Part of the CustodyStress archive of observed Bitcoin custody incidents
CS-00295
Neither Bitfinex nor BitGo published a full forensic report.
ConstrainedCase description
The Bitfinex post-hack investigation never produced a definitive public account of how the attacker obtained Bitfinex's co-signing key or circumvented BitGo's transaction-level security policies. Bitfinex stated that BitGo's API had been called legitimately by the attacker using valid credentials. Neither Bitfinex nor BitGo published a full forensic report. The mechanism remained officially unexplained as of the end of 2016.
Custody context
| Stress condition | Documentation absent |
| Custody system | Exchange custody |
| Outcome | Constrained |
| Documentation | Unknown |
| Year observed | 2016 |
| Country | Hong Kong |
Structural dependencies observed
What this illustrates
Nobody had written down how to get back in. That knowledge existed only in the owner's head. Whether full access was ultimately possible is unclear, but significant delay or outside intervention was involved.
Outcome interpretation
Access remained possible, but only with delay, dependence, or significant difficulty.
Source
Publicly Reported
Evidence type
News article
Related cases involving documentation absent
This archive documents observed custody survivability failures. It does not attempt to document all Bitcoin losses or security incidents.
Submit a case
← All cases
Framework references
Where Bitcoin Custody Intersects Legal and Fiduciary Authority
Where custody creates gaps in estate planning, fiduciary duty, and professional responsibility.
Professional Scope Boundary Matrix
What each professional or product covers, what they do not, and where gaps form between them.
The Independent Assessment Layer in Bitcoin Custody
How independent diagnostic layers emerge when multiple parties depend on shared infrastructure.
Translate