BitFinex: Déjà vu all over again

If you haven't heard by now, BitFinex has been hacked and has not resumed trading. You can't withdraw (or deposit) cash or bitcoins and it is still unknown whether customers will be made whole.

If you've been around Bitcoin for a while, this should be familiar territory. Bitcoin exchanges that have been hacked and gone bankrupt are legion, the most famous, of course, being Mt. Gox.

Mt Gox, at one point, accounted for 80% of the bitcoin trading. They were by far the most heavily used exchange and despite the onerous and slow process to trade there, most people that wanted to trade bitcoins did so there. This is most likely due to the network effect and the liquidity provided by the large numbers of people that were trading there, but that's a post for another time.

What interests me is the fact that Mt Gox in the first 2013 runup had an outage similar to Bitfinex's outage in June. If you don't remember, on April 10, 2013, Mt Gox halted trading because their software (order book/matching engine/etc) couldn't keep up with the tremendous demand. The subsequent outage led to a shocking and sudden downfall of the bitcoin price, which led to a depressed state for bitcoin until the October runup the same year. Of course, the failure of Mt Gox 8 months later is well documented.

Bitfinex, if you don't remember had a similar incident on June 21, 2016. They had an outage that lasted several hours where they were online for minutes and then shut down for hours again. Price of bitcoin fell quickly during this time as their order book was decimated. Now a month and a half later, we're in a situation similar to Mt Gox where Bitfinex itself is threatened and may be wiped out.

So what are we to make of this seeming correlation between uptime/capacity and being hacked? Perhaps it means that unplanned downtime is an excellent indicator of whether a company has their IT infrastructure together. After all, if you can't be trusted to have at least some redundancy and provide for large capacity, how much can you be trusted to hold user funds? Perhaps an event like a service outage reveals certain weaknesses which an attacker can exploit.

This is just another reminder that security and uptime are really, really hard. You need a lot of experience and talent to be able to do both correctly and I speculate that both these companies were lacking definitely in the former and probably in the latter.

So what does this mean for steemit? First, you should be encouraged that this site hasn't had significant downtime. That speaks to both talent and experience of the people running this platform. Second, if you start seeing outages, you should start considering moving whatever funds you have.