Bitfinex Hack 2016
Depending on where your toss the marker, Bitfinex lost somewhere between $56 and $77 million dollars (USD) worth of bitcoin the other day. The spot was as high as $650 and as low as $471 during the "holy shit" period of confusion that let to a decline in fair market value. 

Although the price has recovered somewhat, it still remains under $600 and Bitfinex is diligently working on relaunch having restored some services and slowly rolling out restoration of others.

Part of this relaunch is determining what happened and how to prevent the same from happening again while another part is to determine how to handle the stolen bitcoin and who should bear the burden of the loss. This is immediately and undeniably apparent that 99.9% of the users on Bitfinex are not liable and cannot be held accountable however it appears as if this very thing is being proposed by Bitfinex in a "socialized loss sharing" program where users will eat the loss. 


You have to be kidding me. Do users share in the profit too? Socialized profit sharing program? It's one thing to payback customers transparently and over time like Poloneix did when they suffered a breach of similar fashion and its one thing to eat the loss as Bitstamp did back in 2015 when $5 million USD was stolen. No user funds were debited and Bitstamp took the hit and moved along. It is an entirely different approach to put the burden on users and make up a "socialized loss" sharing anything. 

They claim the details have not been pounded out which means they haven't spent allot of time on this. Well DUH!! That's apparent from the introduction of the concept alone. 

Bitfinex should carefully evaluate what this means to them for long term survival since pinning these losses on it user base while it relaunches and start rolling in the profit again is a poor decision that will likely not be easily forgotten. 

Bitfinex, and Bitfinex alone, should assume this loss, even if this is over a long period of time. People choose and exchange to trade on for the safety and activity on that exchange and when they leave assets secured properly in the custody of Bitfinex, they expect them to be exactly that. Secure.

The BitGo Factor

The only exception to the above would be if BitGo is in some way liable. There's been some speculation on BitGo's involvement of which has been answered with very little to no detail by BitGo other than saying they are not responsible for the losses. With a growing number of people demanding answers BitGo offered this non-explanation:

For the last 48 hours, I’ve been in the frustrating position of having to tell you that “due to an active investigation, I can’t give you answers.” I want to give you answers, and BitGo wants to give you answers, but we really just can’t right now.

First of all, this is in line with proper procedure so BitGo needs to be given some leeway. You do not start barking out detail of a hack on day one. For an example of exactly how not to handle this see the Ethereum DAO hack

Secondly, you have to understand how BitGo works and although they do say Bitfinex had a "special configuration", its not exactly possible to hack BitGo or its customer and obtain funds from the wallet since both parties are required for a multisig transaction. To the point this was automated by Bitfinex then this can certainly happen however wouldn't appear to be the liability or fault of BitGo unless there was a security breach.

Third, there are other ways to implement BitGo. You do not have to use a pooled wallet of funds, it's just a cheaper route.  Just to make that clear.

As far as socialized loss sharing, this may undoubtedly come with a subsequent socialized exodus program, so Bitfinex may want to man up and pay the bill.

However despite the terrible sound of a "socialized loss" program, it still sounds a hell of allot better than "Hard Fork".

Report by dinbits
Image source: dinbits staff

The opinions expressed by authors of articles linked, referenced, or published on do not necessarily express, nor are endorsed by, the opinions of or any of its affiliates.

Post a Comment

Powered by Blogger.