Bitfinex CTO Dispels FUD, Refutes Data Breach By Ransomware Group

As a researcher with extensive experience in the cryptocurrency and cybersecurity industries, I find the recent claims of a Bitfinex data breach by FSOCIETY intriguing but highly suspicious. Based on the available information and the responses from Bitfinex CTO Paolo Ardoino, it seems that the ransomware group’s claims might be a marketing strategy to sell their tools or services.


Recently, there have been allegations of a major data breach at Bitfinex, with the hacking collective FSOCIETY being accused as the culprits. However, Paolo Ardoino, the exchange’s CTO, has refuted these claims, stating that no such incident has occurred.

As a security analyst, I’d rephrase it as follows: On April 26th, FSOCIETY made a declaration on their dark web platform that they had managed to bypass security protocols and acquired confidential information from various entities. Among the affected organizations were Bitfinex, Rutgers University, and what appeared to be a misspelled version of Coinmama (possibly referring to the crypto exchange of the same name).

FSOCIETY issued a warning to targeted organizations, demanding a significant payment within a week to prevent the dissemination of confidential information. Yet, after this timeframe had passed, no institution has acknowledged a data breach or disclosed any ransom payments.

Bitfinex CTO Responds To Data Breach Rumors

On Saturday, May 4th, Bitfinex Chief Technology Officer Paolo Ardoino announced via the X platform that there had been an alleged intrusion into Bitfinex’s servers and security system. However, Ardoino clarified that Bitfinex hadn’t received any direct communication from the ransomware group regarding a data breach. They became aware of the claim on Friday, May 3rd.

Everyone panicking for a potential database breach on bitfinex.Tldr: seems fake.

The individuals accused of hacking have shared two links, each containing approximately 1 million records. However, our system doesn’t store plaintext passwords or two-factor authentication secrets in their original form. Among the data leaked, around 5,000 records might potentially pose a risk to our users.

— Paolo Ardoino (@paoloardoino) May 4, 2024

As an analyst, I’ve come across Ardoino’s statement where he is both the CEO of Tether and revealed that out of the reportedly stolen 22,500 Bitfinex customer emails, only around 5,000 correspond to actual Bitfinex users. Ardoino posits that these emails and passwords might have been amassed by hackers through various crypto heists rather than a targeted attack on Bitfinex.

Ardoino added in his post:

The majority of users regretfully employ the same email addresses and passwords for various websites. After conducting thorough investigations, we have not identified any current security breaches. Additionally, our Know Your Customer (KYC) system imposes stringent rate limits, making it impossible to download information in large quantities.

The Bitfinex CTO dismissed data breach speculations as unfounded fears, expressing their commitment to thoroughly examine the situation to leave no detail unexplored. Ardoino further reassured exchange users that their funds remained secure.

Data Breach Claim Was A Marketing Strategy: Security Researcher

In his latest post about X, Paolo Ardoino disclosed a finding from an anonymous security expert regarding the alleged data breach. The expert claimed that FSOCIETY’s announcement of the breach was actually a deceitful tactic to promote their ransomware offerings.

Bitfinex CTO Dispels FUD, Refutes Data Breach By Ransomware Group

The researcher’s message read:

I’m beginning to grasp the situation and the reason behind the messages claiming I’ve been hacked. The message in the screenshot from the support ticket originated from a Telegram channel, which I won’t discuss here to avoid promoting them. In that channel, it appears they are attempting to sell the tool they claim was used to hack Bitfinex and Rutgers.

Upon discovering this information, I, as an analyst, pondered over the validity of their assertions regarding hacking various organizations. I questioned, “If they genuinely hacked Bitfinex, then why do they feel the need to sell items for 299 dollars?” as the CTO, Ardoino, expressed.

Bitfinex CTO Dispels FUD, Refutes Data Breach By Ransomware Group

Read More

2024-05-05 11:12