Clavister Blog Staff

Security lessons from the $70 million Bitfinex bitcoin heist

In Blog post by Clavister Blog Staff

Nearly 1% of all the Bitcoins in circulation are estimated to have been stolen in a hack of the Hong Kong-based Bitfinex exchange.  Nearly 120,000 Bitcoins were stolen in an attack that forced the platform to suspend trade – at that time, the value of the stolen cryptocurrency stood at $72.3 million. The loss caused the overall value of Bitcoin to drop 20%, and it has yet to fully recover.  Bitfinex also recently announced it is ‘sharing’ the losses across its users by reducing the value of their accounts by 36%, which has caused further controversy.

Bitfinex has dismissed suggestions that the breach resulted from tampering with encryption or affecting the security of the currency blockchain.  This means the currency was likely to have been stolen from a storage ‘vault’ – which in turn suggests a breach of traditional IT security measures.  This is only the latest in a strong of high profile attacks to have targeted Bitcoin – around $230,000 was stolen from the ShapeShift trading platform in April, while more than $2 million was lost from Gatecoin in May.

And it’s not just Bitcoins that are being targeted in huge heists. A massive $81 million was stolen from the Bangladesh Bank earlier this year, by cybercriminals who had compromised the SWIFT international wire transfer network.

What, then, can we learn from these audacious attacks?  What do banks and bitcoin exchanges alike need to do to mitigate the risks of being targeted?

Crucially, no matter how sophisticated the cyberattack, basic principles of network architecture and visibility remain – and these principles apply to all organizations. You don’t need to be running a national bank or a currency exchange to benefit from the same strategies.

Shrinking your network attack surface, for example, is always a useful process, since it reduces the potential routes in and points of vulnerability for cybercriminals. It is a simple step with a big impact.  Using the capabilities of next-generation firewalls to filter and block traffic with application awareness gives stronger, more granular access control.

Network segmentation is also critical, which silos your most important data into separate areas within your environment, and restricts users to only the areas they absolutely need to access.  Such segmentation means that should the worst happen and an attacker make it into your network – the damage they can do is drastically reduced because their lateral movement is restricted.  Network segmentation also helps to give you more logical, structured and clear visibility into what is happening across your infrastructure, and who has access to what.

Similarly, if like many organizations, you have virtualized some of your network, then you must specifically consider virtualized security solutions, allowing you to see into your environment when it no longer exists on tin boxes and cables.

Indeed, as corporate networks become increasingly complex and multifaceted – whether due to internal growth, growing numbers of external partnerships and relationships, or simply rapidly developing technology including the Internet of Things (IoT), then security between those networks is increasingly important. It is no longer enough to secure your perimeter – you must secure network traffic at all points on its journeys.

The Bitfinex and the attacks on the SWIFT network both show that overall security posture is not just a matter of protecting your own network, but also about the security of those networks that touch your network. We are, rightly, moving towards a more holistic view of network security, which recognizes how interconnected and interdependent different organizations are.  Network security has never mattered more.