Bitcoin Exchange Bitfinex Says It Was Hacked, Roughly $60M Stolen

An anonymous reader quotes a report from Reuters: Hong Kong-based digital currency exchange Bitfinex said late on Tuesday it has suspended trading on its exchange after it discovered a security breach, according to a company statement on its website. The company said it has also suspended deposits and withdrawals of digital currencies from the exchange. "We are investigating the breach to determine what happened, but we know that some of our users have had their bitcoins stolen," the company said. "We are undertaking a review to determine which users have been affected by the breach. While we conduct this initial investigation and secure our environment, bitfinex.com will be taken down and the maintenance page will be left up." The company said it has reported the theft to law enforcement. It said it has not yet determined the value of digital currencies stolen from customer accounts. CoinDesk reports that the company confirmed roughly 120,000 BTC (more than $60 million) has been stolen via social media. "In response, bitcoin prices fell to $560.16 by 19:30 UTC, $530 by 23:30 and $480 at press time, CoinDesk USD Bitcoin Price Index (BPI) data reveals," reports CoinDesk. "This price was roughly 20% lower than the day's opening of $607.37 and 27% below the high of $658.28 reached on Saturday, July 30th, when the digital currency began pushing lower."

Re:We were hacked, honest

[chris2net23]

I've never lost any BitCoins. People are just stupid. Stop handing your BitCoins over to third parties. This isn't an issue with BitCoins. It's an issue with stupid. I store my BitCoins on *MY* computer. Not someone else's computer. I have some control over the level of security I wish to maintain. Now I don't run Apple's OS X or Microsoft's Windows OS so it's not like I am taking a big risk here. It's not that you can't compromise GNU/Linux... but the reality is I don't install random software on my computer either. I stick to which has been evaluated by the experts and is properly or semi-properly maintained.

Not even risk, loss virtually guaranteed with BTC

[raymorris]

Really it's not even a RISK that you MIGHT lose your money in bitcoin, it is virtually guaranteed if you hold bitcoin long enough. Bitcoin depends on the security of the SHA-2 hash algorithm. Once SHA-2 is broken, everyone can generate all the BTC they want easily, sending the value to zero.

There have been dozens of hash algorithms. A few which have been popular over the years include RIPEMD, MD5, DES-based (crypt()), SHA-0, SHA-1, and now SHA-2. The first four listed have all been cracked. SHA-1 is mostly cracked and SHA-2 about 35% cracked. Betting that SHA-2 will be the first hash function in history to not be cracked, by holding Bitcoin, is an awefully optimistic bet. Presumably these are the same people who keep thinking you can make uncrackable DRM. Everything is cracked, and when SHA-2 is cracked the rest of the way there goes any value Bitcoin had.

Growing pains of a new technology

[golodh]

I'm happy to hear that yet another piece of "alternative", "stick-it-to-The-Man" payment infrastructure has been burgled. Really.

It injects a much needed note of caution and realism into the dream of technologically focused, realism-challenged (and therefore irresponsible) amateur social engineers.

You see, a large part of the appeal of bitcoin comes from its aura of "under the radar", "the authorities need never find out" financial transactions.

This holds an attraction for several groups, of which two are problematic: outright criminals and their "lets-dodge-the-system" libertarian cousins.

I believe that outright criminals like the possibility of doing financial transactions without giving out your real name. Think "dark net" transactions involving in cybercrime services, malware, botnet control, stolen data, stolen credentials, drugs, weapons, etc. Think suppliers in "Silk Road" transactions.

I think that "lets-dodge-the-system" libertarians, who often figure as end-users of illegal goods and services are attracted to the possibility of doing "under the radar" financial transactions for the same reason: their real name can be kept undisclosed. In part they're happy to purchase illegal goods, in part they're ideologically motivated (as in "we need to grow alternative economy that's outside "government" or "system" control because all government is bad and "the system" is designed to screw us over").

For the first group (criminals) I believe it serves as a useful deterrent, or at least a risk and a complication.

For the second group it serves as a salutary reminder that their fellow citizens are at least as reprehensible as "the government" and just as capable of screwing them over as any "institution". After all, the institutions we have have evolved over several centuries, if not millennia, to strike a balance between freedom, safeguards, responsibility, accountability and free-for-all banditry. Something that starry-eyed, technology fixated "bash-the-system" enthusiasts will only appreciate if hammered home by personal or close-to-personal experience.

Where and how new technologies like bitcoin should fit into our society remains to be seen (and experimentally determined). However, our existing institutions have very real merits and safeguards that have evolved because of human nature itself. Such safeguards (which we all too often take for granted) are lacking from new technological developments and are just as important as the basic functionality. A reminder of which can only be positive.