The ransomware group claims to have targeted Bitfinex, but the cryptocurrency exchange’s top executives have denied that a cyberattack occurred.
A notorious group known as the F Society is causing concern throughout the cryptocurrency community after successfully breaching Bitfinex and claiming to have accessed a whopping 2.5 terabytes of information, including the personal information of approximately 400,000 Bitfinex users.
See below.
In response to these claims, Bitfinex CTO and Tether CEO Paolo Ardoino addressed the situation directly with X.
“Everyone is panicking about the potential database breach at bitfinex. Tldr: It looks fake,” Ardoino posted on social media.
However, according to Shinoji Research, F Society uploaded a page to the Onion site along with two Mega links to text files containing partial dumps of usernames and plaintext passwords.
However, Ardoino noted that Bitfinex’s storage system lacks plaintext passwords and two-factor authentication (2FA) secrets.
The ransomware group threatened to escalate the situation by leaking Know Your Customer (KYC) documents to all users if their demands for a “substantial payment” were not met.
Given the amount of data they claim to possess, it is suggested that they have access to KYC documents spanning Bitfinex’s entire operational history.
The leaked data reportedly includes email domains, with one domain of particular interest being coinfarm.co.za. However, most domains appear to be public rather than corporate, indicating that hackers are likely to be selective.
.
In his post, Ardoino tried to allay fears, suggesting the breaches concerned may be unfounded.
“Various security researchers rushed to overestimate the breach,” he said. “However, based on the information we can gather, hackers have compiled a database of emails/passwords that likely originate from various cryptocurrency breaches. Unfortunately, most users use the same email/password on multiple sites.”
Bitfinx is conducting a “deep dive” into its systems and “no violations have been discovered at this time,” Ardoino said, adding that it is “pure FUD.”
Ardoino also noted inconsistencies in the leaked data, such as not all of the email addresses matching Bitfinex users. He questioned the legitimacy of the hackers’ claims, noting that they did not contact Bitfinex through established channels to report vulnerabilities or demand ransom.
Ardoino also revealed the possibility that the leaked data could be attributed to various encryption breaches, as many users tend to reuse email and password combinations across multiple platforms.
Ardoino also highlighted strong rate limiting measures for KYC platforms that prevent bulk downloads of sensitive information.
Meanwhile, in a separate post, Ardoino shared insights from security researchers who speculated that the hack may have been a ruse to advertise hacking tools for sale.
The message reportedly originated from a Telegram channel, suggesting that it could be a marketing ploy to promote the efficacy of the tool if claims of a breach by Bitfinex spread.
In light of these developments, Ardoino has raised questions in the cryptocurrency community regarding the possibility that some of the valid emails of cryptocurrency users may have been collected in previous breaches. “If someone collects a database of 100,000 emails that clearly belong to people in the cryptocurrency industry (collected from all previous cryptocurrency hacks), what are the chances that 20% of them are valid emails from some cryptocurrency exchange?” Bitfinex CTO asked.
We reached out to Bitfinex for comment on the alleged violations, but they did not respond.