After $65 million hack, questions arise over whether Bitcoin can be safe
It seemed bitcoin exchange Bitfinex was doing all the right things. In the end, that didn’t stop hackers from stealing $65 million.
The latest in a long list of attacks on the digital currency since its birth in 2009 has been particularly vexing for the bitcoin community.
Not only was Bitfinex the largest exchange for U.S. dollar transactions, but the hack shows that the industry hasn’t figured out critical security, despite years of learning from mistakes and making infrastructure improvements.
Even as the incident has triggered calls for audits in certain parts of the industry, experts don’t anticipate the investigations will unearth new ways of radically strengthening protection.
What’s more telling, they say, is that the community’s willingness to vilify targets while shrugging off industry-wide solutions is a sign it will happen again. “There is a long tradition of blaming the victim in the bitcoin community,” said Emin Gun Sirer, a Cornell University computer science professor who researches the currency. “But when you have a six-year-long history of near-continuous key theft, at some point, we have to stop shirking off the responsibility.”
Bitfinex imposed a levy on customers to cover the lost $65 million, taking 36 percent of everyone’s assets regardless of whether they had been hit by the hackers. The price of bitcoin also plunged on news of the hack, slashing the value of the digital currency well beyond Bitfinex. Collectively, investors have lost about $1.2 billion since the attack, according to data from Coindesk.
That’s not to say bitcoin security hasn’t come far, through the efforts of thousands who work and volunteer to improve the digital currency. Since Mt. Gox — at one time the world’s largest exchange — was hacked for $450 million in early 2014, most venues have adopted tough security measures, including segregated client accounts, external audits of systems and two-factor authentication for securing logins.
Another step forward has been multi-signature security, which splits the private keys attached to every bitcoin into several copies and hides them in multiple locations. The technology requires a signoff from a majority of the copies before the bitcoin can be moved again. That forces hackers to breach multiple systems before they can get access to funds.