Bitfinex’s Chief Technology Officer, Paolo Ardoino, has rejected the claims made by hacking group Fsociety that there has been a breach of the cryptocurrency exchange’s database. Ardoino called these claims “fake” and emphasized that no ransom request had been made through official channels, such as bug bounty programs or customer support tickets.
The rumors about Bitfinex’s alleged data breach started circulating on social media after a tweet from Alice of Shinoji Research. The tweet, which has since been deleted, gained traction when Walter Bloomberg, a well-known breaking news account, tweeted about it. Alice had claimed that Bitfinex had fallen victim to a large-scale data breach, similar to the assertions made by Fsociety on April 26.
However, Alice later corrected the record, acknowledging that their initial assertion was premature. Ardoino clarified that Bitfinex does not store plaintext passwords or 2FA secrets in clear text, which further undermines the credibility of the alleged breach. Out of the 22,500 records leaked by Fsociety, only 5,000 matched with Bitfinex users.
Ardoino suggested that the hackers likely obtained the data from other crypto-related breaches, taking advantage of the common practice of users reusing login credentials across multiple platforms. Despite Fsociety’s claims, none of the alleged victims, including Bitfinex, have acknowledged experiencing a significant data breach or engaging in ransom payment. Ardoino questioned the legitimacy of Fsociety’s assertions, as Bitfinex never received any direct communication from the hacking group.
Ardoino also shared insights from a security researcher, who suggested that Fsociety may have fabricated the claim of breaching Bitfinex to promote their ransomware tools. According to the researcher, such claims generate buzz and serve as advertisements for the effectiveness of the tool, enticing others to purchase it for potential exploitation.
Despite these allegations, Ardoino assured users that Bitfinex would thoroughly investigate the situation. As of now, no breach has been detected, and all user funds remain secure. It is worth noting that Bitfinex has had a notable hacking incident in the past, in 2016, where over 95,000 Bitcoins were compromised. Two individuals, including the self-professed crypto rapper Razzlekhan, pleaded guilty to money laundering charges related to the hack and forfeited the stolen bitcoin to authorities.