Paolo Ardoino, the chief technology officer of Bitfinex, has dismissed claims that Bitfinex has been breached as “pure FUD [fear, uncertainty and doubt].” A report by Shinoji Research suggested that the ransomware group, Fsociety, might have access to every Know Your Customer (KYC) document since Bitfinex’s inception. A security researcher suggested that these claims might be part of a scheme to attract the attention of scammers who could be interested in the ransomware group’s hacking tools.
Bitfinex CTO Dismisses Breach Claims as ‘Pure FUD,’ Says No Group Has Asked for Ransom
This article was published more than a year ago. Some information may no longer be current.
WRITTEN BY
SHARE
No Breach Detected
Paolo Ardoino, the CTO of Bitfinex, has branded claims that the crypto exchange was breached by the ransomware group Fsociety as “pure FUD.” In a post on May 4, Ardoino said a “deep analysis” of Bitfinex’s systems detected no breach. He suggested that the database of emails and passwords published by the hacker group likely originated from different crypto breaches.
Everyone panicking for a potential database breach on bitfinex.
Tldr: seems fake.The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords.
– we don't store plaintext passwords, nor 2FA secrets in clear text.
– only 5k of 22.5k…— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024
Still, in his statement, Ardoino acknowledged that users might have been alarmed by claims that Fsociety had gained access to 2.5 terabytes of the crypto exchange’s data and the personal details of 400,000 users. According to a report by Shinoji Research, the hacker group also claimed to have uploaded two mega links leading to a text file containing a partial dump of usernames and plaintext passwords.
The report also suggested that the hacker group might have access to every Know Your Customer (KYC) document since the inception of the exchange. To substantiate the hacker group’s claims, the report mentioned that one Bitfinex user attempted to use the leaked password and was prompted for a two-factor authentication code.
Scammers Market Tools to Fellow Scammers
However, in his rebuttal of these claims, Ardoino highlighted that the hacker group had not made contact for seven days following the breach. Ardoino argued that if the hacker group possessed any substantial information, they should have attempted to secure a ransom through Bitfinex’s bug bounty program, customer support tickets, emails, or the social media platform X.
To further substantiate his argument that the claims could be a FUD, the CTO referenced the comments that were shared by an unnamed security researcher. Besides appearing to dismiss the breach claims, the security researcher said the people behind the said breach did so to attract the attention of scammers. The security researcher explained:
So by creating a buzz about successfully hacking well-known companies / a university, it is an advertisement of how good their tool is and others should buy it so they can make millions of dollars by using it to exploit companies using this tool.
An updated version of a report from Shinoji Research appears to share the conclusion of the unnamed security researcher.
What are your thoughts on this story? Share your opinions in the comments section below.
