lolloj - Fotolia
Reports of the hack resulted in an initial drop of nearly 20% in the value of the digital currency, and all transactions on the exchange have been halted while investigations into the breach continue.
The hack is one of the biggest bitcoin thefts to date, but is relatively small in comparison with the loss of more than $450m worth of bitcoins by the Tokyo-based Mt. Gox bitcoin exchange in 2014.
In a statement on its website, Bitfinex said it was working to enable users to log in to view the state of their accounts, but that all core site functionality would be disabled initially.
“To accommodate the relaunch, all withdrawals, open orders and open funding offers will be cancelled,” the company said.
In the latest status update, Bitfinex said it is investigating the hack and co-operating with authorities and the top blockchain analytic companies to track the stolen bitcoins.
Read more about cyber crime
- Cyber crime is up 20% since 2014 and is the fastest-growing economic crime, according to PwC.
- A majority of businesses do not comprehend the methods and motivations of cyber attackers or fully understand the scale of the threat, a BT-KPMG report reveals.
- UK ranks highly in phishing, social media and ransomware attacks as cyber criminals professionalise and take advantage of unpatched websites.
- Co-operation with business in the private sector is an increasingly important element in fighting crime, according to UK, US and EU law enforcement officers.
Industry pundits said that while the core bitcoin protocol is robust and has not been hacked, bitcoin trading platforms and wallets that store the private keys used to access a bitcoin address and sign transactions are still vulnerable to hackers.
“Bitcoin exchanges like Bitfinex get hacked on a regular basis,” said Mustafa Al-Bassam, IT security adviser at Secure Trading, a UK-based payments company.
However, he added that industry standards around the secure storage of bitcoins in exchanges have evolved greatly over the past few years. “It appears that Bitfinex weren’t following basic recommended practices.”
Most Bitcoin exchanges nowadays, said Al-Bassam, store the majority of customer funds in a “cold wallet” that is not connected to the internet to prevent hacks.
“Although bitcoin itself is inherently secure, a hacker can steal the keys to your wallet if you don’t store the keys securely. This isn't an inherent flaw of the bitcoin protocol, and this is what happened with Bitfinex,” he said.
Al-Bassam said although there has been progress in the past few years with technology to allow secure wallets, such as hardware wallets and cold wallet software, there is still a lot more to be done.
“Users who store a large amount of Bitcoin in an exchange should be aware that if they don’t have the cryptographic keys to their Bitcoin, they don’t have total control over it,” he said.