Bitfinex chief technology officer Paolo Ardoino has definitively refuted recent allegations of a data breach involving the cryptocurrency exchange, describing the claims as “fake.” Ardoino confirmed that an internal review was conducted to verify the integrity of Bitfinex’s user database after the rumors emerged.
“As I said on Saturday, Bitfinex’s user database was not breached. We spent the weekend reviewing all internal data to avoid leaving any stone unturned. We concluded that the claim was fake, as suspected from the beginning,” he said.
The false reports originated from a tweet by Alice of Shinoji Research, who alleged a large-scale data breach based on claims from a hacking group called FSociety on April 26. The now-deleted tweet suggested that Bitfinex’s database, comprising 2.5 terabytes of information and personal details of 400,000 users, had been compromised.
This information was picked up by Walter Bloomberg, a breaking news account with over 732,000 followers, who shared the report citing Shinoji Research. However, Alice has since retracted the allegations, acknowledging that the tweet was premature. “Removed the original BFX [Bitfinex] hack post as I’m not able to edit it,” she said. According to her, the group known as “Flocker” curated a list of Bitfinex logins from other breaches and presented it as part of a major ransom demand.
Ardoino reiterated that Bitfinex’s user database remained secure and that the alleged hackers posted lists of stolen emails and passwords from unrelated breaches. “Unfortunately, many users use the same email/password across many services, including crypto exchanges,” Ardoino noted.
FSociety, a hacking group styled after the fictional group in the TV show Mr. Robot, claimed on its dark web page on April 26 that it successfully hacked multiple targets, including Rutgers University, consulting firm SBC Global, and cryptocurrency exchange “Coinmoma,” which is presumed to be a misspelling of Coinmama.
The group also claimed to have hacked Binance on the same day. However, none of the organizations allegedly affected by the hacks have acknowledged a data breach or confirmed any payment of ransom. Bitfinex Chief Technology Officer Paolo Ardoino said the exchange had not received direct communication from FSociety regarding any data breach.
Ardoino, who is also the CEO of Tether, shared a message from a security researcher suggesting that FSociety may be using the claimed hacks to promote its ransomware tools. The group sells access to these tools through a subscription model and takes a commission on stolen profits.
“If they truly hacked Bitfinex, do they really need to sell stuff for $299?” Ardoino remarked, casting doubt on the group’s claims.
Bitfinex was infamously hacked in 2016, resulting in a massive loss of funds. Two individuals, including the so-called “crypto rapper” Razzlekhan, pleaded guilty to money laundering charges related to the hack, forfeiting over 95,000 Bitcoin to the government.
