Bitfinex’s CTO Paolo Ardoino has denied claims made by the hacking group Fsociety regarding a breach of the cryptocurrency exchange’s database. Ardoino labeled the claims as “fake” and emphasized that no ransom demand was made through official channels like bug bounty programs or customer support tickets. The misinformation regarding the alleged data breach began spreading on social media after a tweet from Alice of Shinoji Research. Walter Bloomberg, a prominent breaking news account, also tweeted about the alleged breach, amplifying the false information. However, Alice later corrected the record, explaining that a group known as Flocker had compiled a list of Bitfinex logins from other breaches, making it appear as if there was a major breach.
Ardoino clarified that Bitfinex does not store plaintext passwords or 2FA secrets in clear text, therefore reducing the credibility of the alleged breach. Out of the 22,500 records of emails and passwords leaked by Fsociety, only 5,000 matched with Bitfinex users. He suggested that the hackers likely obtained data from other crypto-related breaches where users reuse the same login credentials. Despite the panic caused by the allegations, Ardoino assured users that Bitfinex had thoroughly reviewed its internal data over the weekend and concluded that the claims were fake. He maintained that Bitfinex’s user database had not been breached.
Fsociety, inspired by the TV show “Mr. Robot,” claimed on its dark web homepage that it had successfully breached multiple entities, including Bitfinex. However, none of the alleged victims, including Bitfinex, acknowledged experiencing a data breach or paying any ransom. Ardoino emphasized that Bitfinex had not received any direct communication from the hackers and questioned the legitimacy of their claims. He shared insights from a security researcher who suggested that Fsociety’s motive for fabricating the claim of breaching Bitfinex may have been to promote its ransomware tools by generating buzz and enticing others to purchase the tool for potential exploitation.
Despite the allegations, Ardoino assured Bitfinex users that the exchange would continue to investigate the situation to ensure the security of all user funds. He mentioned Bitfinex’s history of a significant hacking incident in 2016 when over 95,000 Bitcoins were compromised. Two individuals, including a self-proclaimed crypto rapper named Razzlekhan, pleaded guilty to money laundering charges related to the hack and forfeited the stolen Bitcoin to authorities. As of now, no breach has been detected at Bitfinex, and all user funds remain secure. Ardoino reiterated the commitment of the exchange to the security and protection of user data.