Bitfinex CTO denies rumours of massive hacking of Bitfinex users

Almost two weeks after the shocking allegations made by hacker group FSOCIETY, which claimed to have compromised the data of over 400,000 users on crypto exchange platform Bitfinex, the company’s CTO Paolo Ardoino has finally broken his silence. In a recent statement, he firmly refuted the accusations, assuring that after a careful analysis of the platform’s systems, no tangible evidence of a security breach has been discovered to date.

Platform denies allegations by hacker group FSOCIETY Bitfinex

Last month, the hacker group FSOCIETY whose name is inspired by the famous TV series Mr. Robot, claimed on the dark web to have successfully carried out attacks against several targets, including the Bitcoin exchange platform Bitfinex.

The hackers claimed to have compromised the data of over 400,000 users and gained access to more than 2.5 terabytes of sensitive information. They threatened to make this data public if Bitfinex did not meet their requirements within seven days.

To prove their point, the hackers leaked a file containing a sample of usernames and passwords in clear text. This revelation caused panic among the platform’s users, who feared for the security of their accounts and funds.

However, Paolo Ardoino, CTO of Bitfinex expressed skepticism about the veracity of these allegations. In a series of tweets, he stated that an in-depth analysis of the platform’s systems was underway, but no significant security breach had been identified to date. He also pointed out that only 5,000 of the 22,500 e-mails and passwords disclosed by Fsociety were indeed legitimate users of Bitfinex.

Several troubling elements call into question the authenticity of the claims made by Fsociety. First, Bitfinex claims not to have received any ransom demands from the hackers, whether via their bug bounty program, their customer support or their various communication channels on social networks. This lack of contact is surprising, given that the group had given a 7-day ultimatum to Bitfinex to contact them.

In addition, among the other companies allegedly targeted by Fsociety such as Rutgers University or SBC Globalnone has yet publicly confirmed that it has been a victim of hacking or that they have given in to a ransom demand. In view of these inconsistencies, some IT security experts speculate that the real aim of Fsociety would actually be promoting their own ransomware tools. They would thus seek to sell access to these malicious tools through subscriptions, taking advantage of the notoriety generated by their alleged attack on Bitfinex.

Bitfinex, a prime target for hackers?

Not for the first time, the security of Bitfinex is put to the test. In 2016, the platform was hacked resulting in the theft of 119,576 bitcoins belonging to customers, equivalent to $7.6 billion at current prices. Two people have since pleaded guilty to money laundering in connection with this case.

More recently, in November 2022, the account of a customer support agent Bitfinex had been hacked, paving the way for phishing attempts targeting users. The incident caused minimal damage, however, according to the platform.

Although Fsociety’s claims have cast doubt, Bitfinex is reassuring that it has detected no tangible evidence of a massive hack at this stage. Nevertheless, the platform is calling on its users to be vigilant and strengthen the security of their accounts by immediately activating double authentication, an essential measure to prevent unauthorized access. In the meantime, an in-depth investigation is continuing to determine the veracity of the hackers’ claims and to shed full light on the affair.