“Seems Fake” Bitfinex CTO Debunks Database Breach Rumors

Recent claims by the hacking group Fsociety about penetrating the cryptocurrency exchange Bitfinex’s database and leaking 22,500 customer emails and passwords have been questioned by Bitfinex’s chief technology officer, Paolo Ardoino.

He suggests the allegations lack credibility, pointing out the absence of a ransom demand which is unusual for genuine data breaches.

Everyone panicking for a potential database breach on bitfinex.
Tldr: seems fake.

The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords.
– we don't store plaintext passwords, nor 2FA secrets in clear text.
– only 5k of 22.5k…

— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024

Ardoino explained on a post dated May 4 on the social platform X that genuine hackers would typically request a ransom through various communication channels such as a bug bounty, customer support tickets, or social media.

“If they had any real information they would have asked a ramson through our bug bounty, customer support ticket, emails, Twitter, etc. We couldn’t find any request,” he stated.

He further noted that the company does not store sensitive information like plaintext passwords or 2FA secrets in an unsecured manner.

Bitfinex CTO Dismisses Breach Claims as ‘Pure FUD,’ Says No Group Has Claimed Bounty #crypto #ransomware #bitfinexbreach https://t.co/7CtNoYRZx5

— Bitcoin.com News (@BTCTN) May 5, 2024

Regarding the specifics of the data alleged to be compromised, Ardoino mentioned that only about 5,000 of the 22,500 claimed records matched Bitfinex users, suggesting the possibility that the hackers might have compiled this data from previous breaches involving other platforms.

Ardoino highlighted that it is common for users to reuse the same login credentials across multiple sites, which can lead to such misinformation.

Additionally, he relayed insights from a security researcher, who speculated that the purported breach might actually be a marketing ploy by the hackers to promote their data retrieval tool.

Last but not least.
Security researchers tested different of those emails/passwords and said they work at least on other 2 exchanges…

— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024

The narrative posited by the researcher suggests that the hackers use claims of high-profile hacks as advertisements for their hacking tool, which they claim can generate substantial profits.

Despite these allegations, Ardoino reassured users that ongoing investigations have yet to confirm any breach and affirmed that all user funds remain secure.

This incident isn’t the first cybersecurity challenge faced by Bitfinex.

In November 2023, a phishing attack targeted Bitfinex users following the compromise of a customer support agent’s account.

#Bitfinex recently faced a minor phishing attack in early November, but fortunately, there was no loss of assets.

The attack occurred after the account of a customer support employee was compromised. The attacker was able to access a portion of the customer support record, which… pic.twitter.com/2ZT7vr0zlr

— IDO | Presale Insights (@IDO_Insights) November 6, 2023

Although this resulted in minimal damage, it serves as a reminder of the persistent threats in the cryptocurrency space.

Moreover, Bitfinex still recalls the significant 2016 security breach that led to the loss of 119,576 Bitcoin, valued at approximately $70 million at the time and around $7.6 billion by today’s standards.

Bitfinex Security Breech: https://t.co/9Y56DYoSDn

— Bitfinex (@bitfinex) August 2, 2016

As Bitfinex continues to scrutinize the situation, they emphasize the safety of user assets and the robustness of their security measures.

About The Author