Bitfinex CTO Confirms FSociety Database Breach Allegations Are ‘False
2 minutes read
Paolo Ardoino, CTO of Bitfinex,has refuted claims made by the hacker group Fsociety alleging a data theft.
Ardoino deemed the claims to be “false” and stressed that no ransom demand was made through official channels such as bug bounty programs, customer support tickets, emails or social media platforms.
Bitfinex Clarifies Misinformation Related to Alleged Data Theft
The misinformation about the alleged data theft at Bitfinex began circulating on social media on Saturday, apparently triggered by a tweet from Alice of Shinoji Research. Alice claimed that Bitfinex had been the victim of a large-scale data theft, echoing the claims made by the hacker group FSociety on April 26.
The tweet, which has since been deleted, gained traction after it was picked up by Walter Bloomberg, a prominent breaking news account with a large following. Walter Bloomberg tweeted, citing Shinoji Research, that Bitfinex’s data – 2.5 terabytes of information plus personal details of 400,000 users – had been hacked.
Alice of Shinoji Research later corrected the post and acknowledged her hasty claim. “Removed the original BFX hack post as I can’t edit it,” Alice [Bitfinex] explained. “Apparently this ‘flocker’ group compiled a list of Bitfinex logins from other data leaks. Then they made the site look like a ransom note for a larger data leak.”
Ardoino clarified that Bitfinex does not store passwords in plaintext nor 2FA secrets in plaintext, further diminishing the credibility of the alleged data leak. Of the alleged 22,500 email and password records leaked by Fsociety, only 5,000 matched Bitfinex users.
Ardoino suggested that the hackers likely collected data from various other crypto data leaks, taking advantage of the common practice of users using the same login credentials for multiple platforms.
Ardoino also stated “As I said on Saturday, Bitfinex’s user database was not hacked. We spent the weekend reviewing all internal data to leave no stone unturned. We concluded that the claim was false, as suspected from the beginning.” Bitfinex denies Fsociety data leak claims
Fsociety, inspired by the fictional hacker group from the television series “Mr. Robot,” claimed on its darknet homepage on April 26 that it had successfully hacked several companies, including Bitfinex, Rutgers University, consulting firm SBC Global, and a misspelled reference to Coinmama.
Despite Fsociety’s claims, none of the alleged victims, including Bitfinex, have admitted to experiencing significant data theft or paying ransom. Ardoino stressed that Bitfinex was never contacted directly by the hacking group and questioned the legitimacy of Fsociety’s claims.
In addition, Ardoino shared findings from a security researcher suggesting that Fsociety may have fabricated the claim of having breached Bitfinex to promote its ransomware tools – the tool it allegedly sells access to in exchange for a subscription fee and a commission on stolen profits.
According to the researcher, such claims create a buzz and serve as advertising of the tool’s effectiveness to entice others to purchase it to potentially exploit it. Ardoino questioned the reasons behind such actions and wondered whether FSOCIETY had successfully breached Bitfinex.
Despite the allegations, Ardoino assured users that Bitfinex will carefully investigate the situation. So far, no breach has been detected and all user funds are safe.
In Bitfinex’s history, there was a notable hack in 2016 in which over 95,000 bitcoins were compromised. Two people, including self-professed crypto rapper Razzlekhan, pleaded guilty to money laundering in connection with the hack and handed over the stolen bitcoins to the authorities.
rnrn
