Ah, 2016! Doesn’t that seem like it was a very long time ago? It’s easy for us to forget, after the turmoil and trauma of the past few months that the world began going crazy before Covid-19 appeared. In some future rundown of ‘The Most Batshit-Crazy Years of the 21st Century,’ 2016 and 2020 will surely be pretty close in the rankings.
Retrospectively, it appears that 2016 was a year of great success, barring a pandemic around the world and an economic crash. In 2016, there was political turmoil with the US electing an emotionally dysfunctional reality television star to the White House, and Britain voting to exit the European Union.
It seemed like there was an endless parade of music icons saying their goodbyes: Bowie Prince Leonard Cohen George Michael and many more. North Korea. Isis. Chicago Bears breaking curse of the Billy Goat (a big deal for baseball fans in the US). It all looked like it was kicking off.
As people’s faith in the existing order of things began to be shaken, it’s not surprising that cryptocurrencies started to gain popularity. The word ‘bitcoin’ began to be heard more frequently. It was clear that something was happening.
Of course, we all know what followed. The crypto market suffered a shock before the bull run the following year. It’s possible that the Bitfinex hack in August 2016 slipped under most people’s radar, but its effects, just like Trump or Brexit, are still felt four years later. Its ripples continue to echo through the crypto waters today, and recent events have proven that the story is far from over.
Bad News
This is not something that a crypto investor would read in their cereal:
The stolen bitcoins totaled 119.756 or $72 millions. This was back in the days before bitcoins and cryptos went crazy. Today’s prices are more than $1billion. Bitfinex at the time was one of the biggest crypto exchanges on the planet, so the hack may have affected thousands of users.
Bitfinex stored its customer’s funds in multisignature wallets. Withdrawals had to be approved by BitGo Bitfinex, Bitfinex’s custodian. The hackers were able to gain access to several wallets and also figure out how to bypass the withdrawal limits set by BitGo. It was an elaborate and well-planned attack. BitGo, for its part, denied responsibility.
Bitfinex’s procedures for security were naturally scrutinized after the hack. Many questioned why the company did not use cold storage as a complement to its multisig protocol (where private key are stored offline). Some people suggested that someone inside the company must have facilitated the hack. While staff investigated the incident, trading was suspended.
While not as disastrous as the Mt. The hack, although not as catastrophic as the Mt. What was the point of bitcoin or any other crypto currency if hackers seemed to be able rob major exchanges without consequences? The markets reflected this sentiment: bitcoin’s price dropped 20% after the news.
The Reaction
Bitfinex updated users four days after the hack report by publishing a blog post. In it, they said:
‘After much thought, analysis, and consultation, we have arrived at the conclusion that losses must be generalized across all accounts and assets.’
The company decided to share out losses across all accounts in order to lessen the impact on the affected account holders. All customers lost around 36% of the assets they held at the exchange.
Customers were also compensated with BFX tokens at a rate equal to one BFX per dollar lost. These tokens can be redeemed at the exchange, or they can be used to purchase shares in Bitfinex parent company iFinex. Users who chose this option were given Recovery Right Tokens. They could be used to redeem any missing funds.
Unavoidably, there were dissenting opinions raised when this news was announced. It became apparent as more information was revealed that only a small number of accounts were affected. Many of those whose account was untouched and in particular those who had assets other than Bitcoin, protested, which is understandable. Bitfinex justified the policy by claiming that it would have been the standard practice had the company been forced to liquidate.
Despite the uncertainty that many felt about the actions taken, they were successful. Within less than a month all the BFX tokens issued had either been redeemed or traded for RRT. Most impressively, Bitfinex was able to continue to operate and try to make up for their users’ losses.
Bitfinex’s handling and reaction to the crisis were important moments for the cryptocommunity. If the exchange folded, like Mt. Gox, or if it tried to hide or minimize the losses or downplay them in any way. The confidence would have fallen even further.
A security breach would be bad enough. However, if the platform responsible was found to have behaved in an unethical manner, then the public perception of cryptocurrency would have been further damaged. To challenge mainstream finance in the crypto space, it was necessary to show that the platform could handle its setbacks with maturity. On August 10th, a blog announced that the platform is back and running. It ended with an apology:
‘We are aware that many questions remain and we intend to discuss the theft, the distribution of losses, and our recovery plan in follow-up announcements. We’re trying to be transparent while still making the best out of a horrible situation. We regret this loss, but remain confident about Bitcoin, the trading communities, and the plan we have to compensate our clients. We are always open to suggestions and constructive criticism from all parties.
The aftermath
Bitfinex was now faced with three major priorities. They had to compensate their clients for the losses that they suffered, they had to find the missing funds, and they also needed to determine who was responsible.
Since the day of hacking, they have been working closely with all law enforcement agencies in the world to find the missing bitcoins. Sadly, the progress was slow. Bitfinex had promised to return the bitcoins that were lost to Bitfinex users in 2018. This was better than doing nothing but it only represented a fraction (0.023%) of the total amount that went missing.
The trail appeared to be dead, but some funds had been traced to several wallets that were dormant. In June 2019 the Twitter account Whale Alert reported that approximately 172 BTC was moved from one wallet to another address. Then, a few weeks later, the news broke that two Israeli brothers Eli and Assaf Giti were arrested in Jerusalem on suspicion of involvement in the hack.
What is the mystery?
Two luxury cars and a hardware Wallet were seized by police when they raided Eli Gigi’s house. The wallet did not contain funds equal to those stolen during the hack. The brothers were arrested on suspicion of involvement in the Bitfinex Hack, as well a number phishing scams, where Reddit users and Telegram members were lured to fake websites designed to look real crypto exchanges.
The details of their wallet and login were recorded and later used for transferring funds from real exchanges. Both men were involved in crypto-scams for a while before they finally got arrested.
Assaf Gîti is not well-known, and he is said to have remained silent during his interrogation. His older brother Eli appears to be the one with the necessary expertise to have performed the hack.
Graduate of the Hebrew University in Jerusalem, he allegedly joined the elite computer science unit within the Israeli Defence Forces. It is this unit that was responsible for creating the infamous Stuxnet virus, which paralyzed the Iranian nuclear program in 2010.
According to experts, military training isn’t strictly required for the kind of crimes that the brothers have been accused of. Despite this, it is clear that Eli Gigi was more than qualified for the job. Eli confessed his involvement in the crimes of which he was accused. ‘I was wrong, I came from a bad place. I’m an honest boy and I’m sorry. I’m willing.
The plot thickens
If those who were affected by the Bitfinex hack had thought that the arrests of the Gigi brother would put an end to the entire sorry saga they were disappointed. They have been relatively quiet since their arrest. It is likely that Israeli and other law enforcement agencies were assembling a case for trial. The wallets that were thought to hold more missing funds have remained unopened and no arrests have been made.
A small amount of bitcoins was moved in May this year from one of the suspect Wallets. In June it was revealed that some bitcoins were being moved around again. According to reports, some ended up back at Bitfinex. In July, it was reported that some wallets were active again. Over 3,500 stolen bitcoins (worth $39 million) had been moved through a series transactions. Some hackers were still active and were trying to unload their loot.
The crypto-sphere has been tightened up, making it more difficult for hackers to sell stolen funds. The price of bitcoins that were stolen in 2016 has risen dramatically since then.
Bitfinex raised the stakes even higher earlier in this month. On Tuesday, 4th August, an announcement stated that Bitfinex was offering a reward to anyone who could provide information about the hackers. The reward didn’t end there. The post continued to state that hackers would receive rewards if they return the stolen funds. The statement then confirmed the details of the prize, saying:
If all bitcoins were recovered, the aggregate rewards under this program would be approximately US$400,000,000 at current BTC prices. The bitcoins lost in 2019 and the recovered ones are worth $1.344billion today. 30 per cent, or $403,288,427, is included.
The hackers were told to transfer 1 satoshi (one satoshi) from the wallet associated with the hack, to a wallet controlled by Bitfinex. The hackers do not seem to have done this yet.
Unfinished Business
Bitfinex’s decision of offering such a large reward to those that hacked the exchange four years ago can be viewed in different ways. Some people may view this as a good thing, showing that the exchange wants to recover the funds. Bitfinex are trying to portray the announcement as a positive one. ‘further evidence of our determination to obtain the lost property.‘
Bitfinex’s desire to move forward from the events in 2016 is understandable. The scandal damaged the reputation, even though the exchange compensated their users. The exchange was once a major crypto-exchange in the world. However, it has fallen down the rankings since then.
The recent scandals aren’t helping matters, but it is the stain that has been left behind by being hacked and losing such a large sum of money. It may be the hardest to remove. Security has been improved and hard lessons have been learned.
One way to look at the announcement is as a surrender that could set a dangerous precedent. Bitfinex’s detractors will see this as Bitfinex making a last-ditch effort and encouraging hackers to do the same.
A 25% share in the stolen bitcoins is a large sum, and given the increasing security of exchanges it should be a strong incentive for the hackers. The $403 million dollar sum is enough for most people to live comfortably. The question is whether this payment will deter law enforcement agencies from pursuing the case.
Some will argue that giving thieves a piece of their merchandise in exchange for returning the rest of it is an unorthodox way to do business. Were we likely to see mainstream financial institutions or banks take a similar step under similar circumstances? Why would people trust cryptocurrencies when such crimes will be rewarded in the end? What prevents hackers from using this money to fund other crimes? Bitfinex’s statement raises more than a few questions.
Upon trial of the Gigi Brothers, it is likely that more information will be disclosed about the hack and stolen funds. The heist was not orchestrated by the brothers alone, but they may not be able or willing to name their accomplices. It will certainly be fascinating to find out if and how they will be sentenced.
We’ll have to see what happens. If this whole saga has taught us anything, then it is that crypto platforms will need to always have security in the forefront of their mind. Since 2016, security protocols have advanced dramatically.
The past can sneak up on you at the most unexpected times. Whatever your views on the reward being offered and its potential consequences, there can be no disagreeing with one aspect of Bitfinex’s statement: ‘Our community cannot afford to be complacent when criminal gangs invent new frauds.‘
