Major cryptocurrency exchange Bitfinex suffered a terrible hack in 2016 that saw over a billion dollars’ worth of cryptocurrencies transferred out of its platform. To mark the event’s anniversary, the exchange is offering what could very well be the highest bounty ever in the crypto industry.
Making Things Right
Earlier today, Bitfinex published a blog post explaining that it offered up to $400 million in rewards for anyone who could provide useful information concerning the hack. The company’s post reeked surprising desperation, as the exchange claimed that it was prepared to reward the hackers behind the attack if they turned themselves in.
Bitfinex’s hack was one of the most significant in the crypto industry. On August 4, 2016, hackers breached the exchange’s internal security systems and managed to conduct about 2,072 unwarranted transactions. In total, the exchange lost 119,756 BTC tokens — worth about $350 million at the time, but well over $1.3 billion today.
After several investigations, sources revealed that Bitfinex’s problem was with its account-structuring process. The company had partnered with top crypto payment processor BitGo in 2015 to create a system that provided each user with a multi-signature wallet, with keys being divided amongst several users.
In a press release at the time, Bitfinex explained that the wallets were necessary to move on from the era of “commingling customer Bitcoin and the associated security exposures. Its platform would create a set of keys for users, with a 2-of-3 key arrangement that would give two keys to Bitfinex and one to BitGo.
However, customers soon started complaining that their accounts were being drained. That was the beginning of the problem, and when the dust settled, Bitfinex had lost a significant amount of funds.
The Hack’s Fallout
The exchange has thus far managed to weather the storm and is still functional — a fate that many hacked exchanges (like Mt. Gox) haven’t been lucky to enjoy. Still, it is resolute in its mission to find the missing funds and be made whole again.
In today’s blog post, the company explained how its bounty system would work, saying:
“Those who put Bitfinex in contact with the hacker will receive 5% of the total property recovered (or equivalent funds or assets at current market values), and the hackers will receive 25% of the total property recovered (or equivalent funds or assets at current market values).”
The company added that it would classify any funds it pays to whistleblowers as a cost of recovery for stolen property. It’s also worth noting that Bitfinex has had some luck with recovering some of the funds. Early last year, the company announced that it had collaborated with international law enforcement agencies and the United States government to retrieve 27.66270285 BTC, worth a little over $104,000 at the time.
However, the hackers have also been pretty busy moving their ill-gotten loot. Last year, asset movement tracker Whale Alert posted on Twitter that hackers moved about 30 BTC (worth $351,000 at the time) from their wallets. Then, Whale Alert posted in a series of tweets that they moved another 3,503 BTC (worth $38 million) over 12 transactions between July 27 and 28, 2020.