Bitfinex CTO confirms no data breach, cites fake allegations
Bitfinex Chief Technology Officer Paolo Ardoino has confirmed that recent data breach allegations involving the cryptocurrency exchange were unfounded.
Ardoino, addressing the rumors, stated unequivocally that Bitfinex’s user database remains secure following a thorough internal review over the weekend.
The allegations surfaced last Saturday when Alice of Shinoji Research posted that Bitfinex had suffered a significant data breach. The post, later deleted, was based on assertions from a hacking group, FSociety, which claimed responsibility for the supposed breach on April 26. The tweet suggested that about 2.5 Terabytes of data and personal details of 400,000 users had been compromised.
Ardoino’s review of Bitfinex’s systems revealed no evidence of a breach. The CTO explained that the data in question was not extracted from Bitfinex’s servers but was instead compiled from previous unrelated breaches. The compilation was misrepresented as a breach of Bitfinex, leveraging recycled credentials to create a false alarm.
Alice of Shinoji Research has since retracted the initial claim, clarifying the misunderstanding in a follow-up statement. She indicated that the information was erroneously presented as a new incident while it involved old data from various breaches collected by another group known as Flocker. The misrepresentation was intended to simulate a ransom demand, exploiting the fears of a major breach.
Ardoino believes this incident stresses the risks of reusing passwords across multiple platforms, a common practice that can lead to security vulnerabilities. He took the opportunity to urge users to employ unique passwords for different services to enhance security, especially on platforms handling sensitive financial information.