A recent US government filing suggests Bitfinex may be the only entity eligible for restitution related to the 2016 hack that resulted in the theft of around 120,000 BTC.

The document states, “The government is not aware of any person who qualifies as a victim under the CVRA or for restitution under the MVRA, beyond perhaps Bitfinex.” This positions the exchange as the primary victim of the cyberattack, indicating that restitution efforts will likely focus on Bitfinex rather than individual account holders, as the exchange has already compensated users. As the only identified victim under relevant laws, Bitfinex may streamline the legal process to recover assets. The 2016 hack remains one of the largest breaches in crypto history, sparking significant market concerns.

After the hack, Bitfinex reduced all customer account balances by 36% and issued BFX tokens, which were fully redeemed by April 2017. The filing highlights that iFinex, Bitfinex’s parent company, believes it is the sole victim with sustained financial losses.

Bitfinex has actively worked with law enforcement to recover stolen funds, including 94,643 BTC seized by US authorities in February 2022, now valued at approximately $5.8 billion. In July 2023, Bitfinex announced receiving $312,219.71 in cash and 6.917 Bitcoin Cash (BCH) from the Department of Homeland Security for ongoing recovery efforts.

The exchange has contractual obligations to holders of Recovery Right Tokens (RRTs) issued post-hack. While these funds will first go toward redeeming RRTs, any remaining assets will be allocated to UNUS SED LEO token holders.

Resources:

Filing