Yesterday many of us were alerted to some devastating news. BitFinex was hacked for a total of 119,000 bitcoins. This amounted to $70m at the time and affected all of us. Devastating but NOT a Gox event.
The how and why this happened is all over reddit and forums. You don't need me to give all the details but I will sum it up. The problem arose from an issue with the multi-sig wallets that Finex used through BitGo. In short, the hacker discovered a method to release the funds from each individual user account by tricking the mulisig. This allowed the hacker to drain the accounts.
Later today Zane Tackett (customer outreach) and BitFinex will be making an announcement regarding the status of the theft and the platform. Finex will bring it's site back online so that users may examine their balances. You can follow Zane Tackett on reddit to stay up to date https://www.reddit.com/user/zanetackett/
After some investigation, I discovered that there may be a silver lining for those of us that were "hacked" in this attempt. Back in 2015, BitGo employed cybersecurity insurance on their multisig and enterprise wallets. The insurance was underwritten by XL Group and covers up to $250,000 per customer. This is a similar coverage to what FDIC/SIPC insurance provides in terms of monetary reimbursement.
What sets apart the policy that BitGo secured is the broad coverage. The following describes the coverage secured under XL Group:
The customized insurance product, exclusive to BitGo, was structured in collaboration with XL Group and Innovation Insurance Group, LLC. It is a robust cyber and professional liability policy that goes well beyond narrow crime policies previously adopted by some bitcoin vault providers. BitGo customers who opt-in to the program are protected from acts, errors, or omissions of BitGo technology, processes, and employees, including external hacking incidents and employee theft. Both hot wallets and cold storage are eligible for coverage in the policy. In the event of a covered loss, the policy would reimburse BitGo’s customer, as a direct loss payee, for the value of the lost or stolen bitcoins, subject to the terms and conditions of the insurance policy with XL Group.
Keyword here is "external hacking incidents and employee theft". Based on the language here it would appear that the policy should cover the theft of funds, even if it was due to negligence on behalf of a BitFinex employee.
The full announcement can be found here: https://blog.bitgo.com/bitgo-secures-first-ever-comprehensive-bitcoin-theft-insurance-xl-group-insurance-companies/
Some customers on BitFinex were large players and had funds in excess of $1m. This was evident during market events where large bid walls or sells walls in excess of 1000 btc were placed. These larger customers will not be reimbursed their full amount based on the $250k coverage limit. We can assume that at minimum $20m of the hacked funds is ineligible for coverage, meaning an estimated claim of $50m would need to be paid.
Lastly, can the insurer bear the burden of such a large claim? XL Group is a publicly traded company with a market cap in excess of $9b. They have roughly $8b net of premiums and can sustain a claim of $50m. http://xlgroup.com/
When Finex brings their site back today, there will be no access to the trading platform. Customers will likely only have the ability to monitor their funds and wallet balances. Keep in mind that margin positions may have been closed to assist in accounting for funds across the site. This may impact those who were engaging in P2P lending as well.
For everyone out there, I'm sorry for your loss. Keep calm and let's hope for the best.
The insurance may be a good way to see a light at the end of the tunnel.
Wonder why not every exchange has it
Good question. I don't believe most exchanges are "insurable". Finex is using BitGo as a third party so they are insured as an enterprise client. Sounds like a good workaround to get your customers insured but in this case it also led to their loss / hack.
Catch 22.
Exchanges should carry insurance though, it would add legitimacy to this space.
Thanks for your good posts, I followed you!
Congratulations @venomspike! You have received a personal award!
2 Years on Steemit
Click on the badge to view your Board of Honor.
Do not miss the last post from @steemitboard:
SteemitBoard World Cup Contest - The results, the winners and the prizes
Congratulations @venomspike! You received a personal award!
You can view your badges on your Steem Board and compare to others on the Steem Ranking
Vote for @Steemitboard as a witness to get one more award and increased upvotes!