{"id":79530,"date":"2023-05-29T19:45:25","date_gmt":"2023-05-29T16:45:25","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=79530"},"modified":"2025-09-11T11:34:25","modified_gmt":"2025-09-11T08:34:25","slug":"journalists-reveal-details-of-bitfinex-hack-report","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/journalists-reveal-details-of-bitfinex-hack-report\/","title":{"rendered":"Journalists reveal details of Bitfinex hack report"},"content":{"rendered":"

The bitcoin exchange Bitfinex failed to implement ‘operational, financial and technological controls’, which made the 2016 hack possible. The report, as stated<\/a> on the OCCRP website.<\/p>\n

OCCRP brings together media outlets and investigative reporters conducting journalism in Eastern Europe, Central Asia, Latin America and Africa. The main funding comes from USAID<\/span>.<\/p>\n

The centre claims to have obtained access to a confidential incident-investigation report. It was prepared by the Canadian firm Ledger Labs at the request of iFinex, the parent company of Bitfinex.<\/p>\n

According to the document, the trading platform did not implement the measures proposed by its partner BitGo. The investigation states that Bitfinex used a system that requires an administrator to hold two of three security keys to execute any major operation. The company ‘made a critical error’ by keeping two keys on a single device.<\/p>\n

The document also states that the exchange lacked other basic security measures, including server activity logging and a ‘withdrawal whitelist’.<\/p>\n

Journalists stressed that they could not independently verify the report’s findings. According to them, Bitfinex did not challenge the document’s veracity, and its author Michael Perklin cited a non-disclosure agreement.<\/p>\n

Meanwhile, representatives of the exchange told OCCRP that Ledger Labs’ analysis was ‘incomplete’ and ‘incorrect’. They said there was ‘evidence of negligence’ by other counterparties that led to the hack.<\/p>\n

Ledger Labs did not respond to journalists’ requests. BitGo declined to comment, but did not dispute the existence of the document.<\/p>\n

As a result of the hack in early August 2016, Bitfinex lost nearly 120,000 BTC (about $71.8 million at the time, over $3.3 billion at current prices) and suspended trading for a time.<\/p>\n

In May 2020, unknown actors moved 30.667192 BTC to anonymous addresses. Later, 4571 BTC and 473.3183 BTC<\/a> moved. <\/p>\n

In August 2020, Bitfinex announced a $400 million reward<\/a> for help in recovering the stolen funds. In October, the attackers moved bitcoins worth more than $30 million<\/a>, and in December \u2014 in total 7,045.48 BTC<\/a>.<\/p>\n

On February 1, 2022, 94,643 BTC moved<\/a>. In the same month, U.S. authorities arrested<\/a> 34-year-old Ilya Lichtenstein and 31-year-old Heather Morgan on charges of laundering 119,754 BTC stolen from Bitfinex.<\/p>\n

Representatives of the U.S. Department of Justice also announced the largest seizure of digital assets in the department’s history \u2014 94,636 BTC ($3.6 billion at the time).<\/p>\n

Morgan was released on $3 million bail<\/a>. The court found that there was no substantial evidence against her beyond the assertion that she allegedly received funds related to the case.<\/p>\n

The streaming service Netflix<\/a> announced a documentary series about Morgan and Lichtenstein.<\/p>\n","protected":false},"excerpt":{"rendered":"

The bitcoin exchange Bitfinex failed to implement ‘operational, financial and technological controls’, which made the 2016 hack possible.<\/p>\n","protected":false},"author":1,"featured_media":79531,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[95,1154,1323],"class_list":["post-79530","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitfinex","tag-crimes","tag-investigations"],"aioseo_notices":[],"amp_enabled":true,"views":"82","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/79530","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=79530"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/79530\/revisions"}],"predecessor-version":[{"id":79532,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/79530\/revisions\/79532"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/79531"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=79530"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=79530"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=79530"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}