Alos at press time, Bitfinex remains offline, with its message announcing the hack still visible to users.
What is clear, though, is that the impact is far-reaching.
Advocacy group Coin Center, however, moved to dismiss the claim that the CFTC was to blame, arguing that multi-sig is one of a number of security approaches and, like others, is prone to vulnerability or failure.
"The era of commingling customer bitcoin and all of the associated security exposures is over."
Is the CFTC to blame?
Bitcoin prices have fallen sharply
At press time, the value of the 119,756 BTC stolen from Bitfinex stands at roughly $66m, or about 18% of what was lost by Mt Gox.
Other market observers were quick to speculate on whether the outage could lead to complications at other exchanges that may have been using Bitfinex as a source of liquidity.
Who is to blame?
Bitfinex settled with the US Commodity Futures Trading Commission (CFTC) earlier this year over alleged trading violations, paying a $75,000 settlement while neither admitting or denying the charges.
At press time, it’s unclear if any smaller exchanges were impacted, and smaller exchanges contacted by CoinDesk reported no disruptions.
Image via Shutterstock
In an email, Kraken CEO Jesse Powell said that while he couldn't offer details on the exchange's security measures, he remarked that "we're confident in our configuration" in light of the Bitfinex breach.
While the full extent of customer losses on an individual basis is unclear, signs indicate a significant subset of the bitcoin trading community was impacted.
Some users expressed exasperation despite having security measures like two-factor authentication in place, in which secondary devices (like a mobile phone) are used to provide an additional passkey layer.
As referenced in the quote, the companies sought to find an alternative to the standard process used by exchanges at the time that saw customer funds co-mingled in larger offline wallets and connected or "hot" wallets used to meet liquidity demands.
Were other exchanges impacted?
Whether BitGo is deemed at fault, it may be losing the battle of public opinion.
In statements to CoinDesk, however, exchanges Kraken and Bitstamp indicated that their approaches to implementing BitGo's multisig technology differed from that of Bitfinex.
At issue, the CFTC said at the time, was how the exchange held control of bitcoin private keys tied to user funds connected to financed trading. The agency’s view was that these bitcoins weren’t actually "delivered" following the purchase of them, but rather remained under the control of Bitfinex.
Is BitGo's business model at risk?
In the hours following the news, community members took to Twitter and Reddit to report that their accounts had been drained.
The exchange declared at the time:
Rather, each Bitfinex user has their own set of keys created on the platform, using a 2-of-3 key arrangement whereby Bitfinex held two of the keys (including one offline) and BitGo used the third to co-sign transactions.
More than $60m worth of bitcoin was stolen from one of the world's largest digital currency exchanges yesterday, and nearly 24 hours later, the event is still shrouded in mystery.
Yesterday, BitGo took to social media to state that an internal investigation had turned up no evidence of a server breach on their end.
"For now I can already say that Bitstamp's implementation of BitGo's MultiSig technology is fundamentally different from the one at Bitfinex," Vasja Zupan, head of business development for Bitstamp, told CoinDesk.
Bitfinex remains offline
Press materials from last year also indicate that Bitfinex's relationship with BitGo predates the CFTC's investigation.
Given the amount of money involved, many in the community have been searching for a scapegoat.
When will fiat funds be accessible?
Statements from Bitfines suggest that the company is looking to initially bring the site online so that users can check their balances and determine whether their accounts have been drained.
One obvious target has been Bitfinex itself, which had possession of two of the three private keys needed for the funds lost from multi-signature accounts. Others have questioned whether weaknesses in BitGo's model were exposed in the incident as well.
Multi-signature accounts were impacted
Since the hack, some critics pointed to that language in the CFTC settlement as creating the ideal conditions for the theft by prohibiting Bitfinex from using cold storage for customer funds.
It is known that Bitfinex did offer an API and that it was at one time used by exchanges, though the primary end markets appeared to be brokers and traders.
Yet despite the assurances, some observers have blamed the service for "blindly signing" the withdrawal of nearly 120,000 BTC and wondered why no potential countermeasures were in place in the event of a movement of funds of that size.
Yet statements from exchanges about the viability of their own BitGo implementations suggest that at least some of the service's customers aren't looking to make any changes, at least for now.
Announced in 2015, Bitfinex and BitGo created a system whereby multi-signature wallets, those where keys are divided among a number of owners to manage risk, would be provided to each customer.
Such an issue was exposed by a hack at Bitstamp in early 2015, when exchanges, merchants and ATM providers connected to the exchange experienced a notable disruption.
One prevailing question among customers is the status of deposits not denominated in bitcoin. Since the hack was first revealed, Bitfinex stated that only its bitcoin holdings were impacted.
One major exchange representative said that the incident had raised issues with the multi-sig security model and that further rollout was likely be delayed as a result of the breach.
In order to withdraw such a large amount of funds, BitGo would likely have had to sign off on those transactions.
Prices fell by nearly 20%, tumbling as low as $480 USD before recovering.
The Bitfinex theft represents the largest loss of bitcoins by an exchange since Japan's infamous Mt Gox lost 744,408 BTC in early 2014 (worth $350m), a breach that would ultimately cause it to cease operations.
Answers may be coming soon, however. Representative Zane Tackett, who has been responding to queries via social media since the incident first came to light, said that more updates are forthcoming.
Sources close to the exchange have largely avoided offering comment on whether the 119,756 BTC stolen represents the full extent of the hack, and Bitfinex itself has yet to publish any findings from its ongoing internal investigation.
The source of the vulnerability appears to lie in how Bitfinex structured its accounts and its use of bitcoin wallet provider BitGo as an additional layer of security on customer transactions.
One of the most direct impacts of the Bitfinex hack could be seen in the price of bitcoin, which plunged after the news broke.
More than a few customers are now taking to social media to ask when they’ll be able to access or withdraw those funds.
Here’s what we know (and what we don’t know) so far:
At press time, the price of bitcoin is approximately $552, according to the CoinDesk Bitcoin USD Price Index, up roughly $70 from yesterday's low.
Sources suggest BitGo's business model was primarily based on charging enterprise clients for services, and that bitcoin exchanges were the company's primary target market.
On the other hand, funds transferred to the exchange following the hack are said to be secure, but the exchange has yet to release details on both when and how withdrawals will be managed.
With 30-day transaction volumes just above 600,000 BTC, the hack was roughly one-sixth of the size of the exchange's monthly orders.
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in BitGo.
Given the size, the theft has sparked confusion and frustration among market traders and observers since it was announced.
Bitfinex customer losses significant
Richemont Director Jin Keyu Joins Blockchain Startup as Adviser
Richemont, the Swiss luxury goods giant that owns Cartier, will potentially utilize blockchain in a move aimed to bring transparency to its supply chain.
Jin Keyu, a renowned economist and an assoc
Thailand Is Planning a 'Bond Coin' for Faster Securities Settlement
A self-regulatory organization in Thailand is planning to create a custom token aimed to speed up corporate bond settlement in the country.
The Thailand Bond Market Association (TBMA) said it has r
G20 Watchdog Releases Framework for 'Vigilant' Crypto Monitoring
The Financial Stability Board (FSB), an organization focused on analyzing and making recommendations to the G20 on global financial systems, has presented a framework for monitoring cryptocurrency ass
Report: World's Biggest Asset Manager BlackRock Exploring Bitcoin
Global investment management company BlackRock is reportedly mulling a move into bitcoin.
According to a Financial News London report on Monday, the New York-based asset manager has now set up a wo
A Crypto Exchange Is Buying Back $24 Million-Worth of Its Own Tokens
FCoin, a new cryptocurrency exchange that saw spiking trading volume recently due to its controversial revenue model, has revealed a plan to buy back millions of its own tokens to provide capital for
Hong Kong's Blockchain Trade Finance Platform to Go Live By September
The Hong Kong Monetary Authority (HKMA), the autonomous Chinese territory's de facto central bank, is poised to launch a live blockchain trade finance platform within two months.
"The Trade Finance
Peter Thiel, Bitmain Co-Founder Invest in EOS Developer Block.one
EOS protocol maker Block.one has received new backing from a number of big-name investors, including PayPal co-founder Peter Thiel.
In a fresh round of funding – the amount of which was not disclos
Court Approves Alleged Bitcoin Money Launder's Extradition to France
A Russian national accused of laundering billions of dollars on the now-defunct crypto exchange BTC-e could soon be extradited to France following a court decision.
Since his arrest last summer, Al