An Open Letter to Bitfinex
Hi all, a trader here. The motivation of the post is to address my concerns about Bitfinex regarding the priority and transparency of their announcements post hack. I have posted issues about Bitfinex in the past such as the finex flash crash. I will not be sugar coating any of this and give it straight.
Now that a hack has occurred and BTC lost, what is the motivation in bringing up the site up first instead of resolving the security vulnerability? Bitfinex has been working "tirelessly", but the business decision is to go ahead to open up the exchange rather than other pressing concerns. Just like the bitfinex trading engine flash crash, they decide to continue trading operation without explaining the technical details (Transcript of Phil didn't explain any technical problem to the platform)
Have you considered the fact that certain clients under the same bank have the right to withdraw USDs even though online withdraws are not possible yet? This is certainly a possible scenario since the USD are owned by clients. This creates a scenario where certain creditors are treated differently than others. For example, you have clients in fully insured FDIC accounts using SynapsePay taken from your website. Notice the language here, your fund, not BFX fund:
BFXNA has also partnered with SynapsePay. SynapsePay is a white label application program interface provider that allows you to transmit and receive funds to SynapsePay’s banking partners in the United States. This relationship is designed to hold your funds in fully regulated U.S. financial institutions. Where your funds are held with SynapsePay’s banking partners, they are FDIC insured up to a balance of $250,000.00.
- As a trader and software developer, it could take a long time to figure out the exact fix for a bug without creating further vulnerabilities. It is possible that the bug is in an area where it is thought to be impossible. Have you considered that your website is vulnerable at this point? Sure, your BTC is in cold storage, a hacker could still mess with clients USD, crypto balance, credentials, trading history? Bitstamp had to rebuild their site from scratch the last time they were hacked. Their full report didn't come month later. If the hacker got access to the BTC balance and bitgo approval last time, can’t said hacker also potentially have access other account information?
I question Bitfinex's CSO and CEO's business decisions for the points above. Your actions post hack are not inline with what we expect from a company that "Invest in the future”