[Isomatik]

Yep. If you're open for business to US citizens, or even really just moving USD around, you can't escape the USA's jurisdiction. And it appears Bitfinex compiled fully to AML/KYC laws for US customers dealing in USD, so everything's definitely documented.

"In prosecuting money laundering offenses, the US Department of Justice takes the position that jurisdiction exists over a financial transaction if the laundering is completed by a US citizen anywhere in the world, or by a foreign national or non-US corporation if the criminal conduct occurs in part in the United States—even if the foreign individual or company never themselves took an action in the United States, or intended for an act to occur there... US enforcement authorities increasingly operate on the assumption (unless convinced otherwise) that they have jurisdiction for such offenses whenever a suspect transaction is denominated in US dollars. http://www.whitecase.com/publications/insight/how-us-laws-ca...

https://www.mayerbrown.com/files/Publication/577b946b-8ad0-4...

[merkleme]

Wow, thats pretty staggering. I'm sure I read an article (maybe just a tweet) by Andreas Antonopoulos stating that by complying to KYC/AML that they left themselves more vulnerable to this hack.

[compil3r]

The issue comes into play that Bitfinex owned the private keys of all wallets in their possession, and the winners of positions were shown an accounting ledger through Bitfinex as opposed to having possession of their own coins. Now I can not pretend I know what happened behind the scenes with the back and forth between Bitfinex and the CFTC, but I can say that based on all evidence, Bitfinex was unable to pay out all positions within the required 28 day period. Verbiage within the original CFTC complaint suggests that the primary cause of this was Bitfinex's accounting system that was at fault.

[Isomatik]

Bitfinex could have moved to a cold storage system to make the bulk of their bitcoins secure, but doing so would have required them to register as a futures merchant and submit to additional auditing (which makes perfect sense, you can't expect to dump people's money into a shared pool only you have the books for). They chose to remain unregistered and use their multi-sig hot wallet system because the on chain transaction is enough for "proof of delivery". I'm sure someone could argue that qualifies as "The CFTC forced them to act insecurely", but Bitfinex gets zero sympathy from me for doing shit they profited from at the expense of their customers, while taking money from customers to socialize the loss.

[HairyGing3r]

No, that was misleading (nothing against Andreas). Their Bitcoins were online that's it

[merkleme]

Thanks for clearing that up.