The hacker organisation would have requested a ransom if they were being truthful, according to Bitfinex CTO Paolo Ardoino, but he “couldn’t find any request.”
Paolo Ardoino, chief technical officer of Bitfinex, said that the hacker organisation FSOCIETY’s allegations that they breached Bitfinex’s database and stole 22,500 client emails and passwords “seems fake.”
“They would have contacted a Ramson through our bug bounty, customer support tickets, emails, Twitter, etc. if they had any actual information.” In a post on May 4 on X, Ardoino asserted, “We couldn’t find any requests.” He clarified, “We don’t store 2FA secrets in clear text or plaintext passwords.”
Adoino explained that just 5,000 of the 22,500 email and password records matched Bitfinex users. He made the argument that it is more likely that the hackers obtained their information from other crypto data breaches.
He clarified, “Unfortunately, most users use the same email address and password on multiple websites.” In addition, he distributed a message from a security researcher who thinks the hackers were using Bitfinex as a means of promoting a hacking tool for data retrieval.
“Therefore, by spreading the word about successfully breaking into a university or well-known company, they are promoting the quality of their tool and encouraging others to purchase it in order to use it to exploit companies and profit millions of dollars.”
Users were given the assurance by Ardoino that they would continue to look into the matter, but that as of right now, no breach has been found and all “funds are safe.” Bitfinex has previously been under investigation for possible data breaches.
An information security incident involving a hacked customer service representative at Bitfinex was disclosed in November 2023. As a result, Bitfinex users were the focus of several phishing attempts, albeit Bitfinex claimed that minimal damage was done.
Meanwhile, 119,576 clients’ Bitcoin, valued at around $70 million at the time and $7.6 billion today, were lost due to a security compromise that occurred at Bitfinex in 2016.