The hackers had been inside the Bitfinex servers for weeks before attempting the heist. They'd watched users on the cryptocurrency exchange buy and sell Bitcoins. They'd studied the commands that controlled the security system. It was as if they were hiding in an air duct above a bank's vault, watching as tellers meticulously moved cash in and out, looking for vulnerabilities.
They weren't after Bitcoins, exactly. Bitcoins only exist as entries in a database maintained by computers around the world. What they needed were the private keys: cryptographic passwords that would allow them to unlock the coins and move them. Once they found the keys, they struck. At 10:26 a.m. on Aug. 2, 2016, the hackers raised the exchange's daily withdrawal limit from 2,500 Bitcoins to 1 million, more than enough to empty out the whole vault. Then, using the private keys, they started broadcasting instructions to transfer Bitfinex's Bitcoins to addresses they controlled on the blockchain. Over the next 3 hours and 51 minutes, the hackers stole 119,754 coins—more than half the holdings of what was then one of the world's largest cryptocurrency exchanges.
When Bitfinex executives realized what had happened, they hired a security team to search the servers' memory for clues. The hack was ambitious and sophisticated, and some users suspected an inside job. Or perhaps the culprits were part of North Korea's elite hacking corps, which, six months earlier, had stolen $81 million from Bangladesh's central bank. But the researchers had little to go on. Before logging off, the hackers had effectively wiped their digital fingerprints.
The only information Bitfinex had was the
Read more on ndtv.com