Digital currency exchange Bitfinex has been going through a sticky patch of late, having been knocked temporarily offline on Monday due to a distributed denial-of-service (DDoS) attack that was reminiscent of a similar incident from a few days prior.
After first tweeting that “Platform is currently under heavy load and we are working to bring it back online”, the Hong Kong-based cryptocurrency exchange platform confirmed shortly afterwards the true nature of the cyberattack.
Normal operations were back up and running within an hour. This outage was preceded by another DDoS attack, on November 26, which “started during earlier maintenance and has been ongoing since”, according to a tweet posted by Bitfinex that same day.
The cast of characters behind the attacks, or their motives, are unclear. However, the onslaughts came at a time when the bitcoin price hit new highs, possibly triggering efforts on the part of cybercriminals to manipulate and cash in on the price.
Sandwiched between the two attacks was a ‘flash crash’ that reportedly hit Bitfinex last Wednesday and prompted some traders to report severe losses after the prices of cryptocurrencies NEO, OMG, and ETP plummeted by as much as 90%, causing the closing of their positions. Bitfinex argued that it was operating as normal, however.
Another major digital currency exchange, Coinbase, experienced its own flash crash in June, ultimately drawing regulatory scrutiny.
Trading also went berserk a little over two years ago, resulting in a drop of 14% in Bitcoin’s price within a span of some 30 minutes.
Until last week, Bitfinex was the top exchange for U.S. dollar-bitcoin trading in terms of trading volume before it was surpassed by Coinbase.
Much like other cryptocurrency exchanges, Bitfinex is no stranger to being on the receiving end of cyberattacks. On top of experiencing multiple DDoS attacks, Bitfinex landed in hot water in August 2016 following a massive cyberheist. Before the exchange bounced back, the incident may have afforded many traders a sort of déjà vu experience, sparking fears that Bitfinex could go the way of Mt. Gox. That Bitcoin exchange collapsed in 2014 after losing $500 million of customer money to hackers, itself another stark reminder that cryptocurrency trading is not for the faint-hearted.
The largest crypto-mining exchange NiceHash has also been hacked, which resulted in the theft of more than 4,700 Bitcoins worth over $57 million (at the time of breach, and $70 million just 24 hours later).
The Hacker News reports that “on Wednesday, several NiceHash users reported that their BTC wallets had been emptied, which was later confirmed by NiceHash after its service went offline claiming to be undergoing maintenance. The company did not provide any further details about the security incident, but it did say that NiceHash has paused its operations for next 24 hours while it figures out exactly how many numbers of BTC were swiped from its website and how it was taken.”
written by Tomas Foltyn ESET We Live Security and
Urban Schrott, ESET Ireland