Bitfinex CTO denies new allegations of user data hack, assures funds are secure

Bitfinex
has
been
thrust
into
the
spotlight
recently
after
a
ransomware
group,
named
“FSOCIETY,”
claimed
to
have
gained
access
to
2.5TB
of
the
exchange’s
data
and

the
personal
details
of
400,000
users.
In
response
to
the
allegations,
Bitfinex
CTO
Paolo
Ardoino

clarified
that
the
claims
of
a
database
hack

appear
to
be
“fake”
and
assured
user
funds
remain
secure.

Ardoino
found

out
there
were
data
discrepancies
and
user
data
mismatches
in
the
hacker’s
posts.

The
hackers
posted
sample
data
containing
22,500

records
of
emails
and
passwords.
However,

according
to
Paolo,
Bitfinex
does
not
store
plain-text
passwords
or
two-factor
authentication
(2FA)
secrets
in
clear
text.
Additionally,
of
the
22,500
emails
in
the
leaked
data,
only
5,000
match
Bitfinex
users.

According
to
him,
it
could
be
a
common
issue
in
data
security:
users
often
reuse
the
same
email
and
password
across
multiple
sites,
which
might
explain
the
presence
of
some
Bitfinex-related
emails
in
the
dataset.

Another
highlight
is
the
lack
of
communication
from
the
hackers.
They
did
not
contact
Bitfinex
directly
to
report
this
data
breach
or
to

negotiate,
which
is
atypical
behavior
for
ransomware
attacks
that
typically
involve
some
form
of
ransom
demand
or
contact.

Moreover,
information
about
the
alleged
hack
was
posted
on
April
25,
but
Bitfinex
only
became
aware
of
the
claim
recently.
Paolo
said
if
there
had
been
any
genuine
threat
or
demand,
the
hackers
would
have
likely
used
Bitfinex’s
bug
bounty
program
or
customer
support
channels
to
make

contact,
none
of
which
occurred.

“The
alleged
hackers
didn’t
contact
us.

If
they
had
any
real
information
they
would
have
asked
a
ramson
through
our
bug
bounty,
customer
support
ticket
etc.
We
couldn’t
find
any

request,”
wrote
Ardoino.

Bitfinex
has
conducted
a
thorough
analysis
of
its
systems
and,
so
far,
has
not
found
any
evidence
of
a
breach.
Paolo
said
the
team
would
continue
to
review
and
analyze
all
available
data
to
ensure

that
nothing
is
overlooked
in
their
security
assessments.

After
news
of
a
potential
breach
surfaced,
Shinoji
Research,

an
X
user,
confirmed
the

authenticity
of
the
leak.
The
user
said
he
tried
one
of
the
passwords
in
the
leaked
information
and
received

a
2FA.

However,
at
press
time,
he
removed
his
post
and
corrected
the
previous
information.

Removed
the
original
BFX
hack
post
as
I’m
not
able
to
edit
it.
What
appears
to
have
happened
is
this “Flocker”
group
curated
a
list
of
BitFinex
logins
from
other
breaches.

They
then
made
the
site
look
like
a
ransom
demand
for
a
major
breach.

—
Alice
(e/nya)🐈‍⬛
(@Alice_comfy)

May
4,
2024

In
a
separate
post
on
X,
Ardoino
suggested
that
the
real
motive
behind
the
exaggerated
breach
claims
is
to
sell
the
hacking
tool
to
other
potential
scammers.

The
idea
is
to
generate
buzz
around
these
high-profile
(Bitfinex,
SBC
Global,
Rutgers,
Coinmoma)
hacks
to
promote
their
tool,
which
they
allege
can
enable
others
to
carry
out
similar
attacks
and
potentially
make
large
sums
of
money.

Here
a
message
from
a
security
researcher
(that
instead
of
panicking,
trying
to
dig
a
bit
more
into
it).

“I
believe
I
start
to
understand
what
is
happening
and
why
they
are
sending
these
messages
claiming
you
were
hacked.
The
message
in
the
screenshot
in
the
ticket
came
from
a…

pic.twitter.com/YjwG2eeXw2

—
Paolo
Ardoino
🍐
(@paoloardoino)

May
4,
2024

Additionally,
he
questioned
why
the
hackers
would
need
to
sell
a
hacking
tool
for
$299
if
they
had
really
accessed
Bitfinex
and
obtained
valuable
data.