Taolei Shen: Black Swan Bitfinex plunges the price of currency, short-term wait-and-see

In the early morning of August 3rd, Beijing time, Bitfinex, the largest USD Bitcoin trading platform, announced that due to a security vulnerability found on the website, nearly 120,000 Bitcoins were stolen, with a total value of approximately US$75 million, and that "Bitcoin trading and withdrawal services will be temporarily closed". Why were the Bitcoins stolen from Bitfinex? What impact will it have on the future market trend? How can industry security be guaranteed? Daily Economic Reporter had a detailed exchange with Mr. Shen Taolei, CEO of Leiying Investment.

The biggest vulnerability in the Bitfinex security incident may be the hot wallet security mechanism

NBD: Bitfinex had a coin theft problem this morning, which had a relatively large impact on the industry's trends. I learned from the industry that Bitfinex's security design is different from other platforms. What kind of security implications does this coin theft problem have for the industry?

Mr. Shen: According to Lei Ying’s monitoring data, at 2:00 a.m. on August 3, Bitfinex interrupted all market trading data. A few minutes later, its official website went offline and only published a statement about the security vulnerability incident. By monitoring the data of Huobi.com, we found that before the disclosure of this incident (2:00 a.m.), the RMB price of BTC was 4,002.01 yuan and the trading volume was 6,968.7945. After the disclosure of the incident, the price of BTC plummeted. By 6:45 a.m. on the 3rd, it had fallen to 3,196.37 yuan, a decrease of 20.13%. At its lowest point, it fell to 3,005 yuan. The trading volume increased to 40,479.2063 BTC, an increase of 480.86%. The changes in both volume and price were large, which has become one of the most influential events in the Bitcoin industry. By 13:00 that afternoon, the price of BTC rebounded to 3,560 yuan. Although the trading volume had dropped to around 13,000.0507, it was still twice that before the disclosure of the Bitfinex security vulnerability incident. At the same time, the price rebounded by 11.38%.

For security reasons, each exchange will not disclose the core technical architecture of the BTC wallet, but from the information in the Bitfinex announcement, we believe that its biggest vulnerability lies in the hot wallet security mechanism. Bitfinex has selected a security platform company called BitGo to implement a multi-signature mechanism for users' hot wallets in order to achieve safe storage of users' BTC. However, BitGo first needs to assume that all instructions issued by Bitfinex are correct and safe, and it is very likely that problems have occurred in the process of Bitfinex issuing instructions.

Lei Ying has been studying the security mechanism of wallets, among which the user experience is a major contradiction. The biggest security mechanism is cold and hot wallets, which require a lot of manual review, which reduces the user experience. In order to pursue the ultimate user experience, a lot of automated processing is needed. From the current situation of Bitfinex, it has adopted a lot of automated processing mechanisms in order to achieve a certain degree of security through the multi-signature blockchain mechanism. We believe that this security vulnerability incident shows that the automated mechanism set by Bitfinex has failed to a certain extent. Lei Ying has always emphasized that there is a more reliable mechanism between automation and cold and hot wallets. It needs to grade the automated processing signals, that is, the security rating mechanism. For each BTC transfer instruction request, there is a graded assessment from data tracing, data security confirmation, address security confirmation, etc. In addition, a complete risk control mechanism based on data should be established. For example, if a withdrawal or transfer instruction is suddenly found from an address in the short term, the corresponding security level needs to be triggered at this time, and different security plans need to be adopted to minimize the risk in time.

Improving Bitcoin Industry Security by Addressing Both the Symptoms and the Root Causes

NBD: What do you think this incident can teach the entire industry about security?

Mr. Shen: We believe that the security of the industry can be improved from the following two aspects. First, from the user's perspective, the user's security awareness needs to be enhanced. Users should have Internet security awareness, regularly change transaction and login passwords, and keep them relatively complex and properly. The industry is currently in a stage of rapid development, and some emerging exchanges have emerged. Users should be cautious in choosing exchanges and choose exchanges with more complete security mechanisms. For example, Huobi.com, which we are familiar with, has not had any BTC security incidents in the three years since its establishment. It is relatively complete in terms of cold and hot wallet mechanisms.

Second, for exchanges, Bitcoin is a cryptographic digital currency, and the privacy protection mechanism of the blockchain is very complete, which is particularly favored by hackers. Therefore, exchanges must continue to improve security issues, including technical standards, security mechanisms, software and hardware facilities, and continue to improve the pre-control of some known risks. In addition, the internal management regulations of exchanges must also be continuously improved. From different aspects of specimens and part-time jobs, the ability of exchanges to improve their security mechanisms should be improved.

Short-term market fluctuations, temporarily wait and see

NBD: Mr. Shen, what impact do you think this coin theft incident will have on investor confidence and subsequent market conditions?

Mr. Shen: Bitfinex CEO has now confirmed that a total of 119,756 BTC have been lost, worth approximately $62 million, or approximately RMB 411,283,200. This is not the first time that such an incident has occurred at Bitfinex. It also had a hot wallet private key security vulnerability incident on May 22, 2015, when the loss accounted for 0.5% of its exchange deposits. In the short term, it is difficult to accurately judge the impact of this incident. We need to see how long it will take for the trading volume to return to the normal value before the security incident. In addition, the total number of stolen coins is currently close to 120,000. How will the hackers use them? Will there be a subsequent impact on the market? There is a lot of uncertainty.

In fact, digital asset transaction security and exchange data analysis have always been one of Lei Ying's research areas. Lei Ying also provides some digital asset exchange security solutions. We are now monitoring all the data on the blockchain, especially the nearly 120,000 BTC that have been lost. We are doing real-time monitoring. We believe that when the data returns to normal, the market analysis will be more accurate. I personally think that in the short term, the market will fluctuate, and it is recommended to wait and see for the time being.