The Chief Technology Officer of Bitfinex, Paolo Ardoino, has refuted claims made by the hacking group Fsociety regarding a breach of the cryptocurrency exchange’s database. Ardoino dismissed the claims as “fake” and clarified that no ransom requests were made through official channels such as bug bounty programs, customer support tickets, emails, or social media platforms. The misinformation surrounding the alleged data breach began circulating on social media and gained traction after being picked up by a prominent breaking news account. However, Ardoino emphasized that Bitfinex does not store plaintext passwords or 2FA secrets in clear text, casting doubt on the credibility of the alleged breach.
It was revealed that the hacking group Fsociety likely gathered data from various other crypto-related data breaches and curated a list of Bitfinex logins from those breaches. Out of the purported 22,500 records of emails and passwords leaked by Fsociety, only 5,000 matched with Bitfinex users. Ardoino suggested that the hackers exploited the common practice of users utilizing the same login credentials across multiple platforms. Despite the allegations, no breach has been detected, and all user funds remain secure at Bitfinex. Ardoino assured users that the cryptocurrency exchange would diligently investigate the situation and took measures to review all internal data to ensure the security of user information.
Fsociety, inspired by the fictional hacking group from the television series “Mr. Robot,” claimed on its dark web homepage that it had successfully breached several entities, including Bitfinex. However, none of the alleged victims, including Bitfinex, acknowledged experiencing a significant data breach or engaging in ransom payment. Ardoino questioned the legitimacy of Fsociety’s assertions and shared insights from a security researcher suggesting that the group’s motive may have been to fabricate the claim of breaching Bitfinex to promote its ransomware tools. The researcher indicated that such claims generate buzz and serve as advertisements for the tool’s effectiveness, enticing others to purchase it for potential exploitation.
Bitfinex’s history includes a notable hacking incident in 2016, during which over 95,000 Bitcoins were compromised. Two individuals, including the self-professed crypto rapper Razzlekhan, pleaded guilty to money laundering charges related to the hack and forfeited the stolen bitcoin to authorities. Despite the allegations made by Fsociety, Bitfinex remains steadfast in ensuring the security of user funds and investigating any potential threats. Ardoino reassured users that the cryptocurrency exchange would continue to monitor the situation closely and take necessary measures to safeguard user information. In light of the false claims of a data breach, Bitfinex remains vigilant and committed to upholding the highest standards of security and transparency for its users.
