Skip to content

Instantly share code, notes, and snippets.

Created Aug 3, 2016
What would you like to do?
Reddit comments from Bitfinex employee
We haven't used the hot/cold wallet setup since our implementation with bitgo as each user has their own wallet that the funds are stored in.
"Afaik, Finex doesn't have something like a hot wallet, each user's coins are held in a separate multisig wallet which can be checked on BitGo."
"Correct, other currencies were not affected. We don't have a ballpark right now, as soon as details like this become available i'll share them."
No fiat was stolen, only btc.
We have segregated customer wallets, not hot/cold as each user has their own wallet. We can't release details about the breach at this time as we're still investigating, but no, we did no lose all or nearly all of the bitcoin.
Some users' bitcoin has been stolen, and no there is no insurance for this.
My assumption with what he meant is that the user didn't login to users accounts which may imply that login credentials have been compromised, which isn't the case here.
We have one private key that we use to sign transactions, bitgo then has a key that they use to sign transactions, and there's one key that's kept in cold storage.
We haven't have a hot/cold wallet setup since the bitgo implementation. Instead each user has their own wallet with limits on how much it can withdrawal as well as a global limit. We're still investigating how they were able to compromise this setup.
>"If not, this appears to be a BitGo hack every bit as much as a Bitfinex hack."
Doesn't appear to be, it looks like this was a compromise on our end.
I didn't say that BitGo wasn't involved, I said that it doesn't look like they were compromised. And no, I don't believe our back-up keys were compromised but the investigation is still ongoing on how exactly we were compromised.
I can confirm that not all customer funds were lost.
Was not internal.
There were a number of security practices that were in place to make this the most secure, yet transparent way of securing funds and we used the company that prides itself and specializes in bitcoin storage. How these practices were bypassed, we're still investigating.
I can confirm that ETC was not affected by the hack.
Only bitcoin was stolen in the hack ETH and ETC were unaffected.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment