God forbid that these are suburban areas where public transit effectively makes no sense for the loosely-packed population- you might as well be blowing away $ building parking spaces half a mile away.
Places which (b) happen already have (a) and vice-versa.
If BitGo was compromised, 1 of the 2 remaining keys still must be used to sign the transaction. BitGo has no access without either of the 2 keys that Bitfinex controls.
Bitfinex uses BitGo for multi-signature (MultiSig) transactions. 2-of-3 signatures must be present for user funds to be released.
Keys present:
- Offline key held by Bitfinex
- Online key held by Bitfinex to initiate user withdrawals
- Online key held by BitGo to confirm user withdrawals are within constrained limits in a set timeframe
zanetackett, Product Development of Bitfinex, confirmed that Bitfinex's offline key was not compromised. The attack was also not internal [1]. Another set of comments also suggested that BitGo limits were set in place by Bitfinex [2-3].
The automatic limits are designed to constrain BitGo from signing any transaction from Bitfinex that are irregular in volume or exceed a set amount in any rolling timeframe. Somehow they were bypassed. What we have currently suggests that the limits were too large or that BitGo was not enforcing the limits. BitGo and Bitfinex are also separate established entities, so that both of them being compromised for this attack is unlikely. An improper setup between Bitfinex and BitGo is more likely.
For those of you complaining about the title being all caps, it was done so for aesthetic purposes. Which means somehow the submitter went through the time to uppercase each character of the HN title before submitting.