Nearly 120,000 units of digital currency bitcoin worth about US$72 million was stolen from the exchange platform Bitfinex in Hong Kong, rattling the global bitcoin community in the second-biggest security breach ever of such an exchange.
Bitfinex is the world’s largest dollar-based exchange for bitcoin, and is known in the digital currency community for having deep liquidity in the US dollar/bitcoin currency pair.
Zane Tackett, Director of Community & Product Development for Bitfinex, told Reuters on Wednesday that 119,756 bitcoin had been stolen from users’ accounts and that the exchange had not yet decided how to address customer losses.
“The bitcoin was stolen from users’ segregated wallets,” he said.
The company said it had reported the theft to law enforcement and was cooperating with top blockchain analytic companies to track the stolen coins.
Last year, Bitfinex announced a tie-up with Palo Alto-based BitGo, which uses multiple-signature security to store user deposits online, allowing for faster withdrawals.
“Our investigation has found no evidence of a breach to any BitGo servers,” BitGo said in a Tweet.
“With users’ funds secured using multi-signature technology in partnership with BitGo, a lot more is at stake for the backbone of the bitcoin industry, with its stalwarts and prided tech under fire,” said Charles Hayter, chief executive and founder of digital currency website CryptoCompare.
The security breach comes two months after Bitfinex was ordered to pay a $75,000 fine by the U.S. Commodity and Futures Trading Commission in part for offering illegal off-exchange financed commodity transactions in bitcoin and other digital currencies.
Tuesday’s breach triggered a slump in bitcoin prices and was reminiscent of events that led to the 2014 collapse of Tokyo-based exchange Mt Gox, which said it had lost about $500 million worth of customers’ Bitcoins in a hacking attack.
Bitcoin plunged just over 23 per cent on Tuesday after the news broke. On Wednesday it was up 1 per cent at $545.20 on the BitStamp platform.
Tackett added that the breach did not “expose any weaknesses in the security of a blockchain”, the technology that generates and processes bitcoin, a web-based “cryptocurrency” that can move across the globe anonymously without the need for a central authority.
A bitcoin expert said the scandal highlighted the risks of companies using cryptography for their ledgers.
“The more you rely on its benefits, the greater the potential for damage when keys are stolen. We still have some way to go to create highly secure but convenient systems,” said Singapore-based Antony Lewis.
The volume of bitcoin stolen amounts to about 0.75 per cent of all bitcoin in circulation.
It is not yet clear whether the theft was an inside job or whether hackers were able to gain access to the system externally. On an online forum, Bitfinex’s Tackett said he was “nearly 100 percent certain” it was no one in the company.
Bitfinex suspended trading on Tuesday after it discovered the breach. It said on its website that it was investigating and cooperating with the authorities.
The security breach is the latest scandal to hit Hong Kong’s bitcoin market after MyCoin became embroiled in a scam last year that media estimated could have duped investors of up to $387 million. The bitcoin trading company closed after the scandal.
The president of the Hong Kong Bitcoin Association said the only way to protect information is to disperse it in so many small pieces that the reward for hacking is too small.
“For an attacker, the cost-benefit strategy is quite easy: How much is in the pot and how likely is it that I’m getting the pot?” said Leonhard Weese.