Bitfinex CTO confirms no data breach, cites fake allegations

As a crypto investor with several years of experience in the market, I’ve learned to be cautious and vigilant when it comes to news regarding exchanges and their security. So when I heard about the alleged data breach at Bitfinex, I was immediately concerned and took steps to secure my own holdings on the platform.

Paolo Ardoino, the CTO of Bitfinex, has dispelled rumors of a data breach at the cryptocurrency exchange, assuring that no such incident had occurred.

As a concerned crypto investor, I want to address the recent rumors circulating about Bitfinex’s user database security. Following intense speculation over the weekend, I am pleased to report that after a comprehensive internal review, I can confirm with certainty that our user database remains secure and intact.

Last Saturday, allegations emerged that Bitfinex experienced a major data breach. This information came from Alice at Shinoji Research, who shared the news in a post, which was subsequently removed. The post was instigated by claims from the hacking group, FSociety, announcing their responsibility for the breach on April 26th. According to their statement, approximately 2.5 Terabytes of data and personal details of around 400,000 users were believed to have been stolen.

It was fake.

— Paolo Ardoino 🍐 (@paoloardoino) May 6, 2024

As a researcher examining Ardoino’s review of Bitfinex’s systems, I found no indications of a recent hack or breach in their systems based on the evidence presented. However, upon further investigation, I discovered that the data used in the review was not obtained directly from Bitfinex’s servers but rather from previous, unrelated security incidents. The way this information was communicated created confusion and led to the misperception of a new breach at Bitfinex. In reality, the recycled credentials from past incidents were manipulatively used to trigger false alarm.

Alice from Shinoji Research has corrected her earlier announcement, explaining in a subsequent statement that the supposed new incident actually consisted of outdated information from multiple past data breaches. This information had been misleadingly presented as a fresh security threat by a different group called Flocker, with the intention of creating a false sense of urgency and panic.

This recent incident underscores the dangers of using the same password for various platforms, a prevalent habit that leaves users vulnerable to security breaches. Ardoino strongly advised users to adopt unique passwords for distinct services to bolster their security, particularly on those handling sensitive financial data.

Read More

2024-05-06 19:59