The second-biggest breach of a Bitcoin exchange platform, Bitfinex, caused 120,000 units of the cryptocurrency bitcoin, which was valued at $72 million at the time, to be stolen. Bitfinex first announced the security breach on August 2, 2016. The bitcoin was taken from users' segregated wallets and Bitfinex has been tracking down the hack. Significant hacker funds transactions were signed off by Bitfinex's security provider, without full security.
Law Enforcement and Loss Incurrence
The U.S. Commodity Futures Trading Commission ordered Bitfinex to pay a $75,000 fine for offering illegal off-exchanged financed commodity transactions. The terms of Bitfinex stated that “bitcoins in your multi-signature wallets belong to and are owned by you,” and imposing losses on customers who were not hacked would breach the terms. However, users would receive another asset called BFX tokens in exchange for the loss that customers suffered from. These BFX tokens could be redeemed by Bitfinex or by its parent company, iFinex.
In September 2016, Bitfinex announced that it had bought back over 1% of the BFX tokens to pay customers back for the losses. The USD/BTC exchange rate rebounded to over $600 from $540, the price after the hack, after the announcement in hopes of further equity conversion and redemption of BFX tokens.
BFX Token Redemption History
|Date||Days Since Hack||Outstanding BFX Redeemed (%)||Approximate Cumulative Redeemed (%)*||Outstanding BFX Post Redemption^|
<nowiki>*</nowiki>Cumulative scenario accurate for a BFX recipient who never transferred or exchanged BFX (held all BFX in perpetuity after initial receipt).
^Outstanding BFX amount also decreases from other compensation options such as equity conversion.
Lack of Governance
There is no obligation for intermediaries to verify users' identity. Bitcoin does not have governance other than its software. Bitcoin transactions are irreversible and there is no way for users to reverse an unwanted transaction. If traditional accounts are hacked, banks or the financial institutions will help cover some or all the losses, but with Bitcoin, users are on their own. There is no third party that can help. However, the U.S. Securities and Exchange Commission can enforce rules to virtual-currency-related securities transactions. So the SEC does review the exchange's registration so that investors will have enough information about the offering.
Governance in other countries
Because of the Mt.Gox Bitcoin exchange scandal, the Japanese government has been working on a regulatory framework similar to KYC standards, which the exchanges will have to follow. The government will treat Bitcoin as a currency.