In the aftermath of the recent theft of more than $65 million worth of bitcoins from Bitfinex, parts of the Bitcoin community have been wondering what role BitGo’s multisig-focused security offering may have played in the whole ordeal.
According to the company’s website, BitGo handles more than 10,000 Bitcoin transactions per day and helps its users transfer more than $1 billion worth of value per month. Many exchanges, such as Bitstamp and Kraken, use BitGo’s services.
Bitcoin Magazine reached out to Bitstamp Head of Business Development Vasja Zupan to get the exchange’s thoughts on BitGo in light of the recent hack.
Sticking with BitGo
When asked whether Bitstamp has had any second thoughts about its use of BitGo’s multisig architecture, Zupan was quick to come to the blockchain security company’s defense. “For now, Bitstamp does not see any reason for second thoughts about using BitGo’s technology,” he said. “We believe that proper implementation, regular audits, and overall strong security policies make all the difference.”
Differences with the Bitfinex Setup
While some traders may be concerned Bitstamp is using the same security offering used by Bitfinex during the hack, Zupan attempted to ease these worries by pointing out that Bitstamp’s multisig implementation is “fundamentally different from that of Bitfinex.”
“Bitstamp uses BitGo exclusively for its hot wallet, where only a small amount of bitcoins are kept (below 2 percent),” Zupan continued. “The vast majority of our bitcoins are stored offline in cold storage.”
Bitstamp was the victim of a hack in January of 2015. More than $5 million worth of bitcoin were stolen in the theft. The good news was that, unlike Bitfinex, the vast majority of Bitstamp’s funds were held in cold storage. Ironically, it was this hack that prompted Bitstamp to partner with BitGo for its multisig security offering.
Zupan also discussed other aspects of how his company’s exchange is structured to reassure traders that its system is secure.
“Aware that monitoring is crucial in the industry, we are the first virtual currency exchange to get formal oversight in place,” he said. “A key component of this is our recently acquired licence, which requires constant external financial audits, code reviews and penetration tests, examinations and the regular reporting of our financial balances. This provides the security our users require.”
“In our view, this unfortunate incident only serves to further confirm the importance of compliance, corporate governance, regulatory monitoring and auditing for virtual currency services,” Zupan added. “We, of course, hope that this issue will be resolved quickly and with a positive outcome for Bitfinex and its customers.”
Reasoning Behind Bitfinex’s Storage Setup
One of the main questions being asked of Bitfinex in the aftermath of the hack is why it decided to eliminate the cold storage aspect of its storage setup. This question was at least partially answered by Bitfinex’s Zane Tackett on the Whalepool Teamspeak server over the weekend.
“There were a lot of reasons for why we went with this implementation with BitGo; one, a big one, was transparency,” said Tackett. “Everyone has their own wallet that they can watch on the blockchain. They can see their bitcoin at any time, and we settle it once per day.”
Tackett argued that since Bitfinex offers such a high level of transparency, it is unable to cover things up when funds are lost or stolen. The details of how the exchange will secure its bitcoins in the future are unknown at this time.