Cyber Incident Victim: Bitfinex

On May 22, 2015, Bitfinex announced its hot wallet had been compromised, resulting in the theft of over 1,500 bitcoins. The exchange disclosed the breach via Twitter and a website statement, instructing customers to cease deposits to old addresses while it generated a new hot wallet. Bitfinex emphasized that only 0.5% of total user bitcoin deposits were affected, as over 99.5% of funds resided in secure multisig wallets. The company absorbed all losses without impacting customer accounts. Director of Community and Product Development Zane Tackett confirmed trading operations remained unaffected during the incident. Bitfinex activated contingency measures by creating the replacement hot wallet using a pre-prepared spare machine designed for emergency scenarios. Tackett verified a Bitcoin address circulating in community discussions as belonging to the attacker.

The theft represented approximately $330,000 based on blockchain records showing over 1,400 BTC funneled to the identified address within hours of the breach. Reddit users corroborated the destination wallet's connection to the hack, with one confirming their recent deposit had been diverted there. Bitfinex, then handling 10% of global bitcoin trading volume with 13,595 BTC traded in the preceding 24 hours, maintained its beta-phase status under parent company iFinex Inc. during the incident. Blockchain transparency enabled public tracking of stolen funds movement, though Bitfinex provided no additional forensic details. The exchange reiterated that operational continuity was preserved despite the hot wallet compromise, characterizing the event as limited in scale but significant enough to warrant wallet key rotation and deposit protocol changes. No customer asset reimbursement was required as Bitfinex covered all losses internally.