How safe is BITFINEX?

Bitfinex cold storage maintains approximately 99.5% of user funds in an offline, multi-signature wallet; requiring 4 of 7 hardware security modules (HSMs) in possession by globally-distributed management team members to approve all transactions. In the event an administrator is compromised and forced to log into the platform, a single HSM would not be sufficient to initiate transfer of funds. The challenge to acquire enough of these devices to access cold storage is tantamount to impossible.

Bitfinex hot wallet maintains only the funds necessary to fulfil withdrawals in the queue, approximately 0.5%. To refill the hot wallet, 4 of 7 HSMs are required to initiate a transfer from the cold wallet to the hot wallet.

Bitfinex migrated to a new data server and expanded security team performed a comprehensive audit of the entire stack, including a deep analysis of all source code and dependencies.

• Intelligent load balancing and failover routing among servers to increase performance

• Real-time malicious traffic detection blocks malicious server requests

• Automatic inline mitigation measures decrease latency and increase uptime

• Leading privacy and performance through encrypted connections with HTTPS TLS 1.3

Routine penetration testing is performed by Hacktive Security to preserve the integrity of the systems under endless attack scenarios.

• Always Up-to-Date Linux Systems to Host the Platform

• Daily Automatic Encrypted Database Backups to Multiple Off-site Locations

• Encrypted User Password Storage

The security team at Bitfinex continues to audit protocol implementation at every level of the platform in order to maintain an inherently hostile environment toward intrusion; further employing routine external security audits.

Bitfinex provides a strong portfolio of user-determined security measures, and we encourage all users to review the Greenlane Conditions which significantly increase personal security, reduce the required number of confirmations for cryptocurrency deposits, and prioritize withdrawals through automatic processing.

We are developing a U2F implementation for the users to interact with their trading and wallet balances through their own hardware security modules. More information regarding U2F will be provided in an upcoming announcement.Currently implemented 2FA mechanisms:

• Google Authenticator
• Twilio
• Clef (Clef is sunsetting this product in June)

Enabling 2FA places a second level of security between an attacker and withdrawal confirmations, password changes, API key creation, and logins.

Bitfinex now offers a tor domain. Enabling this option allows users to log into their accounts through this domain.

When logged in and inactive, the browser will ping the platform every 10 minutes to keep the session alive. If disabled, the session will expire after 30 minutes of inactivity and the user’s account will be automatically logged out.

Receive an email each time someone logs into your account. The email will contain information about the IP of the authenticated user and a link to freeze your account if you suspect malicious activity.

If the IP address used to access a user’s account changes on any request, all open sessions will be immediately unvalidated and the account will be automatically logged out. This prevents session hijacking.

Limit account access by IP address. Users can provide one or more IP addresses and/or specify an IP range. Anyone without access to the whitelisted IPs is denied use of the account.

Each login to a user’s account is saved and can be personally audited.

Create API keys with advanced read/write permissions on a per-feature basis.

Pretty Good Privacy (PGP) is a data encryption and decryption program that provides cryptographic privacy and authentication for correspondence. It uses a variation of the public key system.

If a withdrawal is requested from a new IP address, the account holder will receive an email asking to review and verify the withdrawal. The period of distrust for IP changes is 24 hours.

When a new IP address is used to log into a user’s account, all withdrawals will be locked for 24 hours and the user will receive an email notification with a link to freeze the account for activity review.

Add a secret phrase to the withdrawal confirmation image. When enabled, users will see a tamper-proof image that confirms the details of a withdraw and includes the secret phrase. This additional redundancy ensures your withdrawal details have not been compromised by malware or a man-in-the-middle attack.

Set a specific withdrawal address for each currency or disable withdrawals for a currency altogether. Changing or disabling the address lock requires confirmation by email and will begin an automated 5-day withdrawal hold on the account.