Hong Kong Bitcoin Exchange BitFinex Loses Nearly 120,000 Bitcoins in Hack

$72 million worth of coins stolen, Bitcoin price plummets, individual customer accounts hacked despite multisignature protection

2 min read
A cartoon thief carrying a bag with the Bitcoin symbol on it
Illustration: iStockphoto

Yesterday afternoon, BitFinex, a Bitcoin exchange in Hong Kong, disabled its customer deposits and withdrawals functions and replaced the trading engine on its website with notification of a major security breach. Later in the day, Zane Tackett, the “Director of Community and Product Development” took to Reddit (under the username “zanetackett”) to confirm that an attack had occurred and that nearly 120,000 bitcoins had been stolen from individual customer accounts.

This latest hack, which amounts to a loss of around US $72 million, is the biggest plundering of a Bitcoin exchange since 2014 when 850,000 bitcoins disappeared from the books during Mark Karpeles’s tenure as CEO of Mt. Gox. As was the case in 2014, the value of the currency is now crashing. The market price of bitcoin, which had begun to steadily increase at the beginning of the summer, fell 15 percent on news of the BitFinex hack.

The statement from BitFinex provides no details as to how the attack was conducted, but assures customers that “the theft is being reported to—and we are co-operating with—law enforcement.”

Statements from Tackett on social media seem to rule out the possibility of an inside job. As a result, much speculation is being placed on the key management strategy that BitFinex had setup with its partner, BitGo, a Bitcoin wallet provider that uses multisignature transactions for security.

Multisignature transactions allow Bitcoin users to assign multiple private keys—the cryptographic proof required to initiate a transaction on the network—to a single Bitcoin address. In order to strengthen security, the keys attached to a multisignature address can be divied up among parties such that no one entity has full license to the spend the coins in that address. The measure is designed to provide an alternative to the single point of failure where one person holding a master key stands to lose everything in the event of a hack. If used correctly, multi-signature transactions can also limit the amount of trust in the relationship between cryptocurrency traders and exchanges.

BitFinex was compelled to set up multi-signature addresses for each of its trading customers after an investigation into its operations by the Commodity Futures Trading Commission. Among other things, the regulatory commission faulted BitFinex for holding client funds in an internal address that was exclusively controlled by the exchange. In order to comply with the Commission, BitFinex turned to BitGo. Each customer was then assigned a separate Bitcoin address to hold their deposits with three keys assigned. One key was held by BitGo. Two were held by BitFinex—one offline and one online. For any transaction to go through, any two of these keys would have to be presented.

As a holder of two of the keys, BitFinex, or a hacker with access to both the company’s keys, could have initiated the fraudulent transactions. Or, the hack could have involved a breach of both the BitGo and BitFinex security apparatus.

However, both scenarios make it clear that multisignature wallets are not a magic solution to the problem of rampant robbery of Bitcoin exchanges. Even the strongest security tools are useless when improperly implemented, as seems to be the case once again.

The Conversation (0)

Metamaterials Could Solve One of 6G’s Big Problems

There’s plenty of bandwidth available if we use reconfigurable intelligent surfaces

12 min read
An illustration depicting cellphone users at street level in a city, with wireless signals reaching them via reflecting surfaces.

Ground level in a typical urban canyon, shielded by tall buildings, will be inaccessible to some 6G frequencies. Deft placement of reconfigurable intelligent surfaces [yellow] will enable the signals to pervade these areas.

Chris Philpot

For all the tumultuous revolution in wireless technology over the past several decades, there have been a couple of constants. One is the overcrowding of radio bands, and the other is the move to escape that congestion by exploiting higher and higher frequencies. And today, as engineers roll out 5G and plan for 6G wireless, they find themselves at a crossroads: After years of designing superefficient transmitters and receivers, and of compensating for the signal losses at the end points of a radio channel, they’re beginning to realize that they are approaching the practical limits of transmitter and receiver efficiency. From now on, to get high performance as we go to higher frequencies, we will need to engineer the wireless channel itself. But how can we possibly engineer and control a wireless environment, which is determined by a host of factors, many of them random and therefore unpredictable?

Perhaps the most promising solution, right now, is to use reconfigurable intelligent surfaces. These are planar structures typically ranging in size from about 100 square centimeters to about 5 square meters or more, depending on the frequency and other factors. These surfaces use advanced substances called metamaterials to reflect and refract electromagnetic waves. Thin two-dimensional metamaterials, known as metasurfaces, can be designed to sense the local electromagnetic environment and tune the wave’s key properties, such as its amplitude, phase, and polarization, as the wave is reflected or refracted by the surface. So as the waves fall on such a surface, it can alter the incident waves’ direction so as to strengthen the channel. In fact, these metasurfaces can be programmed to make these changes dynamically, reconfiguring the signal in real time in response to changes in the wireless channel. Think of reconfigurable intelligent surfaces as the next evolution of the repeater concept.

Keep Reading ↓Show less