Amid the ongoing investigation of the Bitfinex security breach that led to the loss of nearly US$70 million worth of bitcoin, security platform and multisignature bitcoin protection service provider Bitgo is being criticized for its security measures.
As third a third party security firm, BitGo is responsible of verifying and authenticating transactions that are initiated by users at Bitfinex. That means, a BitGo user holds the first private key, Bitfinex holds the second, and BitGo holds the last. For a transaction to be broadcasted to the bitcoin network, it requires the approval of these three parties.
The purpose of partnering with a multisignature bitcoin protection service provider is to detect fraudulent and suspicious transactions that could be initiated by hackers as a result of a security breach or a hacking attack. Thus, if a hacker attempts drain large sums of bitcoin, protection service providers like BitGo are responsible of temporarily disabling that transaction for further investigation.
After the official statement of the BitGo development team was released, experts and customers at Bitfinex criticized BitGo and its services, for their inability to protect the funds of Bitfinex.
Just over a year ago, Bitfinex moved away from having 99.5% of Bitcoin held in cold storage to the BitGo solution which was hacked yesterday
— Alistair Milne (@alistairmilne) August 3, 2016
Some exchanges including HaoBTC proposed all exchanges using BitGo to suspend trading until the end of the Bitfinex investigation.
All exchanges using BitGo should suspend trading until we have something conclusive.
— HaoBTC (@HaoBTC) August 3, 2016
However, current partners of BitGo including Kraken protected BitGo, announcing that they have no intentions to alter their relationship with BitGo.
While it is difficult to conclude the responsibility of BitGo in the recent Bitfinex attack, many experts believe it is the CFTC regulations and other financial regulatory framework which required Bitfinex to move away from cold storage.