Bitfinex Hackers Move $38 Million in Stolen Funds Author: Jimmy Aki Last Updated: 31 July 2020 Hackers appear to be moving some money from one of the most infamous hacks in the history of the crypto space. Yesterday, crypto-asset tracker Whale Alert posted a series of tweets showing that wallet addresses associated with a hack on famous exchange Bitfinex had moved 3,503 BTC (worth about $37.8 million) over 12 transactions. An Unfortunate Event The transactions happened between July 27 and 28, with the largest of them being a single 476.32 BTC (about $5.2 million) movement. The smallest transaction involved 2.612703 BTC ($28,849 at press time). The last notable move from these wallets came in August 2019, when the hackers moved about 30 BTC from the wallets. As Whale Alert noted at the time, the tokens were worth about $351,000. All these funds came from a 2016 hack on Bitfinex, which saw the exchange lose about 119,756 BTC in customer funds. While the value of assets stolen at the time was about $350 million, that number would have ballooned to about $1.3 billion today. Investigating further, news sources found that Bitfinex’s vulnerability was its account-structuring process and the use of Bitcoin wallet provider BitGo as a security layer for customer transactions. In 2015, BitGo and Bitfinex created a system to provide each customer with multi-signature wallets, where keys are divided among several owners. The companies heralded the multi-sig system as a means of mitigating risk and losses. In a press release, Bitfinex explained that it was essentially bringing an end to the era of “commingling customer Bitcoin and the associated security exposures. As the exchange’s quote showed, both companies sought a reliable alternative to the standard process of managing wallet keys. Users would have their set of keys created on the platform, with a 2-of-3 key arrangement that would give Bitfinex two of the keys, and BitGo gets the third one. So, BitGo would have to sign off on large-value withdrawal transactions. Somehow, however, the hackers managed to get their hands on a bunch of customer wallet keys. Soon enough, exchange customers started complaining that their accounts were being drained. Fallout from the Hack When the dust settled, Bitfinex had lost a substantial amount of customer funds. Essentially all the stolen Bitcoins had remained missing since the hack. However, Bitfinex announced early last year that the United States government had retrieved some of the Bitcoins that it lost in the hack. Per a company blog post, the exchange managed to get back 27.66270285 BTC, worth a little over $104,000 at the time. Bitfinex added that it had collaborated with international law enforcement agencies to assist with investigations into the hack. Apart from the retrieved Bitcoins, not much has been heard since then. If today’s action shows anything, it is that these hackers are still very much at large. The hack represented the largest in the crypto space since that of Mt. Gox in 2014. However, while Mt. Gox’s hack forced the exchange to close shop, Bitfinex managed to keep operating even after its mishap. Today, Bitfinex is back to being one of the biggest, most famous cryptocurrency exchanges.