- 28,134
- Posts
- 15
- Years
- Age 30
- he / him
- Florida
- Online now
I've never really understood cryptocurrency as is, to be honest.
-
Our friends from the Johto Times are hosting a favorite Pokémon poll - and we'd love for you to participate! Click here for information on how to vote for your favorites!
-
Cyndy, May, Hero (Conquest), or Wes - which Pokémon protagonist is your favorite? Let us know by voting in our poll!
Bitfinex Security Breach: 119,756 BTC stolen
- Thread starter Tsutarja
- Start date
- 61
- Posts
- 8
- Years
- Seen Aug 8, 2016
It's fairly simple to get. Many people have rightful distrust in the current banking system, because if it fails, your credit card is worthless. The only viable things will be cash, maybe, bitcoins, assuming computers still exist, and bartering with items.
It's also a way for people to say "FU" to the federal government, and it's a way to be rebellious. However, since it can't be hacked, it could be considered a better method then banking institutions.
Finally, it's very useful to people whom wish to do illegal things online, ranging from using bitcoins to buy falsified currency, drugs, weapons in countries without them, and other various things out there. But, I digress on bitcoin itself.
As for finding the culprits? Lol, never gonna happened. But I don't get how you have these things stolen from you. Like, where was their security at? Lol, it's a financial institution, not some kind of website where you are selling little knickknacks and don't really need to worry too much about things like this. Just pathetic.
Last edited:
Melody
Banned
- 6,444
- Posts
- 20
- Years
- Cuddling those close to me
- Seen Mar 4, 2018
Winces
Basically to anyone who is uninformed; a breach like this is just like any other website breach would be like if someone had compromised the website of a major Bank that handles Fiat currencies. (These are the paper currencies we all trade in, and trust...hence the name Fiat.)
It is a very bad thing to happen though, and since bitcoins are basically money stored in a secure data format there is One Very Important Thing needed to spend a Bitcoin.
The Private Key that is paired with the Public Key where the bitcoins are stored. These "Public Keys" come in the form of Bitcoin Wallet addresses. The Private Key is needed to sign off on the ownership transfer of a Bitcoin so that the receiving address gets their Bitcoins.
Typically an average end user who is using the REFERENCE Bitcoin Client or a properly written Bitcoin transaction Client Will Not See This Key. It is stored and encrypted within your "Wallet" file, Basically this file is your big brass keyring that is stored and encrypted behind a password. Ideally this password should be strong. Very Strong. It protects Money.
But in a bitcoin exchange the software they use runs a little bit differently. In order to actively make exchanges on the market and send and receive bitcoins automatically on the website; they have to play a little bit fast and loose with their keys. There are various ways to do this cryptographically safely but it's not always easy to ensure that it's safe.
A common way to ensure that bitcoins are not stolen is to operate a "Hot Wallet". This wallet is usually like a cash register till; and it is usually the most weakly protected. With a lot of effort and technical knowledge; if the website operators didn't properly secure their website and systems; a malicious actor can find an exploit or gain control of a system in such a way that allows them to basically empty the cash register till. The Hot Wallet is normally used to take in and pay out Bitcoins for buisiness purposes. During the course of a regular buisiness day though, this wallet may get pretty full.
A good practice when running a "Hot Wallet" is to ensure that it gets "flushed" regularly. This would require manual interaction by an authorised company employee who takes the excess bitcoin from the "Hot Wallet" and deposit them into a "Cold Wallet". A Cold Wallet is basically a paper wallet that has a Public Key and a Private Key printed upon it in a secure manner. (Sometimes the private key itself is encrypted or encoded, but sometimes it's just written on the cold wallet). This Cold Wallet is not hackable because it's made of paper; and it's basically like a paper note of currency. Cold Wallets are typically generated on computers that do not get connected to the internet using a specialised program that simply generate new, valid, random public/private key pairs ("Wallets") to hold the bitcoins on. You can then physically secure these keys in a safe place (like a bank deposit box) and have normal physical security measures surrounding them so they don't get lost or stolen.
Another good practice is the use of Multi-Party Keypairs. This uses a bit of different cryptography to split up a Private Key into separate Keys. Basically you are required to have the signature of all of the Private Keys to make a transaction valid. Valid and common configurations are 2/2, 3/3, 2/3, 3/4 and so on. This means that you can hopefully implement a system where even if your Website Code signs off on a transaction using it's own Private Key, that you can require that a Human Being wielding Private Key 2 can investigate the transaction and sign off on it. Additionally you may have a three key system where Human Being 1 and Human Boss-Person 1 have to sign off on a transaction. (This presumes all the Humans involved are obviously employees of said company)
Even systems such as the above Can Be Exploited by bad actors from the inside, via social engineering, or via hacking by taking control of key system control points. It's still possible to build a system like this that is extremely vulnerable. Perhaps you don't want to trust your approval agents with a Private Key; so you code the private key into a private company backend system. But If your Private Company Backend System gets hacked and broken into; Whoops! There goes your key! Now the bad guys have it. x3
Overall this is a very bad thing for Bitcoin though. It means another Very large and likely very trusted exchange has been breached. It will hurt public confidence in Bitcoin as a currency. It always does. But people live and learn from these sorts of incidents; and hopefully other exchanges will learn more about the exploit that went on and they will harden their systems so that their Private Keys aren't as easy to get to.
Because of the way that Bitcoin works, it is often not possible to undo these transactions.
Bitcoin transactions are irrevocably permanent by design once they are signed by your private key and sent out onto the internet, where it hits the public record. Once the Bitcoin Daemon sends the transaction out to it's peers, other bitcoin clients, they run all the cryptographic maths to check the signatures and broadcast confirmations of the transactions legitimacy. In a matter of 10-15 minutes you can have a single confirmation, and in a matter of an hour enough, usually 5-6 confirmations, to ensure that the transaction is taken. By the time 24 hours has passed, a transaction always has enough confirmations to be absolutely irrevocable, and this transaction is already encoded into the Bitcoin Blockchain deeply enough that it cannot be undone without basically "Rewinding Time" and invalidating other transactions which are built on the transaction being validated.
Therefore; it is very very very rare that bitcoin transactions are invalidated. Doing so literally damages the public ledger that is being maintained. Hopefully however; normal authorities can capture the criminal and perhaps capture their machines containing their private keys and get the money back. This is not a guarantee though. If a criminal is smart; they would anticipate that. They might cash in enough bitcoin for fiat to get out of their country and move to a different country, after some period of time. Then they might live slowly off that money as they need to. With that much money, though they may suffer if their theft causes a price drop in Bitcoin as traders lose faith in it. But it will still be enough to ensure they can evade capture...if they are not foolish.
However there's just as great of a chance the thief/thieves are foolish. They may overspend and call attention to themselves and get rounded up by Law Enforcement quickly.
Basically to anyone who is uninformed; a breach like this is just like any other website breach would be like if someone had compromised the website of a major Bank that handles Fiat currencies. (These are the paper currencies we all trade in, and trust...hence the name Fiat.)
It is a very bad thing to happen though, and since bitcoins are basically money stored in a secure data format there is One Very Important Thing needed to spend a Bitcoin.
The Private Key that is paired with the Public Key where the bitcoins are stored. These "Public Keys" come in the form of Bitcoin Wallet addresses. The Private Key is needed to sign off on the ownership transfer of a Bitcoin so that the receiving address gets their Bitcoins.
Typically an average end user who is using the REFERENCE Bitcoin Client or a properly written Bitcoin transaction Client Will Not See This Key. It is stored and encrypted within your "Wallet" file, Basically this file is your big brass keyring that is stored and encrypted behind a password. Ideally this password should be strong. Very Strong. It protects Money.
But in a bitcoin exchange the software they use runs a little bit differently. In order to actively make exchanges on the market and send and receive bitcoins automatically on the website; they have to play a little bit fast and loose with their keys. There are various ways to do this cryptographically safely but it's not always easy to ensure that it's safe.
A common way to ensure that bitcoins are not stolen is to operate a "Hot Wallet". This wallet is usually like a cash register till; and it is usually the most weakly protected. With a lot of effort and technical knowledge; if the website operators didn't properly secure their website and systems; a malicious actor can find an exploit or gain control of a system in such a way that allows them to basically empty the cash register till. The Hot Wallet is normally used to take in and pay out Bitcoins for buisiness purposes. During the course of a regular buisiness day though, this wallet may get pretty full.
A good practice when running a "Hot Wallet" is to ensure that it gets "flushed" regularly. This would require manual interaction by an authorised company employee who takes the excess bitcoin from the "Hot Wallet" and deposit them into a "Cold Wallet". A Cold Wallet is basically a paper wallet that has a Public Key and a Private Key printed upon it in a secure manner. (Sometimes the private key itself is encrypted or encoded, but sometimes it's just written on the cold wallet). This Cold Wallet is not hackable because it's made of paper; and it's basically like a paper note of currency. Cold Wallets are typically generated on computers that do not get connected to the internet using a specialised program that simply generate new, valid, random public/private key pairs ("Wallets") to hold the bitcoins on. You can then physically secure these keys in a safe place (like a bank deposit box) and have normal physical security measures surrounding them so they don't get lost or stolen.
Another good practice is the use of Multi-Party Keypairs. This uses a bit of different cryptography to split up a Private Key into separate Keys. Basically you are required to have the signature of all of the Private Keys to make a transaction valid. Valid and common configurations are 2/2, 3/3, 2/3, 3/4 and so on. This means that you can hopefully implement a system where even if your Website Code signs off on a transaction using it's own Private Key, that you can require that a Human Being wielding Private Key 2 can investigate the transaction and sign off on it. Additionally you may have a three key system where Human Being 1 and Human Boss-Person 1 have to sign off on a transaction. (This presumes all the Humans involved are obviously employees of said company)
Even systems such as the above Can Be Exploited by bad actors from the inside, via social engineering, or via hacking by taking control of key system control points. It's still possible to build a system like this that is extremely vulnerable. Perhaps you don't want to trust your approval agents with a Private Key; so you code the private key into a private company backend system. But If your Private Company Backend System gets hacked and broken into; Whoops! There goes your key! Now the bad guys have it. x3
Overall this is a very bad thing for Bitcoin though. It means another Very large and likely very trusted exchange has been breached. It will hurt public confidence in Bitcoin as a currency. It always does. But people live and learn from these sorts of incidents; and hopefully other exchanges will learn more about the exploit that went on and they will harden their systems so that their Private Keys aren't as easy to get to.
Because of the way that Bitcoin works, it is often not possible to undo these transactions.
Bitcoin transactions are irrevocably permanent by design once they are signed by your private key and sent out onto the internet, where it hits the public record. Once the Bitcoin Daemon sends the transaction out to it's peers, other bitcoin clients, they run all the cryptographic maths to check the signatures and broadcast confirmations of the transactions legitimacy. In a matter of 10-15 minutes you can have a single confirmation, and in a matter of an hour enough, usually 5-6 confirmations, to ensure that the transaction is taken. By the time 24 hours has passed, a transaction always has enough confirmations to be absolutely irrevocable, and this transaction is already encoded into the Bitcoin Blockchain deeply enough that it cannot be undone without basically "Rewinding Time" and invalidating other transactions which are built on the transaction being validated.
Therefore; it is very very very rare that bitcoin transactions are invalidated. Doing so literally damages the public ledger that is being maintained. Hopefully however; normal authorities can capture the criminal and perhaps capture their machines containing their private keys and get the money back. This is not a guarantee though. If a criminal is smart; they would anticipate that. They might cash in enough bitcoin for fiat to get out of their country and move to a different country, after some period of time. Then they might live slowly off that money as they need to. With that much money, though they may suffer if their theft causes a price drop in Bitcoin as traders lose faith in it. But it will still be enough to ensure they can evade capture...if they are not foolish.
However there's just as great of a chance the thief/thieves are foolish. They may overspend and call attention to themselves and get rounded up by Law Enforcement quickly.
Last edited:
- 61
- Posts
- 8
- Years
- Seen Aug 8, 2016
I almost bought them for 20 bucks a pop. But I was younger, and didn't have the money, and didn't understand stocks, or cryptography much...
0
Happy and at peace. :)
- 556
- Posts
- 9
- Years
- Pallet Town
- Seen May 13, 2023
yes, I only had like 200 bucks, but at its peak, I could've had almost ten grand.
yeah...
yeah...