Alleged Data Breach at This Giant Cryptocurrency Exchange: Response!
As the cryptocurrency market gains momentum again, hacking news continues to come from the market. In a hot development, there are claims that Bitfinex suffered a data breach. Accordingly, the exchange suffered a data breach involving 2.5 TB of data and 400,000 customer information. Bitfinex, meanwhile, did not provide any confirmation on the matter. However, Tether CEO and Bitfinex CTO Paolo Ardoino made a statement that the data breach may not be true.
Allegation: Cryptocurrency exchange suffered serious data breach!
According to on-chain detective Shinoji Research, a data breach occurred at Bitfinex, potentially affecting 400,000 users and resulting in the theft of 2.5 terabytes of data. It should be noted that Bitfinex has not yet confirmed this information. Shinoji Research claimed that the FSociety ransomware group was responsible for the attack. It also stated that it provided links to a page containing plain text passwords with usernames.
Allegedly, the size of the stolen data means that the hackers had access to all of Bitfinex’s KYC documents since its inception. Meanwhile, the hackers threatened to leak all users’ KYC documents if their demands were not met. In addition, a follower of Shinoji Research tested one of the passwords in the breach. Thus, he received a 2-factor authentication alert confirming the validity of the breach.
Is the Bitfinex data leak a fake event?
After the development hit the news, Tether CEO and Bitfinex CTO Paolo Ardoino made a lengthy statement on the X platform. Ardoino argued that the Bitfinex data leak was likely a fake event. He cited the following points as justification for this assertion:
- The sample data includes 22,500 email and password records.
- Bitfinex does not store plaintext passwords, nor does it store 2FA passwords in plaintext.
- Only 5,000 of the 22,500 emails match Bitfinex users.
- The suspected hackers have not contacted Bitfinex. If they have any real information, they will contact Bitfinex via bug bounties, customer support tickets, etc.
Bitfinex CTO: This is a FUD, funds are safe!
Meanwhile, Bitfinex CTO said, “While we believe this is pure FUD, we will continue to review the information to make sure nothing has been missed. The funds are safe. Their post was published on April 25th and they were given 7 days to contact them. However, we only became aware of this claim yesterday. If they had real information, they would have requested a ramson via our bug bounty, customer support ticket, emails, twitter, etc. We could not find any request.” In addition to these, he underlined the following points:
Different safety researchers have rushed to exaggerate the breach. Yet from what we can gather, the hackers probably collected an email/password database from different crypto breaches. Unfortunately, most of the users use the same email/passwords on multiple sites. We are doing a deep analysis on our systems and at the moment no breach has been detected.