Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen

An anonymous reader quotes a report from Reuters: Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website. The company said it has also suspended deposits and withdrawals of digital currencies from the exchange. "We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen," the company said. "We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up." The company said it has reported the theft to law enforcement. It said it has not yet determined the value of digital currencies stolen from customer accounts. CoinDesk reports that the company confirmed roughly 120,000 BTC (more than $60 million) has been stolen via social media. "In response, bitcoin prices fell to $560.16 by 19:30 UTC, $530 by 23:30 and $480 at press time, CoinDesk USD Bitcoin Price Index (BPI) data reveals," reports CoinDesk. "This price was roughly 20% lower than the day's opening of $607.37 and 27% below the high of $658.28 reached on Saturday, July 30th, when the digital currency began pushing lower."

Re:Not even risk, loss virtually guaranteed with B

[Donwulff]

Or, if you were really concerned, you could just Google it: https://eprint.iacr.org/2016/167.pdf
"Broken SHA256: For a broken SHA256, meaningful
collisions or pre-images suggest that new transactions
should not be accepted. However, as we saw in Sec-
tion 4.3, unless a broken hash results in majority power,
an adversary cannot alter historical blocks or transactions.
The same can be said for hard-coding known public keys
with unspent outputs: even if the adversary gets a differ-
ent key that hashes to the same value, deriving the private
key should be infeasible if the signature scheme is still
strong. The plans for SHA256 thus seem to be more pru-
dent than necessary, but since they necessitate a hard fork,
rehashing the entire blockchain to add new checkpoints
or hardcoding public keys can only increase the security
of the transition period, but perhaps at a cost of efficiency."

A little plain-english translation would also be, that BitCoin and other cryptocurrencies (As well as, arguably, the security of every credit card in your pocket and bank transaction and online login and...) doesn't rely on the hash being "unbreakable", it just relies on it being non-trivial, and barring a general quntum computer, we know it to be non-trivial. In fact, the credit-card in your pocket is more vulnerable to single hash being broken, and the whole working principle of BitCoin (mining) is "cracking SHA-2".

The threat-model for BitCoin isn't that the hash will be broken, but that it will become significantly easier for one party; this is a special case of the general majority-hashing-power threat, where the "adversary" covertly through subterfuge or technology obtains majority hashing power. This in fact has happened before (Multiple times at least if you include Satoshi Nakamoto himself) and the world didn't come to an end.

This is not to say that I'm a BitCoin enthusiast, or even that I'm saying it's unbreakable, I'm just saying it's far more complicated and also analyzed, at least by other people than the BitCoin core developers, than a simple "OMGZORZS they gonna crack da hash!!!!111" :)