Bitfinex deemed ‘sole victim’ eligible for recovery of $7.4 billion Bitcoin hack
A new US government filing suggests that Bitfinex may be the sole entity eligible for restitution in connection with the 2016 hack that resulted in the theft of approximately 120,000 BTC.
The document states,
“The government is not aware of any person who qualifies as a victim under the CVRA or for restitution under the MVRA, beyond perhaps Bitfinex, the Victim Virtual Currency Exchange (‘VICTIM VCE’).”
As reported by court documents, this positions Bitfinex as the primary party affected by the cyberattack.
Following the hack, Bitfinex reduced all customer account balances by 36% to distribute the losses incurred. In compensation, the exchange issued BFX tokens to customers, who could sell, redeem, or exchange them. By April 2017, all BFX tokens had been redeemed, with some customers opting to receive shares in Bitfinex’s parent company, iFinex. The filing notes, “iFinex believes that it is the sole victim with sustained financial losses from the hack.”
This development indicates that restitution efforts will likely focus on Bitfinex rather than individual account holders, as the exchange has already compensated users through alternative means. Per Bitfinex’s official announcements, the company has been actively collaborating with law enforcement agencies to recover the stolen assets. In February 2022, US authorities seized 94,643 BTC connected to the hack, valued at approximately $3.6 billion at the time.
In July 2023, Bitfinex announced receiving $312,219.71 in cash and 6.917 Bitcoin Cash (BCH) from the US Department of Homeland Security as part of ongoing recovery efforts. The exchange has contractual obligations to token holders, specifically those holding Recovery Right Tokens (RRTs) issued after the 2016 incident. Bitfinex plans to use recovered funds to redeem these RRTs and, after fulfilling these obligations, intends to allocate up to 80% of any remaining assets to UNUS SED LEO token holders.
As reported by Bitfinex, the situation involves complex legal proceedings and potential claims from various parties. The determination that Bitfinex is the sole victim for restitution purposes may streamline the legal process, focusing efforts on returning assets to the exchange. Bitfinex’s proactive measures following the hack, including compensating users and engaging with authorities, have positioned it to recover a significant portion of the lost assets.
The 2016 Bitfinex hack remains one of the largest security breaches in crypto history. At the time, the theft had a significant impact on the market and raised concerns about the security of digital asset exchanges. Bitfinex’s immediate response involved a controversial strategy of socializing the losses by adjusting all customer accounts, which sparked debate within the crypto community.
Despite initial criticism, Bitfinex’s approach allowed it to remain operational and eventually compensate its users. The issuance of BFX tokens served as an interim solution, providing customers with a path to recover their funds either through redemption or conversion into equity. By April 2017, the successful redemption of all BFX tokens marked a milestone in the exchange’s recovery efforts.
With customers compensated and no other parties identified as victims under the Crime Victims’ Rights Act (CVRA) or the Mandatory Victims Restitution Act (MVRA), the focus narrows to the exchange itself. This development may expedite the legal procedures required to return the seized assets.