Originally published Aug 5, 2016
For the past few days, Bitcoiners have been dealing with the recent hack of the world’s leading USD Bitcoin exchange, Bitfinex, for 120,000 bitcoins. News has been trickling out about how margin positions will be settled while their service is shut down. None of the customers really know how much they might lose, but there is talk of a haircut to customers of upwards of 63%.
As rumors propagate and tidbits leak from Bitfinex representatives, we are beginning to get a sense of how some parties view the situation and how it should be handled.
I’d like to add some of my own perspectives on the situation in this post.
BitGo is Partly Responsible
BitGo, the Bitcoin security company that provides wallet services to Bitfinex, said in a blog post yesterday https://blog.bitgo.com/bitfinex-breach-update/
“Our job is to protect your Bitcoin and continue to improve the security of the service. BitGo systems were not breached in this attack and our software functioned correctly.”
BitGo makes it clear that they do not feel they were compromised or responsible for the loss of bitcoins. The post seems to be about damage control, telling people to look elsewhere for answers.
But who wants to use a security company whose solution allowed the rapid theft of 120,000 bitcoins? That is an extremely abnormal volume of coins to be withdrawn in such a time, and their very role is to be one of the guardians. It’s insane that they signed those transactions if they were not compromised and their “software functioned correctly”. If this is “correctly” then I’d certainly hate to see what happens when it malfunctions!
Sorry BitGo, but you don’t get to lose 120,000 bitcoins and get to have a security company anymore. You’ll have to do better than this. I don’t know how, but if BitGo cares about its future, it cares about Bitfinex customers being made whole.
I know I personally could not use a BitGo partner service after this. They have demonstrated that they will sign off on what anyone would consider suspicious transactions.
BitGo Wallets Aren’t Bitfinex Customer Wallets
There is a notion out there that some customers might lose all their Bitfinex bitcoins, while others will lose none or some. This comes from the fact that Bitfinex tries to segregate the bitcoins it holds for its customers into separate BitGo wallets or addresses, and the hacker was not able to steal bitcoins from some of those addresses.
As I see it, BitGo wallets are just the storage solution Bitfinex has chosen to store and account for its own bitcoins. Bitfinex customers do not hold Bitcoins, they hold Bitcoin IOUs. It has to work this way because Bitfinex’s swap lending market makes things complicated as to which customer wallet any given bitcoin might be held in.
If Bitfinex were to treat BitGo wallets that lost bitcoins on a case-by-case basis, that would certainly make BitGo a liable party in this loss. No, if they plan to pass on the loss to customers, it must be socialized among all Bitcoin exposure on the exchange.
Accountability in the Investigation & Unwinding of Positions
Customers deserve a full run-down of how Bitfinex and BitGo were hacked, as well as details about who is handling the investigation of the theft. While Bitfinex has said from the beginning that they are involving the proper authorities, we don’t know which authorities and how appropriate things really are right now. Are those authorities investigating Bitfinex and BitGo, or just trying to catch the hacker? Customers have been largely in the dark for days now.
Bitfinex has made it very clear that they will be unwinding all margin positions for all pairs on the exchange. They have provided the settlement prices they will use, but we still don’t know their method; nor do customers have any say in the matter it seems. How do we know some accounts won’t get special preference in a haircut situation? There is not much reason to trust these companies at this point, is there?
Making Customers Whole
There hasn’t been much talk of how or whether Bitfinex customers might recover their losses from this hack, but there should be. The customers showed no negligence and if Bitfinex and BitGo want to avoid litigation, federal agencies [note]It’s probably too late for this, I already know someone has filed complaints with FINRA, the CFTC, and the SEC. [/note] , or continue to operate as businesses they will have make their customers whole.
Bitfinex itself has invested in Shapeshift.io and Netki: https://www.crunchbase.com/organization/bitfinex/investments
It has been extremely profitable over the years, and its stakeholders certainly have assets too. Sources tell me Bitfinex and/or one/some of its stakeholders are also invested in Tether, as well as Blockstream, Bitcoin’s premiere Bitcoin Core development company.
BitGo’s investors include major entities like Bitfury Capital, Blockchain Capital, and Barry Silbert’s Digital Currency Group. https://www.crunchbase.com/organization/bitgo/investors
There is a lot of big money with a lot on the line here. The custodians of those coins must take a hit to fix this.
There are rumors that Bitfinex may issue a bond or ‘bfxcoin’ as IOUs paying dividends from Bitfinex’s profits to the affected customers going forward. That would be better than nothing, but there should be enough money invested in this clusterfuck of companies to produce a better bailout for these losses.
I hope this is how all these parties are thinking at the very least.