It was the hack heard 'round the world and the second largest in Bitcoin history. On August 2nd, 119,756 Bitcoin was stolen from Bitfinex.
How did this happen? Negligence. This event laid bare Bitfinex's many operational and technological deficiencies.
Didn’t Bitfinex Have Cold Multi-Signature Wallets?
Believe it or not: no! If you asked them last week, they would give you a carefully-worded statement: they "store users' bitcoin in individual, multi-sig protected segregated wallets."
Notice the missing word. These are hot wallets!
In the spring of 2015, approximately 1,500 Bitcoin were stolen from Bitfinex’s hot wallet. As a result they implemented a multi-signature wallet solution: BitGo(ne With The Wind). Each user had their own segregated and supposedly secure wallet.
Bitfinex held two keys, one hot, one cold backup. BitGo held another as a way to enforce spending limits. 2 of 3 keys were needed to sign any transaction. Bitfinex management was very confident this would eliminate the possibility of a large scale theft of customer's Bitcoin.
However in the aftermath of the incident, it has become clear that rather than making the exchange more secure, the Bitfinex and BitGo partnership turned Bitfinex into one giant hot wallet.
BitGo blindly signed any transaction emitting from Bitfinex. That's right: rather than making a secure, audited wallet with spending limits and failsafes, Bitfinex paid BitGo a bunch of money to make its exchange the most insecure Bitcoin operation on the planet. The only innovation was using two hot keys instead of one.
As any educated Bitcoin user could tell you: if the keys are hot, they are at risk. Simply adding another hot key doesn't help.
Now suddenly concerned about proper security, Bitfinex has moved their remaining Bitcoin to their cold wallet.
This is just a small part of the article please read the rest at http://us3.campaign-archive2.com/?u=db45c09bdf20e1866bb32123f&id=f5ef013fef&e=b93b9173ca