Key Takeaways
- Bitfinex CTO noted that only 5k of 22.5k of the email addresses supposedly obtained from Bitfinex’s servers matched legitimate users
- Ardoino clarified that Bitfinex does not store plaintext passwords or 2FA secrets.
Leading crypto exchange Bitfinex’ chief technology officer Paolo Ardoino has refuted claims made by hacking group FSOCIETY regarding a purported breach of 22,500 customer emails and passwords .
“We’re performing deep analysis of our systems and no breach was found currently”, his post on X reads. Regarding the leaked data, Ardoino clarified that Bitfinex does not store plaintext passwords or 2FA secrets.
He took to social media to stress that only 5k of 22.5k of the email addresses supposedly obtained from Bitfinex’s servers matched legitimate users, casting doubt on the FSOCIETY’s assertions. Ardoino speculates that the hackers likely sourced the data from various other crypto-related breaches, as many users tend to reuse the same login credentials across multiple platforms.
Ardoino pointed out discrepancies in the hackers’ claims, noting that they did not contact Bitfinex directly despite alleging a breach.
“ If they had any real information they would have asked a ramson through our bug bounty, customer support ticket, emails, twitter etc. We couldn’t find any request”.
Moreover, Ardoino shared insights from a security researcher suggesting that the hacking group might be using the purported breach as a marketing tactic to promote its ransomware tools.He further stressed that the user funds are safe
The hacking group FSOCIETY has claimed responsibility for several hacks, including alleged breaches at Rutgers University, consulting firm SBC Global, and a crypto exchange referred to as “Coinmoma.”
This is not the first time Bitfinex has come under media limelight owing to its security breach. In November 2023, Bitfinex experienced a minor security incident through a phishing attack on one of its customer support representatives.
In 2016, Bitfinex was also the victim of an infamous hack that resulted in the loss of 119,576 customers’ BTC , worth around $70 million at the time. In 2022, the U.S. Department of Justice arrested two individuals, Ilya Lichtenstein and his wife, Heather Morgan, for allegedly conspiring to launder crypto connected to the hack.
Following the arrest, special agents seized over 94,000 stolen BTC from them after a search warrant allowed them to view files containing private keys to the wallet the suspects owned. Earlier this year, the U.S. government appears to have transferred out about $922 million worth of bitcoin from two crypto wallets that held funds seized from the 2016 Bitfinex hack.
Founded in 2012, the Hong Kong based crypto exchange has over 3 million active users and serves customers from around 52 countries worldwide.