Bitfinex CTO confirms no data breach, cites fake allegations

Bitfinex
Chief
Technology
Officer
Paolo
Ardoino
has
confirmed
that
recent
data
breach
allegations
involving
the
cryptocurrency
exchange
were
unfounded.

Ardoino,
addressing
the
rumors,
stated
unequivocally
that
Bitfinex’s
user
database
remains
secure
following
a
thorough
internal
review
over
the
weekend.

The
allegations

surfaced
last
Saturday
when
Alice
of
Shinoji
Research
posted
that
Bitfinex
had
suffered
a
significant
data
breach.
The
post,
later
deleted,
was
based
on
assertions
from
a
hacking
group,
FSociety,
which
claimed
responsibility
for
the
supposed
breach
on
April
26.
The

tweet
suggested
that
about
2.5
Terabytes
of
data
and
personal
details
of
400,000
users
had
been
compromised.

Ardoino’s
review
of
Bitfinex’s
systems
revealed
no
evidence
of
a
breach.
The
CTO
explained
that
the
data
in
question
was
not
extracted
from
Bitfinex’s
servers
but
was
instead
compiled
from
previous
unrelated
breaches.
The
compilation
was
misrepresented
as
a
breach
of
Bitfinex,
leveraging
recycled
credentials
to
create
a
false
alarm.

Alice
of
Shinoji
Research
has
since

retracted
the
initial
claim,
clarifying
the
misunderstanding
in
a
follow-up
statement.
She

indicated
that
the
information
was
erroneously
presented
as
a
new
incident
while
it
involved
old
data
from
various
breaches
collected
by
another
group
known
as
Flocker.
The
misrepresentation
was
intended
to
simulate
a
ransom
demand,
exploiting
the
fears
of
a
major
breach.

Ardoino

believes
this
incident
stresses
the
risks
of
reusing
passwords
across
multiple
platforms,
a
common
practice
that
can
lead
to
security
vulnerabilities.
He
took
the
opportunity
to
urge
users
to
employ
unique
passwords
for
different
services
to
enhance
security,
especially
on
platforms
handling
sensitive
financial
information.