In an interesting turn of events, Paolo Ardoino, Bitfinex's chief technology officer, denied rumors about the exchange being involved in a large-scale data breach. This came in response to allegations of a major security breach by hacking group FSOCIETY just over a week ago.
On April 26, FSOCIETY claimed on its dark web homepage that it had successfully breached security measures and obtained sensitive data of several entities, including Bitfinex. Other organizations contacted by the group include Rutgers University, SBCGlobal, and Coinmoma (possibly a misspelling of the Coinmama cryptocurrency exchange).
FSOCIETY, in its letters to the alleged victims, gave a seven-day ultimatum to each organization to make a significant payment to avoid leakage of sensitive data. Despite the one-week deadline, none of these organizations have confirmed a server breach or ransom payment.
Bitfinex CTO responds to data breach rumors
On Saturday, May 4, he met with Bitfinex CTO Paolo Ardoino Go to X platform To share a message about the alleged breach of the exchange's servers and security. According to the CTO, the ransomware group never directly contacted the exchange about any data breach, as they only learned about the claim on Friday, May 3.
Everyone is panicking about the possibility of the Bitfinex database being hacked.
Tldr: It looks fake.The alleged hackers posted two massive links with sample data containing 22.5 thousand email and password records.
– We do not store plain text passwords, nor 2FA secrets in clear text.
– Only 5 kilos out of 22.5 kilos…— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024
Arduino, who is also the CEO of Tether, stated that only 5,000 of the 22,500 supposedly stolen emails matched messages from Bitfinex customers. The exchange CEO claims that the hackers only collected a database of emails/passwords from various cryptocurrency hacks.
Arduino added in his post:
Unfortunately, most users use the same email/passwords across multiple sites. We are conducting a deep analysis of our systems and currently no breach has been found. The KYC platform also has significant rate restrictions which may not allow downloading in large quantities.
While describing the data breach rumors as pure FUD (Fear, Uncertainty, and Doubt), Bitfinex's CTO stressed that they will continue to evaluate the situation to ensure “no stone is left unturned.” Arduino also assured users of the exchange that all funds are safe.
The data breach claim was a marketing strategy: a security researcher
In a follow-up post on X, Paolo Ardoino Message revealed From an independent security researcher about the alleged data breach. According to the unnamed investigator, FSOCIETY's data breach claim was a ploy to market their ransomware products.
Source: Paolo Ardoino/X
The text of the researcher's message was:
I think I'm starting to understand what's going on and why they're sending these messages claiming you've been hacked. The message in the screenshot in the ticket came from the TG channel (not reporting here to avoid helping them with free advertising). It looks like they are selling a used tool that is supposed to be usedIt was also used to hack Bitfinex and Rutgers.
With this revelation, Arduino cast doubt on the credibility of their claims of hacking various organizations. “If they actually hacked Bitfinex, do they really need to sell things for $299?” the CTO said.
Total cryptocurrency market capitalization at $2.271 trillion on the daily timeframe | Source: TOTAL chart on TradingView
Featured image from Bitfinex, chart from TradingView