Cyber Incident Victim: Bitfinex
Date:
Jun 2017
Location:
United States of America
Summary
Bitfinex, a major cryptocurrency exchange, experienced a distributed denial-of-service (DDoS) attack that disrupted operations, particularly affecting newly launched IOTA token deposits and withdrawals. The incident occurred shortly after the exchange introduced trading for IOTA, though no direct connection between the launch and attack was confirmed. Service interruptions persisted for multiple days, with the platform assuring users that funds remained secure. This event followed a pattern of similar DDoS incidents targeting cryptocurrency exchanges, which security experts suggest may be attempts to manipulate exchange rates or exploit operational vulnerabilities. The attack coincided with broader industry concerns about persistent threats to digital currency platforms, including prior incidents involving this exchange.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 13, 2017, Bitfinex, then the world’s largest US dollar-based Bitcoin exchange, experienced a distributed denial-of-service (DDoS) attack that disrupted its operations. The attack commenced on Tuesday, June 13, as confirmed by the exchange’s initial tweet acknowledging the incident. This disruption occurred just one day after Bitfinex had launched trading for IOTA tokens, a cryptocurrency utilizing a novel distributed ledger technology. The timing raised questions about a potential link between the IOTA listing and the attack, though no definitive connection was established. The DDoS rendered IOTA deposits and withdrawals unavailable, prompting Bitfinex to place these services under wallet maintenance. Throughout the incident, the exchange assured users via social media that customer funds remained secure despite the service interruptions. As of June 14, two days after the attack began, IOTA-related services remained offline, with no public timeline for restoration. The attack coincided with heightened demand for IOTA following its listing, creating significant user inconvenience.
This incident followed a pattern of DDoS attacks targeting cryptocurrency exchanges, as evidenced by a similar attack on Russian exchange BTC-e the preceding week. Bitfinex itself had suffered a major breach in 2016 resulting in the theft of approximately $66 million in cryptocurrency, though the 2017 DDoS incident involved no confirmed fund theft or system compromise beyond service disruption. Industry observers, including High-Tech Bridge CEO Ilia Kolochenko, noted that such attacks could be motivated by attempts to manipulate cryptocurrency exchange rates through artificial market disruption. The persistent downtime underscored operational vulnerabilities despite blockchain’s decentralized architecture, particularly when interfacing with centralized exchange platforms. Bitfinex’s response focused on maintaining transactional integrity through wallet maintenance while providing limited public updates about remediation efforts beyond confirming the attack’s containment and fund safety assurances.