires interfacing with a person, if not a business. But I'm guessing that these coins will sit untouched for a long, damn time.

[raymond541]

$3.5 Million Bounty its really very big offer.Its really very tough to trace them but its possible but I think coin are not on that address.If its happened then its really very tough.I don't really a programmer but lets try.$3.5 Million Bounty how how I can leave alone.

[Doamader]

First who hacked bitfinex isnt a noob, he or she knew what were doing, and for sure knew the exchange would try to recover the coins,soo the hacker by now had bought several altcoins, and had used mixer services almost instant, the news about the hacker took how many hours to be public? Only the owners of mixer service can maybe trace where the bitcoins went, even with they had took a fee, they can track the money,they have acess, soo just them can maybe find the coins hacked.

[Hazir]

Ok, so far I understand that Bitfinex investigators can't seem to track these coins at all.
I imagine that there is possible scenario that hackers baited by that offer will give back the coins to avoid being hunted.

But Bitfinex can grab that returned coins whole ~$60kk and never tell us that they indeed received it back.
I know I am being paranoid here but I still think that this is somewhat inside job more that a external attack.

[Specter2112]

So... my neighbor  has an open wifi, or I go into the local coffee shop, use their free wifi to do my deeds at.  You traced the thief back to starbucks?  That's going to stand up well in a court of law.

I think what they are hoping is that the thief is going to talk, show off, and someone will rat them out.  Either way, that is still just circumstantial and again, good luck getting your coins back.

Specter

[Anon_7716]

So... my neighbor  has an open wifi, or I go into the local coffee shop, use their free wifi to do my deeds at.  You traced the thief back to starbucks?  That's going to stand up well in a court of law.

I think what they are hoping is that the thief is going to talk, show off, and someone will rat them out.  Either way, that is still just circumstantial and again, good luck getting your coins back.

Specter

A thief can already what they want, will surely be lurking with safe and they will not show their identity. If that is the case then they will get a big problem in his life. I don't know what they will do about the bitcoin results they get from hackers bitfinex, the most important is the price of bitcoin is not experiencing a bad thing

[Wapinter]

Bitfinex has offered a reward for the return, or info leading to the return, of the Bitcoin stolen in the recent hack.

Reddit user someguy916 posted in the /r/Bitcoin subreddit inquiring as to how much of a reward Bitfinex would be willing to offer for the stolen coins. Zane Tackett, Director of Community and Product development, responded with an offer for a small percentage:

5% of recovery and for information leading to recovery (but no bounty if no recovery); if multiple persons lead to recovery, share pro rata

Source : https://cointelegraph.com/news/bitfinex-offers-35-million-bounty-for-stolen-bitcoin

Get to work guys 

I still don't understand how It's impossible to trace them though , I mean If we take in consideration that anything on the blockchain is traceable ... they should track some users addresses till they reach the ADDRESS needed.

I think they are just making fool and nothing else.They no very well that it is not possible to trace the coins now.If they are so concerned about it,why dont they distribute that money among people who lost their money

[smaxz]

so did they lose this coin through a simple address collision or what?

After all these exchange "hacks", an address collision?

It's pretty clear that Bitfinex had a very insecure security implementation. One of their 2-of-3 multisig keys was on an online server -- okay, that's understandable because they need automated withdrawals. But apparently, with only the use of an API key (whose credentials may or may not have been located on the same, or another online server) and Bitfinex's hot key, BitGo would sign off on any transaction, no matter the size or depletion of reserves.

BitGo really dropped the ball here. They co-signed every single fraudulent transaction. That means they don't locally enforce any security flags or limits whatsoever -- they just take the first signer's word for it. That's a complete misuse of multi-sig. I hope BitGo burns for this.

this in itself does not explain how the coins were appropriated though does it?

so did they lose this coin through a simple address collision or what?

The coins were hacked... a collision is practically impossible.

you seem pretty confident, does anyone have details on how this "hack" was perpetrated?