Cyber Incident Victim: Bitfinex
Date:
Feb 2020
Location:
United States of America
Summary
A cryptocurrency exchange suffered a distributed denial-of-service (DDoS) attack alongside another major trading platform, with the incidents occurring in rapid succession. The attack on the exchange severely crippled activity for approximately one hour, reducing system throughput to near-zero levels before normal operations resumed. Technical teams responded by implementing stricter protection measures and entering maintenance mode to deploy infrastructure patches addressing concurrent feature exploitation attempts by the attacker. While services were restored without core functionality impacts, the disruption coincided with unrelated scheduled maintenance activities. The exchange's chief technology officer confirmed the platform mitigated the attack through countermeasures designed to prevent similar future incidents, though attribution remains unverified despite initial claims by the other affected platform's executive suggesting competitor involvement.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 4 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 27, 2020, at approximately 11:30 AM EST, cryptocurrency exchange OKEx experienced a distributed denial-of-service (DDoS) attack that routed up to 200 gigabytes per second of traffic to its systems, causing operational strain. OKEx CEO Jay Hao publicly attributed the attack to unnamed competitors through his personal Weibo account during the incident. Approximately 17 hours later, at 4:30 AM EST on February 28, a second wave of DDoS attacks simultaneously targeted both OKEx and Bitfinex. The Bitfinex attack persisted for one hour until 5:30 AM EST, during which the exchange's throughput dropped nearly to zero, severely impairing platform functionality. Bitfinex confirmed the attack through its official Twitter account and status page, noting the complete restoration of normal operations after the hour-long disruption.
OKEx representatives stated their security team contained both DDoS incidents within short timeframes, emphasizing that no overseas clients experienced service impacts. The exchange clarified that these attacks were unrelated to temporary system maintenance conducted shortly beforehand, during which options and futures trading had been temporarily disabled. Bitfinex Chief Technology Officer Paolo Ardoino disclosed that attackers exploited multiple platform features simultaneously to overload infrastructure, though core services remained unaffected. In response, Bitfinex initiated maintenance mode to implement countermeasures and security patches against similar future attacks, subsequently activating stricter protection levels. While OKEx's initial attribution to competitors preceded the second attack wave, no conclusive evidence established a connection between the simultaneous targeting of both exchanges. Both platforms restored full functionality following their respective containment measures, with no reports of customer fund compromises or extended service degradation beyond the documented attack windows.