Bitfinex, which still remains as one of the largest bitcoin exchanges in the market, is attempting to come to an agreement with the anonymous hacker that is solely responsible for the theft of nearly US$70 million in user funds.
In a public announcement, the Bitfinex team wrote:
“We are anxious to hear from you. Our interest here is not to accuse, blame or make demands, but rather to discuss an arrangement that we think you will find interesting.”
To ensure the anonymity of the hacker, the Bitfinex development team is offering a series of privacy-focused alternative communication methods including OP_RETURN message embedded onto the bitcoin blockchain, combination of anonymous communication software Tor and encrypted email service, and bitcoin-based messaging service Bitmessage.
Essentially, the Bitfinex development team is attempting to lure out the hacker by offering him a large bug bounty. Despite the disastrous impact the the security breach has imposed on its userbase, Bitfinex recognizes and praises the hacker’s efforts in exploiting vulnerabilities in its system.
“It might be possible to reach a mutually agreeable arrangement in exchange for an enormous bug bounty (payable through a more privacy-centric and anonymous way),” added Bitfinex.
Such friendly approach towards hackers and attackers is often seen in the cryptocurrency industry. Glasshunt.co for instance, a blockchain and cryptocurrency online hacking school, fell victim to a minor security breach that cost the company US$5,000.
Untraditionally, the Glasshunt.co team immediately priased the hacker for his efforts in discovering a vulnerability in its system and publicly presented a job offer, recognizing his skill sets.
While it is still difficult to speculate whether Bitfinex is planning to undertake a similar approach, the exchange aims to provide the hacker with a convincing offer that will be beneficial for both parties.
Whichever bounty the exchange may end up offering, it will be a substantial loss for the company for a relatively uncomplicated technical vulnerability in their system. Initially, the cause of the security breach was a flawed implementation of BitGo’s multi-signature technology-based bitcoin protection service.
Specifically, the Bitfinex development team failed to have BitGo verify the transactions on the exchange by allowing the Bitfinex system itself to automatically process payment requests.
However, if Bitfinex successfully secures an agreement with the hacker, it may save both the company and users millions of dollars in financial losses.
Image Credit: Sai Kiran Anagani