In August 2016, unknown hackers stole nearly 120,000 BTC from the Bitcoin exchange Bitfinex. The company is now offering up to $400 million as a bounty for the return of the stolen funds.
In an interview, Bitfinex chief technical officer Paolo Ardoino explained the reasons behind the latest efforts to recover the funds. He also addressed the rationale behind the substantial reward that could total 30% of the lost funds.
In an official blog post four years ago, Bitfinex reported a security breach that led to the loss of 120,000 BTC.
Since 2016, the price of Bitcoin has increased from $622 to $11,400, recording a 1732% increase.
The lost funds, which were worth $65 million at the time, are now valued at around $1.3 billion.
The exchange said in a new blog post detailing the reward program on Aug 4, 2020:
“Early in the morning on August 2, 2016, hackers breached the security systems of our exchange. As a result, 2072 unauthorized transactions were broadcast on the Bitcoin network, involving 119,755 bitcoins in aggregate. We have learned valuable lessons from this painful episode, addressing the security issues and vulnerabilities associated with the theft.”
The renewed efforts of Bitfinex to retrieve the stolen Bitcoin come after four years since the incident occurred.
Ardoino said in an interview that increased activity by the hackers to move the stolen funds encouraged the company to introduce the reward program. He explained:
“Recently, there has been a spike in activity by the hackers in moving the stolen bitcoin. The situation continues to be fluid. The movements in the stolen bitcoins that we have seen over the last few weeks suggest to us that now is the time to come forward with our reward program.”
There are a few reasons the bounty could be sufficiently compelling for the hackers to return the funds.
First, on a public blockchain network like Bitcoin, it is difficult to move funds without leaving traces. The blockchain enables anyone on the network to verify and observe addresses and transactions. That complicates attempts to transfer funds without being noticed.
When Bitfinex is offering up to 30% of the lost funds as a reward if returned, the agreement could be attractive for the hackers. Ardoino said:
“It is potentially a large reward. We believe that this figure is sufficient to incentivize the hackers and those knowing the hackers to come forward, provided those parties are now prepared to try to mitigate the risks associated with holding the BTC stolen from Bitfinex in the first place.”
Second, and perhaps most importantly, Bitfinex emphasized in its statement that it would ensure the entire process is done while protecting the identities of all parties.
The Bitfinex team said:
“In order to confirm the identity of the hackers, we will request that 1 Satoshi is sent from the wallet address responsible for the hack to a wallet address specified by Bitfinex. We will work to ensure this can be done safely, thereby protecting the identities of all parties, and Bitfinex reserves the right to impose conditions on any transfers in order to verify claims and ensure a secure process.”
On June 2, blockchain tracking bot Whale Alert reported about $800,000 from the Bitfinex hack in 2016 moved to an unknown wallet. The hackers reportedly moved another $255,000 worth of BTC on May 22.