• bitcoinBitcoin (BTC) $ 65,804.00
  • ethereumEthereum (ETH) $ 3,007.70
  • tetherTether (USDT) $ 0.999975
  • bnbBNB (BNB) $ 581.64
  • solanaSolana (SOL) $ 161.93
  • usd-coinUSDC (USDC) $ 0.999961
  • xrpXRP (XRP) $ 0.518577
  • staked-etherLido Staked Ether (STETH) $ 3,004.57
  • the-open-networkToncoin (TON) $ 6.72
  • dogecoinDogecoin (DOGE) $ 0.155801
  • cardanoCardano (ADA) $ 0.459553
  • shiba-inuShiba Inu (SHIB) $ 0.000025
  • avalanche-2Avalanche (AVAX) $ 34.65
  • tronTRON (TRX) $ 0.124874
  • wrapped-bitcoinWrapped Bitcoin (WBTC) $ 65,808.00
  • polkadotPolkadot (DOT) $ 6.96
  • bitcoin-cashBitcoin Cash (BCH) $ 457.55
  • nearNEAR Protocol (NEAR) $ 8.15
  • chainlinkChainlink (LINK) $ 13.98
  • matic-networkPolygon (MATIC) $ 0.688119
  • litecoinLitecoin (LTC) $ 82.34
  • fetch-aiFetch.ai (FET) $ 2.28
  • internet-computerInternet Computer (ICP) $ 12.39
  • uniswapUniswap (UNI) $ 7.37
  • leo-tokenLEO Token (LEO) $ 5.97
  • daiDai (DAI) $ 0.999903
  • pepePepe (PEPE) $ 0.000010
  • render-tokenRender (RNDR) $ 10.74
  • ethereum-classicEthereum Classic (ETC) $ 26.97
  • hedera-hashgraphHedera (HBAR) $ 0.109906
  • first-digital-usdFirst Digital USD (FDUSD) $ 0.999333
  • aptosAptos (APT) $ 8.51
  • wrapped-eethWrapped eETH (WEETH) $ 3,118.44
  • immutable-xImmutable (IMX) $ 2.35
  • crypto-com-chainCronos (CRO) $ 0.125893
  • cosmosCosmos Hub (ATOM) $ 8.44
  • mantleMantle (MNT) $ 0.991531
  • filecoinFilecoin (FIL) $ 5.82
  • blockstackStacks (STX) $ 2.16
  • stellarStellar (XLM) $ 0.107135
  • okbOKB (OKB) $ 49.71
  • dogwifcoindogwifhat (WIF) $ 2.97
  • renzo-restaked-ethRenzo Restaked ETH (EZETH) $ 2,954.73
  • the-graphThe Graph (GRT) $ 0.309486
  • arweaveArweave (AR) $ 44.05
  • kaspaKaspa (KAS) $ 0.121839
  • bittensorBittensor (TAO) $ 391.93
  • arbitrumArbitrum (ARB) $ 0.985078
  • makerMaker (MKR) $ 2,789.91
  • optimismOptimism (OP) $ 2.47
  • vechainVeChain (VET) $ 0.035504
  • moneroMonero (XMR) $ 134.78
  • ethena-usdeEthena USDe (USDE) $ 1.00
  • suiSui (SUI) $ 0.996677
  • fantomFantom (FTM) $ 0.804686
  • injective-protocolInjective (INJ) $ 23.78
  • thorchainTHORChain (RUNE) $ 6.40
  • theta-tokenTheta Network (THETA) $ 2.13
  • flokiFLOKI (FLOKI) $ 0.000216
  • rocket-pool-ethRocket Pool ETH (RETH) $ 3,325.65
  • bonkBonk (BONK) $ 0.000025
  • coredaoorgCore (CORE) $ 1.84
  • celestiaCelestia (TIA) $ 8.92
  • sei-networkSei (SEI) $ 0.546980
  • galaGALA (GALA) $ 0.044227
  • jupiter-exchange-solanaJupiter (JUP) $ 1.16
  • bitget-tokenBitget Token (BGB) $ 1.10
  • algorandAlgorand (ALGO) $ 0.179914
  • lido-daoLido DAO (LDO) $ 1.63
  • mantle-staked-etherMantle Staked Ether (METH) $ 3,096.17
  • whitebitWhiteBIT Coin (WBT) $ 9.90
  • quant-networkQuant (QNT) $ 96.37
  • akash-networkAkash Network (AKT) $ 5.84
  • flowFlow (FLOW) $ 0.872800
  • aaveAave (AAVE) $ 86.05
  • bitcoin-svBitcoin SV (BSV) $ 63.37
  • beam-2Beam (BEAM) $ 0.025064
  • ondo-financeOndo (ONDO) $ 0.841803
  • singularitynetSingularityNET (AGIX) $ 0.943507
  • bittorrentBitTorrent (BTT) $ 0.000001
  • dydx-chaindYdX (DYDX) $ 2.05
  • flare-networksFlare (FLR) $ 0.027891
  • elrond-erd-2MultiversX (EGLD) $ 40.72
  • neoNEO (NEO) $ 15.40
  • ethenaEthena (ENA) $ 0.729342
  • cheeleeCheelee (CHEEL) $ 19.04
  • worldcoin-wldWorldcoin (WLD) $ 5.02
  • chilizChiliz (CHZ) $ 0.121144
  • gatechain-tokenGate (GT) $ 8.12
  • axie-infinityAxie Infinity (AXS) $ 7.27
  • zebec-protocolZebec Protocol (ZBC) $ 0.020518
  • wormholeWormhole (W) $ 0.567515
  • the-sandboxThe Sandbox (SAND) $ 0.440025
  • msolMarinade Staked SOL (MSOL) $ 192.25
  • tokenize-xchangeTokenize Xchange (TKX) $ 12.16
  • ecasheCash (XEC) $ 0.000049
  • jasmycoinJasmyCoin (JASMY) $ 0.019953
  • kucoin-sharesKuCoin (KCS) $ 9.75
  • eosEOS (EOS) $ 0.802985
  • tezosTezos (XTZ) $ 0.915750
  • safeSafe (SAFE) $ 2.09
  • mina-protocolMina Protocol (MINA) $ 0.802065
  • book-of-memeBOOK OF MEME (BOME) $ 0.012753
  • aioz-networkAIOZ Network (AIOZ) $ 0.797626
  • roninRonin (RON) $ 2.68
  • conflux-tokenConflux (CFX) $ 0.211769
  • havvenSynthetix Network (SNX) $ 2.60
  • starknetStarknet (STRK) $ 1.16
  • ribbon-financeRibbon Finance (RBN) $ 0.845823
  • heliumHelium (HNT) $ 4.90
  • ordinalsORDI (ORDI) $ 38.46
  • decentralandDecentraland (MANA) $ 0.431450
  • ether-fi-staked-ethether.fi Staked ETH (EETH) $ 2,999.63
  • kelp-dao-restaked-ethKelp DAO Restaked ETH (RSETH) $ 3,026.28
  • apecoinApeCoin (APE) $ 1.23
  • dexeDeXe (DEXE) $ 13.18
  • lido-staked-solLido Staked SOL (STSOL) $ 192.52
  • usddUSDD (USDD) $ 0.995785
  • gnosisGnosis (GNO) $ 277.42
  • nexoNEXO (NEXO) $ 1.28
  • kavaKava (KAVA) $ 0.657496
  • iotaIOTA (IOTA) $ 0.214932
  • axelarAxelar (AXL) $ 1.06
  • theta-fuelTheta Fuel (TFUEL) $ 0.107160
  • nervos-networkNervos Network (CKB) $ 0.015544
  • pancakeswap-tokenPancakeSwap (CAKE) $ 2.60
  • pendlePendle (PENDLE) $ 4.32
  • pyth-networkPyth Network (PYTH) $ 0.439967
  • livepeerLivepeer (LPT) $ 20.22
  • fraxFrax (FRAX) $ 0.998138
  • echelon-primeEchelon Prime (PRIME) $ 16.29
  • terra-lunaTerra Luna Classic (LUNC) $ 0.000110
  • klay-tokenKlaytn (KLAY) $ 0.174205
  • fasttokenFasttoken (FTN) $ 1.96
  • ocean-protocolOcean Protocol (OCEAN) $ 0.948761
  • frax-etherFrax Ether (FRXETH) $ 2,991.44
  • bitcoin-goldBitcoin Gold (BTG) $ 34.71
  • mantra-daoMANTRA (OM) $ 0.729262
  • oasis-networkOasis Network (ROSE) $ 0.088696
  • sats-ordinalsSATS (Ordinals) (SATS) $ 0.00000028
  • blurBlur (BLUR) $ 0.368687
  • tether-goldTether Gold (XAUT) $ 2,390.72
  • osmosisOsmosis (OSMO) $ 0.873402
  • swethSwell Ethereum (SWETH) $ 3,169.13
  • jito-governance-tokenJito (JTO) $ 4.66
  • coinbase-wrapped-staked-ethCoinbase Wrapped Staked ETH (CBETH) $ 3,210.70
  • dydxdYdX (ETHDYDX) $ 2.05
  • wemix-tokenWEMIX (WEMIX) $ 1.53
  • illuviumIlluvium (ILV) $ 84.86
  • golemGolem (GLM) $ 0.540353
  • xdce-crowd-saleXDC Network (XDC) $ 0.036288
  • woo-networkWOO (WOO) $ 0.283690
  • arkhamArkham (ARKM) $ 2.37
  • curve-dao-tokenCurve DAO (CRV) $ 0.421242
  • true-usdTrueUSD (TUSD) $ 0.999873
  • astarAstar (ASTR) $ 0.089799
  • aerodrome-financeAerodrome Finance (AERO) $ 1.09
  • popcatPopcat (POPCAT) $ 0.503867
  • apenftAPENFT (NFT) $ 0.00000049
  • iotexIoTeX (IOTX) $ 0.050738
  • memecoin-2Memecoin (MEME) $ 0.026427
  • staked-frax-etherStaked Frax Ether (SFRXETH) $ 3,250.99
  • radixRadix (XRD) $ 0.045071
  • raydiumRaydium (RAY) $ 1.78
  • mx-tokenMX (MX) $ 4.78
  • dymensionDymension (DYM) $ 2.72
  • venomVenom (VENOM) $ 0.279363
  • ankrAnkr Network (ANKR) $ 0.045389
  • pepecoin-2PepeCoin (PEPECOIN) $ 3.92
  • ethereum-name-serviceEthereum Name Service (ENS) $ 14.37
  • trust-wallet-tokenTrust Wallet (TWT) $ 1.08
  • superfarmSuperVerse (SUPER) $ 0.993808
  • stepnGMT (GMT) $ 0.219332
  • 1inch1inch (1INCH) $ 0.380379
  • pax-goldPAX Gold (PAXG) $ 2,379.23
  • enjincoinEnjin Coin (ENJ) $ 0.298535
  • 0x0x Protocol (ZRX) $ 0.512759
  • celoCelo (CELO) $ 0.804678
  • zilliqaZilliqa (ZIL) $ 0.023435
  • altlayerAltLayer (ALT) $ 0.315338
  • magaMAGA (TRUMP) $ 9.10
  • rocket-poolRocket Pool (RPL) $ 20.73
  • polymeshPolymesh (POLYX) $ 0.392080
  • ravencoinRavencoin (RVN) $ 0.029388
  • terra-luna-2Terra (LUNA) $ 0.591078
  • manta-networkManta Network (MANTA) $ 1.62
  • corgiaiCorgiAI (CORGIAI) $ 0.001179
  • ether-fiEther.fi (ETHFI) $ 3.52
  • holotokenHolo (HOT) $ 0.002273
  • nosanaNosana (NOS) $ 4.84
  • siacoinSiacoin (SC) $ 0.007025
  • project-galaxyGalxe (GAL) $ 3.45
  • compound-wrapped-btccWBTC (CWBTC) $ 1,321.35
  • amp-tokenAmp (AMP) $ 0.007006
  • zetachainZetaChain (ZETA) $ 1.64
  • compound-governance-tokenCompound (COMP) $ 56.12
  • safepalSafePal (SFP) $ 0.826502
  • qtumQtum (QTUM) $ 3.62
  • aelfaelf (ELF) $ 0.523966
  • stader-ethxStader ETHx (ETHX) $ 3,086.39
Bitcoin

‘Giancarlo’ keys managed poorly says post-hack Bitfinex security report

By admin
0 168

‘Giancarlo’ keys managed poorly says post-hack Bitfinex security report

The Organized Crime and Corruption Reporting Project (OCCRP) has reportedly obtained the security report created by Ledger Labs that was commissioned by Bitfinex after its 2016 hack. The report details numerous failures to follow industry best practice, failure to practice adequate logging, and failure to implement a whitelist.

The Bitfinex hack backstory

On August 2, 2016, Bitfinex was hacked in what was then the second-largest Bitcoins hack ever recorded. Indeed, 120,00 coins — then valued at around $70 million but today worth over $3 billion — were withdrawn from the platform forcing it to disable all deposits, trading, and withdrawals in response.

In the wake of the attack, Bitfinex announced that “We have arrived at the conclusion that losses must be generalized across all accounts and assets.” The company also claimed that every single account would receive a 36.067% haircut, and for each dollar that represented, users would receive a BFX token, valued at $1, that Bitfinex would try to repay.

Nathaniel Popper would later report that the haircut was not equally applied to all accounts and assets, insisting that Coinbase didn’t receive the same haircut.

They actually did pay, just not the 36%, and what they paid ended up being higher than if they just took the 36% haircut, got their BFX and sold it shortly thereafter.

— Zane Tackett (@tackettzane) January 20, 2022

Former Bitfinex Director Zane Tackett claimed that Coinbase did receive a haircut, but revealed that it was smaller than other clients, undercutting the previous Bitfinex claim that “losses must be generalized across all accounts and assets.”

A few days later on August 17, Bitfinex would announce that it had retained Ledger Labs “to determine exactly how the security breach occurred and to make our system’s design better going forward,” and “to perform an audit of our complete balance sheet for both cryptocurrency and fiat assets and liabilities.”

Several months later, Bitfinex announced that “Ledger Labs has not been engaged to perform a financial audit of Bitfinex.” Eventually, in May 2017, Bitfinex announced that it had hired Friedman LLP to perform an audit. No update has ever been provided on the status of that audit but Friedman was unable to provide an audit for sister company Tether.

After the hack, Bitfinex promised to provide details on how it occurred but this never happened. It also reiterated that everyone received the same haircut and detailed the steps that should be taken by unverified users who the system “mistakenly” believed were US-based.

The report

While Bitfinex never released the security report that had been commissioned by Ledger Labs, the reporting by OCCRP does provide more insight into how the hack occurred.

The report details how Bitfinex’s system, which was an implementation of BitGo’s multi-signature wallet, needed two of three keys in order to withdraw. The report claims that Bitfinex irresponsibly had both keys on the same device, and so by compromising that single device, hackers were able to immediately bypass the BitGo withdrawal limits and drain the wallet.

The keys were supposedly linked to two separate emails, one labeled “giancarlo” used by Bitfinex chief financial officer Giancarlo Devasini, and another “admin” email address.

The report also details lapses including the lack of a whitelist for withdrawals and an absence of server logging. The report also suggested that the hack occurred in Poland, based on an analysis of IP addresses.

Dutch and Razzlekhan

The Bitfinex hacker has never been arrested, but early last year Heather Morgan and Ilya Lichtenstein were arrested for allegedly trying to launder the bitcoins stolen in this hack.

Razzlekhan: These are ‘Bitcoin launderer’ Heather Morgan’s greatest hits

When they were arrested, authorities were able to seize the vast majority of the bitcoin that was originally hacked from Bitfinex, however, neither has been accused of the hack. Among their other possessions that were seized were a variety of burner phones and spreadsheets that detailed their efforts to successfully clean the coins.

Bitfinex hasn’t disclosed any additional breaches since 2016, but its sister company Tether was hacked in November 2017.

Bitfinex, in its statement to OCCRP, said that the Ledger Labs report was “incomplete” and “incorrect” but has so far failed to provide its own post-mortem explaining how the hack occurred. It is also yet to provide an update on the promised financial audit from over half a decade ago.

Source

admin 6259 posts 0 comments
You might also like More from author

Leave A Reply

Your email address will not be published.