Bitfinex has recently received attention after a ransomware gang known as “FSOCIETY” claimed to have gotten access to 2.5TB of the exchange’s data as well as the personal information of 400,000 customers. In reaction to the allegations, Bitfinex CTO Paolo Ardoino stated that the reports of a database hack appear to be “fake” and that user assets are still secure. Ardoino discovered that the hacker’s posts had data anomalies and user data incompatibilities.
The hackers shared sample data, which included 22,500 emails and passwords. However, according to Paolo, Bitfinex does not keep plain-text passwords or two-factor authentication (2FA) secrets in clear text. Furthermore, just 5,000 of the 22,500 emails in the released data are from Bitfinex users.
According to him, there could be a widespread problem in data security: users frequently reuse the same email and password across different sites, which could explain the inclusion of certain Bitfinex-related emails in the dataset.
Another feature is the hackers’ lack of communication. They did not contact Bitfinex directly to report or negotiate the data breach, which is unusual for ransomware operations, which usually include some type of ransom demand or contact.
Furthermore, information concerning the purported hack was posted on April 25, but Bitfinex only recently learned about the accusation. Paolo stated that if there had been a legitimate threat or demand, the hackers would have most likely made contact through Bitfinex’s bug bounty program or customer care channels.
“The alleged hackers didn’t contact us. If they had any real information they would have asked a ramson through our bug bounty, customer support ticket etc. We couldn’t find any request,” wrote Ardoino.
Bitfinex has thoroughly analyzed its systems and has discovered no sign of a breach. Paolo stated that the team would continue to evaluate and analyze all available data to guarantee that nothing is neglected in their security evaluations.
After reports of a probable breach appeared, Shinoji Research, an X user, confirmed the legitimacy of the material. The user stated that he tried one of the passwords from the released database and obtained a 2FA.
However, by press time, he had withdrawn his message and rectified the earlier information.
Removed the original BFX hack post as I’m not able to edit it. What appears to have happened is this “Flocker” group curated a list of BitFinex logins from other breaches.
They then made the site look like a ransom demand for a major breach.
— Alice (e/nya)🐈⬛ (@Alice_comfy) May 4, 2024
In a separate post on X, Ardoino indicated that the true motivation for the overblown breach claims is to sell the hacking tool to other potential scammers.
The goal is to generate publicity around these high-profile breaches (Bitfinex, SBC Global, Rutgers, Coinmoma) in order to promote their tool, which they claim can enable others to carry out similar assaults and potentially earn substantial sums of money.
Here a message from a security researcher (that instead of panicking, trying to dig a bit more into it).
“I believe I start to understand what is happening and why they are sending these messages claiming you were hacked.
The message in the screenshot in the ticket came from a… pic.twitter.com/YjwG2eeXw2— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024
He also questioned why the hackers needed to sell a hacking tool for $299 if they had actually penetrated Bitfinex and obtained valuable data.
Disclaimer: The information provided on Cryptonewsmart is based on the opinions of quoted writers and does not reflect the views of Cryptonewsmart regarding investment decisions. It is recommended that you conduct your research before making any investment choices. Please use the information provided at your own risk. For more information, please refer to our Disclaimer.
Sign up now to receive our weekly Free newsletter and stay informed about cryptocurrency.
If you have any questions, feel free to reach out to us on our social media platforms. We will do our best to respond promptly after you follow us.
