Following the major hack of Bitfinex in 2016, US law enforcement has recovered 27.7 stolen Bitcoins and returned them to the cryptocurrency exchange.

The returned funds, which will be distributed amongst the exchange’s hack victims, only make up a fraction (just 0.02%) of the total stolen funds from the exchange hack that resulted in the loss of 120,000 BTC.

It gives us great pleasure to report we have received bitcoins from the U.S. government that were proceeds of the 2016 security breach. In line with our original recovery plan, this is being converted to USD and paid to RRT holders. Find out more here – https://t.co/UwCMNERes9 — Bitfinex (@bitfinex) February 25, 2019

In a blog post, the popular trading platform announced: “It gives us great pleasure to report we have received Bitcoins from the US government that were proceeds of the 2016 security breach. In line with our original recovery plan, this is being converted to USD and paid to RRT holders.”

Hack recovery plan

Following the theft on August 2nd 2016, Bitfinex took the unique approach (and a crypto exchange first) to generalise the losses across all accounts and credit BFX tokens to customers at a ratio of 1 BFX to $1 lost. The new tokens were credited after a 30% ‘haircut’ was issued to all exchange users at the time of the security breach.

At the time, the haircut was given not just to any holders of stolen BTC funds, but as 30% of all users’ USD balances at the time of the hack.

Bitfinex did eventually honour its commitment to repay the losses generalised to all exchange traders. They did this by buying back all the BFX tokens (which initially traded at around $0.30) from profits and trading fees generated by the exchange over the months following the loss of its cold storage funds.

The exchange said: “Within eight months of the security breach, all BFX token holders had their tokens redeemed at 100 cents on the dollar or exchanged their tokens for, directly or indirectly, shares of the capital stock of iFinex Inc.”

At the end of this process, all BFX tokens stopped trading (after the price traded back to $1) and Bitfinex subsequently created a tradable Recovery Right Token (RRT) for BFX holders which converted BFX tokens into shares of iFinex (Bitfinex’s holding company).

The gains from the newly recovered funds will be distributed amongst this pool of RTT token holders.

Thanking the loyal traders

Bitfinex CFO Giancarlo Devasini said: “Today we see the results of a clear and robust response strategy and the efforts of the US government. It gives us great pleasure to be able to reimburse our traders that were loyal.”

Mr Devasini then thanked the US federal law enforcement agencies for their ongoing efforts to investigate the breach and their commitment to seizing and returning stolen assets back to the Bitfinex exchange.

The CFO concluded by saying that the Singapore-based exchange will “continue to assist law enforcement with their inquiries, and also once again extend an open invitation to the hackers, or anyone harbouring information pertaining to the breach”.

A reminder of the precedent set by Bitfinex in 2016

This sequence of events since the security breach and the haircut given to all Bitfinex hack victims meant that if a user had decided to hold (and not sell) the issued BFX tokens, then eight months after the hack, they would have recovered all USD losses.

If a similar type of ‘non-catastrophic’ breach were to happen to other vulnerable crypto exchanges, then people could point to this as an example where the generalisation of losses and eventual repayment through exchange fees is a viable strategy to stay in business.

Even though only a small number of additional funds have been recovered from the 2016 hack, this story also shows a rare example of a state law enforcement agency successfully recovering stolen proceeds and working in partnership with an exchange in their plan to compensate users and victims of the theft.