Bitfinex CTO denies new allegations of user data hack, assures funds are secure

Bitfinex has been thrust into the spotlight recently after a ransomware group, named “FSOCIETY,” claimed to have gained access to 2.5TB of the exchange’s data and the personal details of 400,000 users. In response to the allegations, Bitfinex CTO Paolo Ardoino clarified that the claims of a database hack appear to be “fake” and assured user funds remain secure.

According to him, it could be a common issue in data security: users often reuse the same email and password across multiple sites, which might explain the presence of some Bitfinex-related emails in the dataset.

Ardoino also found out there were data discrepancies and user data mismatches in the hacker’s posts.

The hackers posted sample data containing 22,500 records of emails and passwords. However, according to Paolo, Bitfinex does not store plain-text passwords or two-factor authentication (2FA) secrets in clear text. Additionally, of the 22,500 emails in the leaked data, only 5,000 match Bitfinex users.

Another highlight is the lack of communication from the hackers. They did not contact Bitfinex directly to report this data breach or to negotiate, which is atypical behavior for ransomware attacks that typically involve some form of ransom demand or contact.

Moreover, information about the alleged hack was posted on April 25, but Bitfinex only became aware of the claim recently. Paolo said if there had been any genuine threat or demand, the hackers would have likely used Bitfinex’s bug bounty program or customer support channels to make contact, none of which occurred.

“The alleged hackers didn’t contact us. If they had any real information they would have asked a ramson through our bug bounty, customer support ticket etc. We couldn’t find any request,” wrote Ardoino.

Bitfinex has conducted a thorough analysis of its systems and, so far, has not found any evidence of a breach. Paolo said the team would continue to review and analyze all available data to ensure that nothing is overlooked in their security assessments.

After news of a potential breach broke out, Shinoji Research, an X user, confirmed the authenticity of the leak. The user said he tried one of the passwords in the leaked information and received a 2FA.

However, at press time, he removed his post and corrected the previous information.

Removed the original BFX hack post as I’m not able to edit it. What appears to have happened is this “Flocker” group curated a list of BitFinex logins from other breaches.

They then made the site look like a ransom demand for a major breach.

— Alice (e/nya)🐈‍⬛ (@Alice_comfy) May 4, 2024

In a separate post on X, Ardoino suggested that the real motive behind the exaggerated breach claims is to sell the hacking tool to other potential scammers.

The idea is to generate buzz around these high-profile (Bitfinex, SBC Global, Rutgers, Coinmoma) hacks to promote their tool, which they allege can enable others to carry out similar attacks and potentially make large sums of money.

Here a message from a security researcher (that instead of panicking, trying to dig a bit more into it).

“I believe I start to understand what is happening and why they are sending these messages claiming you were hacked.
The message in the screenshot in the ticket came from a… pic.twitter.com/YjwG2eeXw2

— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024

Additionally, he questioned why the hackers would need to sell a hacking tool for $299 if they had really accessed Bitfinex and obtained valuable data.