Paolo Ardoino, Chief Technology Officer of Bitfinex, has done just that debunked rumors that the crypto exchange recently suffered a database exploit.
Over the weekend, several reports suggested there was a possible database breach involving 22,500 records of Bitfinex users’ emails and passwords.
However, Ardoino thought that the alleged breach was likely fake, and stated that only a small percentage of the leaked information matched exchange users, adding that the company “does not store plaintext passwords, nor 2FA secrets in clear text.”
Additionally, Ardoino questioned the legitimacy of the hackers’ claims, noting their failure to contact the exchange directly. According to him, the hacker group announced the breach on April 25, but Bitfinex was only informed of the incident a day before the deadline.
Ardoino added:
“Several security researchers rushed to hype the breach. But from what we could gather, the hackers collected a database of emails/passwords that were likely from various crypto breaches. Unfortunately, most users use the same email/passwords on multiple sites.”
Nevertheless, the CTO vowed to “continue to review the information to ensure nothing remains unanswered.”
Meanwhile, Alice from Shinoji Research, one of the accounts that promoted the Bitfinext database leak claim, has retracted the statement. She wrote:
“Deleted the original BFX hack post because I can’t edit it. What appears to have happened is that this ‘Flocker’ group has compiled a list of BitFinex notifications of other breaches. Then they made the site look like a ransom demand for a major breach.”
Alice further noted that the hackers exploited the rumor to generate hype around their activities and attract potential investors for future hacks.
“Instead, it seems like the plan is to boost their business so people can ‘invest’ in future hacks. They are probably not related to the real FLocker group from a few years ago,” Alice added.