Today one of the leading digital currency exchanges, Bitfinex, announced that their hot wallet may have been compromised and have requested customers not to deposit further bitcoins until a new wallet has been created and details published.
The company was keen to emphasise that this breach affects only their hot wallet which holds less than 0.5% of client funds. The remaining 99.5% is always held in secure multi-sig environments. Bitfinex have also stated that no customers funds are at risk from this breach and have confirmed that this was only a potential breach of their hot wallet. The multi-sig storage has not been affected in any way.
This new security breach, following on the heels of Bitstamp back in January and various smaller exchanges since then suggests that the security model has not yet been nailed down. It emphasises that exchange size is no guarantee of security and drives home the need for customers to diversify their holdings, not relying on any single exchange or platform to handle all their funds.
The issue that exchanges need to address is the delicate balance between convenience and security. By providing immediate withdraw capabilities on the one hand the exchange is more convenient but less secure; multiple approval levels is more secure but will inevitably delay the withdraw process.
Digital Currency exchanges have tried to leverage off of the ability to make immediate transfers with bitcoin and offer a level of convenience not found with traditional FX brokers which rely on wire transfers. This approach may need to be reconsidered if breaches continue to be a regular occurrence.
We have reached out to Bitfinex for further details and will provide an update as soon as available.