I have had my whole life savings tied in Bitfinex USD lending. It seems like I may lose part, or all of it now.
I have asked Bitfinex several security questions a few months ago (June 6th 2016). Here is what they said.
What stops a rogue employee from stealing customers funds?
Only a couple principals have the ability to move funds, so there are very few people who would be able to do this. We also have extensive reporting tools that would alert everyone if there were abnormalities with user balances. Furthermore we use BitGo for our bitcoin storage which enforces global limits on how much bitcoin can be withdrawn during a certain time period. We strive to build our system so that even if anyone has complete access they still won't be able to do much harm.
How are you guys protected from insider job theft like in ShapeShift
As I mentioned above, we strive to build our system so that even if an employee or a hacker with full access tries to hack us the damage will be minimized. As I said, only a couple of people have access to any of the funds, and they're principals. There was also a lot of questions around the shapeshift hack and their summary so it's hard to know exactly what happened there.
What security controls do you have in place (ie. do multiple people have to provide keys to access cold wallets, who has access to cold wallets, etc.).
We don't use cold wallets for bitcoin storage, we use segregated customer wallets. So first we sign the transaction and then bitgo; every single of our wallets are multi-sig, if you go to deposit bitcoin you'll see a multisig address for each wallet, so there isn't any wallet one person has complete control over. Also, as mentioned, we have global limits for how much bitcoin can be withdrawn before triggering a second review.
Is there a way for someone inside the company to collude with, or somehow hack your 'human' system and gain access to those wallets?
In theory there is no system that is unhackable, but we have taken every measure to ensure that we're secure inside and out. And one of the big benefits of how we store funds is that if something does happen people will notice very quickly as we have near real-time proof-of-reserves. Any user can verify their funds independently on the blockchain at any time. So, in the case that anything does happen, we can't pull an mt. gox and continue to act like nothing's wrong and accept deposits.
If you have any further questions about our security measures please let me know.
Bitfinex Support Team
How about USD funds in legacy banking system?
How is that protected and are the funds provably there?
Again, only very few people have the ability to access USD held in our accounts. Proof-of-reserves for fiat is not a common thing for several reasons:
p1. Trust: This is one of the big benefits of bitcoin; You have an address and you can independently see if your money is there or not. You don't need to trust anyone, it's impossible to fake, and it's real time. With fiat, you're going to have to trust someone; trust us that your USD is wholly accounted for; or you could trust the bank that says they're holding your funds; or you could trust an auditor, but no matter how you do it there's no way for you to independently verify that and thus no way for us to prove it.
p2. Not in real time: If someone audits us today, that doesn't mean we can't go bankrupt tomorrow (unlikely, yes; impossible, no). There's no way for you to tell if right now an exchange has 100% of your USD. There are some ways that companies are coming up with to assist in this front, and rest assured we're in talks with them, but right now there isn't a service that we feel adequately accomplishes this.
p3. Anonymity: There's no anonymity with bank wires. With bitcoin someone could say there was transaction malleability and that's how they somehow lost $500,000,000, as they certainly didn't steal it. With bank wires that's not really possible, someone has to 100% attach a name to the process. This vastly increases the risk of attempting a hack and that's why you've pretty much never heard of an exchange losing fiat funds.
p4. Speed and reversibility: One of bitcoin's greatest features is that there are no charge backs and it's almost instantaneous. Fiat is pretty much the exact opposite. Slow and easy to reverse. If something happens with bitcoin, it's gone, there's no way to possibly get it back besides asking nicely or tracking the person down (which as we know with bitcoin isn't easy). With bank wires it's very slow and easy to reverse. By the time our system alerted us to the USD abnormalities the wire probably wouldn't even have started processing by the bank. And even if it has, we can just call them and cancel it. And even if it's been sent, we know the identity and account it was sent to and we have the ability to freeze/reverse it.
For these reasons proof-of-reserves for fiat hasn't really become a thing yet. Nonetheless, we have very secure protocols for how to deal with USD.
Let me know if you have any other questions.
Bitfinex Support Team
Trading Against Customers
What stops BitFinex or its employees from trading against their customers (either directly, via rigged engine/bot, or indirectly, by taking all the data and front running customers, trade against their stops, etc.)?
It is against company policy and all employee accounts are monitored by the principals to ensure that this doesn't happen. Besides that, a large part is that it would be very shortsighted. Sure, you could profit in the short term, but as soon as it is discovered that you have done so, your business is over. It'd be much wiser and more profitable to run a fair exchange and continue to grow volumes and earn money from that. It'd also be hard to keep your employees around once they inevitably find out. For instance, shortly after discovering OKCoin places trades on their own platform (along with several other reasons) I resigned, as did the then CTO, CCO, head of customer service (who I brought over with me to bitfinex), Director of International Operations, UI/UE Designer, international marketing manager and client relationship manager. So it's shortsighted from the viewpoint of keeping your users around, it's also shortsighted from the viewpoint of keeping your employees around. One of the main reasons I joined Bitfinex after leaving my previous job was because of the way they conduct business; honestly and transparently. I've stayed here for over a year because we have continued to conduct business in that exact manner.
If you have any more questions let me know and I'll be more than happy to help.
Bitfinex Support Team