Paolo Ardoino suggests that the breach claims might be exaggerated or fabricated as a strategy to advertise the effectiveness of a hacking tool.
Bitfinex has been thrust into the spotlight recently after a ransomware group, named “FSOCIETY,” claimed to have gained access to 2.5TB of the exchange’s data and the personal details of 400,000 users. In response to the allegations, Bitfinex CTO Paolo Ardoino clarified that the claims of a database hack appear to be “fake” and assured user funds remain secure.
Ardoino found out there were data discrepancies and user data mismatches in the hacker’s posts.
The hackers posted sample data containing 22,500 records of emails and passwords. However, according to Paolo, Bitfinex does not store plain-text passwords or two-factor authentication (2FA) secrets in clear text. Additionally, of the 22,500 emails in the leaked data, only 5,000 match Bitfinex users.
According to him, it could be a common issue in data security: users often reuse the same email and password across multiple sites, which might explain the presence of some Bitfinex-related emails in the dataset.
Another highlight is the lack of communication from the hackers. They did not contact Bitfinex directly to report this data breach or to negotiate, which is atypical behavior for ransomware attacks that typically involve some form of ransom demand or contact.
Moreover, information about the alleged hack was posted on April 25, but Bitfinex only became aware of the claim recently. Paolo said if there had been any genuine threat or demand, the hackers would have likely used Bitfinex’s bug bounty program or customer support channels to make contact, none of which occurred.
Removed the original BFX hack post as I'm not able to edit it. What appears to have happened is this "Flocker" group curated a list of BitFinex logins from other breaches.
They then made the site look like a ransom demand for a major breach.
— Alice (e/nya)🐈⬛ (@Alice_comfy) May 4, 2024
In a separate post on X, Ardoino suggested that the real motive behind the exaggerated breach claims is to sell the hacking tool to other potential scammers.
The idea is to generate buzz around these high-profile (Bitfinex, SBC Global, Rutgers, Coinmoma) hacks to promote their tool, which they allege can enable others to carry out similar attacks and potentially make large sums of money.
Additionally, he questioned why the hackers would need to sell a hacking tool for $299 if they had really accessed Bitfinex and obtained valuable data.