Cryptocurrency exchange Bitfinex never made publica confidential report that found its security lapses responsible for over 119,000bitcoins stolen from the platform in August 2016, the Organized Crime andCorruption Reporting Project (OCCRP) reported on Thursday. The stolen BTCs, worth about $3.2 billion in today’s market,were priced at $71 million at the time.
OCCRP, a global network of investigativejournalists, said it obtained a version of the secret report that says Bitfinex failed to execute operational,financial and technological controls recommended by its digital security partner Bitgo. The network said the report was commissioned by iFinex, the owner andoperator of Bitfinex, and was produced by Canada-based blockchain servicesfirm, Ledger Labs.
Giving further details, OCCRP said the reportclaims that Bitfinex deployed a security system that placed two of its threesecurity keys with an administrator. The keys were required to conduct asignificant operation on the exchange, including transferring bitcoins.
Furthermore, OCCRP citing the document, noted thatBitfinex made the mistake of storing two of the three keys on a single device.It, however, added that while it is not known if the device was compromisedduring the hack, access to it would give a hacker complete access to the cryptoexchange’s internal system and ‘security tokens’.
Additionally, the journalism network said theconfidential report suggested that the hack was probably organized from Poland,going by a detailed examination of the source Internet Protocol address.
Bitfinex Slams OCCRP Report
As reported, Bitfinex told OCCRP that LedgerLabs’ analysis in the report was “incomplete” and “incorrect.” The networkalso quoted Bitfinex as saying that there was “evidence of negligence…on thepart of other counterparties that led to the hack.”
In an undated statement published on its website,Bitfinex also reiterated these points, noting that “assertions made by the OCCRP are factuallyincorrect.” The crypto exchange also bashed a report on the issue published byWired whose journalist worked on the report with the OCCRP.
“Bitfinex refutes the findings of the OCCRP,” said thedigital exchange operator. “As is well known, there is an investigationbeing conducted by authorities into the 2016 hack, with which Bitfinex hascollaborated and shared information over many years.”
In addition, Bitfinex said it will provide fulldetails on the case when investigations are completed, noting that “to make anycomments before the investigation into the breach is concluded would beinappropriate.”
United States Charges Two Suspects
Meanwhile, while the Bitfinex hacker remains atlarge, US prosecutors in February last year charged an American couple for trying to launder about $4.5 billion in cryptocurrency linked to the 2016hack. The US Department of Justice (DOJ) in a statement saidthe government seized more than 94,000 bitcoins connected to the attack from the couple, Ilya Lichtenstein and Heather Morgan. The bitcoins were worth over $3.6 billion at the time.
Furthermore, the prosecutor noted that the BTCs stolen fromBitfinex through over 2,000 unauthorized transactions were sent to a cryptowallet under Lichtenstein’s control. OCCRP reported that the couple pleaded not guilty and are awaiting trial.
“Over the last five years, approximately 25,000 ofthose stolen bitcoins were transferred out of Lichtenstein’s wallet via acomplicated money laundering process that ended with some of the stolen fundsbeing deposited into financial accounts controlled by Lichtenstein and Morgan,” DOJ explained. “The remainder of the stolen funds, comprising morethan 94,000 bitcoins, remained in the wallet used to receive and store theillegal proceeds from the hack,” it added.
Cryptocurrency exchange Bitfinex never made publica confidential report that found its security lapses responsible for over 119,000bitcoins stolen from the platform in August 2016, the Organized Crime andCorruption Reporting Project (OCCRP) reported on Thursday. The stolen BTCs, worth about $3.2 billion in today’s market,were priced at $71 million at the time.
OCCRP, a global network of investigativejournalists, said it obtained a version of the secret report that says Bitfinex failed to execute operational,financial and technological controls recommended by its digital security partner Bitgo. The network said the report was commissioned by iFinex, the owner andoperator of Bitfinex, and was produced by Canada-based blockchain servicesfirm, Ledger Labs.
Giving further details, OCCRP said the reportclaims that Bitfinex deployed a security system that placed two of its threesecurity keys with an administrator. The keys were required to conduct asignificant operation on the exchange, including transferring bitcoins.
Furthermore, OCCRP citing the document, noted thatBitfinex made the mistake of storing two of the three keys on a single device.It, however, added that while it is not known if the device was compromisedduring the hack, access to it would give a hacker complete access to the cryptoexchange’s internal system and ‘security tokens’.
Additionally, the journalism network said theconfidential report suggested that the hack was probably organized from Poland,going by a detailed examination of the source Internet Protocol address.
Bitfinex Slams OCCRP Report
As reported, Bitfinex told OCCRP that LedgerLabs’ analysis in the report was “incomplete” and “incorrect.” The networkalso quoted Bitfinex as saying that there was “evidence of negligence…on thepart of other counterparties that led to the hack.”
In an undated statement published on its website,Bitfinex also reiterated these points, noting that “assertions made by the OCCRP are factuallyincorrect.” The crypto exchange also bashed a report on the issue published byWired whose journalist worked on the report with the OCCRP.
“Bitfinex refutes the findings of the OCCRP,” said thedigital exchange operator. “As is well known, there is an investigationbeing conducted by authorities into the 2016 hack, with which Bitfinex hascollaborated and shared information over many years.”
In addition, Bitfinex said it will provide fulldetails on the case when investigations are completed, noting that “to make anycomments before the investigation into the breach is concluded would beinappropriate.”
United States Charges Two Suspects
Meanwhile, while the Bitfinex hacker remains atlarge, US prosecutors in February last year charged an American couple for trying to launder about $4.5 billion in cryptocurrency linked to the 2016hack. The US Department of Justice (DOJ) in a statement saidthe government seized more than 94,000 bitcoins connected to the attack from the couple, Ilya Lichtenstein and Heather Morgan. The bitcoins were worth over $3.6 billion at the time.
Furthermore, the prosecutor noted that the BTCs stolen fromBitfinex through over 2,000 unauthorized transactions were sent to a cryptowallet under Lichtenstein’s control. OCCRP reported that the couple pleaded not guilty and are awaiting trial.
“Over the last five years, approximately 25,000 ofthose stolen bitcoins were transferred out of Lichtenstein’s wallet via acomplicated money laundering process that ended with some of the stolen fundsbeing deposited into financial accounts controlled by Lichtenstein and Morgan,” DOJ explained. “The remainder of the stolen funds, comprising morethan 94,000 bitcoins, remained in the wallet used to receive and store theillegal proceeds from the hack,” it added.
