Nostr

The setup was not designed with security in mind, but rather with regulatory arbitrage in mind: at the time bitfinex was fighting with the US Gov about their lack of financial compliance and this was an attempt to say "we do not hold customer funds so we do not have to comply."

ODELL 3y ago

The result was an insecure setup where bitgo blindly signed any bitfinex customer withdrawal request without additional authorization, by design.

An extremely insecure setup that could have been easily compromised through effective social engineering.

Reply to this note

Please Login to reply.

Discussion

No replies yet.