Crypto Exchange Bitfinex Denies Security Breach Rumors 🛡️
Bitfinex CTO Paolo Ardoino recently addressed claims of a security breach at the exchange, dismissing them confidently. Rumors had been circulating regarding a potential database leak containing 22,500 email and password records allegedly from Bitfinex users.
Clarification from Bitfinex CTO
Ardoino stated that the evidence provided by the alleged hackers did not match Bitfinex’s data handling procedures. He highlighted a significant disparity in the data, noting that only around 5,000 of the 22,500 emails aligned with Bitfinex user accounts. This discrepancy suggested that if the records were indeed from Bitfinex, a complete match would be expected.
- Bitfinex does not store plaintext passwords or 2FA secrets in clear text.
- Only 5,000 out of the 22,500 emails matched Bitfinex users.
“We don’t store plaintext passwords, nor 2FA secrets in clear text. [And] only 5,000 of 22,500 emails are matching with Bitfinex users. If that was part of our database, we would expect 100% matching,” Ardoino stated.
The timing and approach of the hackers’ claim raised suspicions about its legitimacy. Ardoino highlighted that the hackers had not directly contacted Bitfinex. Their claim was made public on April 25, with a seven-day response window, which Bitfinex only became aware of a day before the deadline.
“If they had any real information, they would have asked for a ransom through our bug bounty program, customer support ticket, emails, or Twitter,” Ardoino explained.
Response from Security Experts
Various security experts quickly reacted to the alleged breach without substantial evidence. Shinoji Research, for instance, claimed that 2.5 terabytes of customer data had been leaked. However, Bitfinex’s initial investigations indicated that the database was likely a compilation of information from different cryptocurrency breaches.
Ardoino pointed out that it is common for users to reuse email and password combinations across multiple platforms, potentially explaining the overlap in data.
Read more: Crypto Project Security: A Guide to Early Threat Detection
Commitment to Review and Analysis
As Bitfinex continues to conduct a thorough review and system analysis, Ardoino assured users and stakeholders, stating, “While we believe this is pure FUD, we’ll keep reviewing information to ensure no stone remains unturned.”
By
By
By