Cryptocurrency exchange Bitfinex never made public
a confidential report that found its security lapses responsible for over 119,000
bitcoins stolen from the platform in August 2016, the Organized Crime and
Corruption Reporting Project (OCCRP) reported on Thursday. The stolen BTCs, worth about $3.2 billion in today’s market,
were priced at $71 million at the time.
OCCRP, a global network of investigative
journalists, said it obtained a version of the secret report that says Bitfinex failed to execute operational,
financial and technological controls recommended by its digital security partner Bitgo. The network said the report was commissioned by iFinex, the owner and
operator of Bitfinex, and was produced by Canada-based blockchain services
firm, Ledger Labs.
Giving further details, OCCRP said the report
claims that Bitfinex deployed a security system that placed two of its three
security keys with an administrator. The keys were required to conduct a
significant operation on the exchange, including transferring bitcoins.
Furthermore, OCCRP citing the document, noted that
Bitfinex made the mistake of storing two of the three keys on a single device.
It, however, added that while it is not known if the device was compromised
during the hack, access to it would give a hacker complete access to the crypto
exchange’s internal system and ‘security tokens’.
Additionally, the journalism network said the
confidential report suggested that the hack was probably organized from Poland,
going by a detailed examination of the source Internet Protocol address.
As reported, Bitfinex told OCCRP that Ledger
Labs’ analysis in the report was “incomplete” and “incorrect.” The network
also quoted Bitfinex as saying that there was “evidence of negligence…on the
part of other counterparties that led to the hack.”
In an undated statement published on its website,
Bitfinex also reiterated these points, noting that “assertions made by the OCCRP are factually
incorrect.” The crypto exchange also bashed a report on the issue published by
Wired whose journalist worked on the report with the OCCRP.
“Bitfinex refutes the findings of the OCCRP,” said the
digital exchange operator. “As is well known, there is an investigation
being conducted by authorities into the 2016 hack, with which Bitfinex has
collaborated and shared information over many years.”
In addition, Bitfinex said it will provide full
details on the case when investigations are…