Bitfinex CTO confirms no data breach, cites fake allegations

Bitfinex Chief Technology Officer Paolo Ardoino confirmed that the latest data breach allegations regarding the cryptocurrency exchange are false.

Addressing the rumors, Ardoino made it clear that Bitfinex’s user database remains secure following a comprehensive internal review over the weekend.

The allegations emerged last Saturday when Alice from Shinoji Research posted that Bitfinex had suffered a significant data breach. The post, which was later deleted, was based on claims by FSociety, a hacking group that claimed responsibility for the alleged breach on April 26. The tweet claimed that approximately 2.5 Terabytes of data and personal information of 400,000 users had been compromised.

Ardoino’s review of Bitfinex’s systems revealed no evidence of breach. The CTO clarified that the data in question was not extracted from Bitfinex servers, but was instead compiled from previous unrelated breaches. The build was misrepresented as Bitfinex’s breach, leveraging recycled credentials to create a false alarm.

Shinoji Research’s Alice has since retracted the initial claim and clarified the misunderstanding in a follow-up statement. HE stated It turned out that the information was mistakenly presented as a new incident because it contained old data from various breaches collected by another group known as Flocker. The purpose of the misrepresentation was to simulate a ransom demand by exploiting fear of a massive breach.

Ardoino believes This incident highlights the risks of reusing passwords across multiple platforms; This is a common practice that can lead to security vulnerabilities. It took the opportunity to encourage users to use unique passwords for different services to increase security, especially on platforms where sensitive financial information is processed.