Bitfinex's Chief Technology Officer, Paolo Ardoino, refuted claims made by the hacking group Fsociety alleging a breach of the cryptocurrency exchange's database and the subsequent leak of 22,500 customer emails and passwords. Ardoino dismissed the claims as false, stating that if the hackers possessed legitimate information, they would have pursued ransom through various channels such as bug bounty programs, customer support tickets, email, or social media platforms like Twitter. According to Ardoino, Bitfinex found no such requests.
Furthermore, Ardoino emphasized Bitfinex's security measures, asserting that the exchange does not store passwords or two-factor authentication (2FA) secrets in clear text. He clarified that out of the purported 22,500 email and password records leaked, only 5,000 matched Bitfinex users. Ardoino speculated that hackers likely obtained the data from other encrypted data breaches, highlighting the common practice among users of utilizing the same email and password across multiple platforms.
In addition to Ardoino's statements, he shared insights from a security researcher suggesting that the alleged breach announcement by Fsociety might be a ploy to promote data retrieval hacking tools. This aligns with the skepticism surrounding the authenticity of the claims made by the hacking group.
The recent incident is not the first time Bitfinex has encountered scrutiny over potential data breaches. In November 2023, the exchange experienced a minor security incident involving a customer support agent who was hacked, leading to phishing attacks targeting Bitfinex users. Despite the incident, Bitfinex downplayed the impact, stating that minimal damage occurred.
Bitfinex's history includes a significant security breach in 2016, resulting in the loss of 119,576 Bitcoins belonging to customers, valued at approximately $70 million at the time. Had the breach occurred at current prices, the loss would amount to around $7.6 billion. This incident underscores the ongoing challenges and risks faced by cryptocurrency exchanges in safeguarding user data and assets amidst evolving cyber threats.
