Interim Update - Bitfinex blog
15565
post-template-default,single,single-post,postid-15565,single-format-standard,bridge-core-3.0.6,et_bloom,qode-page-transition-enabled,ajax_fade,page_not_loaded,,qode-title-hidden,qode_grid_1300,footer_responsive_adv,qode-content-sidebar-responsive,qode-child-theme-ver-1.0.0,qode-theme-ver-29.3,qode-theme-bridge,qode_header_in_grid,wpb-js-composer js-comp-ver-6.10.0,vc_responsive

Interim Update

We are now in a position to offer our customers and the public updates on a few key areas associated with the security breach that occurred on August 2nd. Specifically, we want to provide you with preliminary information about the breach itself and about security enhancements that have been made to prevent its recurrence. We also need to give you some further background on the commitment of resources to the effort to satisfy outstanding customer losses through the tokens.

Ledger Labs Inc., a top blockchain forensics and technology firm, is undertaking an analysis of our systems to determine exactly how the security breach occurred and to make our system’s design better going forward. We engaged Ledger Labs in the hours immediately after the attack happened. The investigation is ongoing. We are also in the process of engaging Ledger Labs to perform an audit of our complete balance sheet for both cryptocurrency and fiat assets and liabilities.

The exact attack vector is as yet unknown, but Ledger Labs has already identified certain areas in our architecture that can be improved. Ledger Labs is working closely with our development and operations personnel to ensure that all of their recommendations are understood and fully implemented. The key security breach, which allowed the amount of bitcoin released has been squarely addressed. We have currently suspended use of the third party segregated multi-signature wallet solution and have re-implemented robust and safe multi-signature cold storage procedures, with minimal coins exposed on our hot wallet. We are reassessing our storage options, both internally and with potential third party multi-sig vendors.

We would like to address some stories that have circulated online stating that management has contributed no property to compensating our customers. This is false. Management has committed all reserves of the business with a view to making our customers whole. Moreover, any principals and employees of the business with any property on Bitfinex were subject to the loss allocation. In point of fact, two out of the top ten BFX token-holders are in our management team. We assure everyone that we feel the loss acutely, both as a company and as individual customers.

However, we need to be clear that we have also, after committing those resources, held back certain amounts to pay our forensic investigators, to hire auditors and other advisors to work through these issues, to build our systems so that this security breach does not happen again, and for other contingent liabilities—all of which takes time and money. Our best efforts to repay customers can only bear fruit with the determination and resources to make it happen. We are committed to deploying all of our resources to getting this done. To the extent that reserves are not needed for these purposes, they will be used to redeem token-holders as quickly as possible.

We are actively engaged with efforts to convert certain qualifying token-holders to shareholders of Bitfinex and to redeeming the remaining BFX tokens through a combination of new capital and earnings. We have re-enabled most of the features on the platform and are deeply grateful to our customers, who continue to trade with and help us rebuild our brand. As always, we continue to listen to our customers and welcome their feedback, questions, and concerns.

We will continue to provide further updates as and when we are able.

The Bitfinex Team