Tether CEO responds to alleged Bitfinex database attack from ‘F Society’

A ransomware group claims to have targeted Bitfinex, but top brass at the cryptocurrency exchange deny that a cyberattack occurred.

The notorious group known as F Society is raising concerns across the cryptocurrency community after it claimed to have successfully breached Bitfinex and gained access to a staggering 2.5 terabytes of information, including the personal details of approximately 400,000 Bitfinex users.

See below.

In response to the allegations, Tether CEO Paolo Ardoino, who is also the Bitfinex CTO, took to X to address the situation directly

“Everyone panicking for a potential database breach on bitfinex. Tldr: seems fake,” Ardoino posted on social media.

But, according to Shinoji Research, F Society has uploaded a page on their onion site, accompanied by two Mega links leading to a text file containing a partial dump of usernames and plaintext passwords.

Yet, Ardoino cited the absence of plaintext passwords and two-factor authentication (2FA) secrets in Bitfinex’s storage systems.

Source: Shinoji Research

The ransomware group has threatened to escalate the situation by leaking know-your-customer (KYC) documents to all users if their demands for a “substantial payment” were not met.

Given the volume of data claimed to be in their possession, it is suggested that they might have access to KYC documents spanning Bitfinex’s entire operation history.

The leaked data reportedly contains email domains, with one domain, coinfarm.co.za, drawing particular interest. However, most of the domains appear to be public rather than corporate, indicating a potential selective curation by the hackers.

.

In his posts, Ardoino sought to allay fears, suggesting that the purported breach may be unfounded.

“Different security researchers rushed to hype the breach,” he said. “Yet from what we could gather, the hackers collected a database of emails/passwords likely from different crypto breaches. Most of users unfortunately use same email/passwords across multiple sites.”

Bitfinx is conducting a “deep analysis” of its systems and “no breach was found currently,” Ardoino added, calling it “pure FUD.”

Furthermore, Ardoino pointed out discrepancies in the leaked data, such as only a fraction of the email addresses matching Bitfinex users. He questioned the legitimacy of the hackers’ claims, noting their failure to contact Bitfinex through established channels for reporting vulnerabilities or seeking ransom.

Ardoino also shed light on the possibility that the leaked data could be aggregated from various crypto breaches, as many users tend to reuse email and password combinations across multiple platforms.

Additionally, Ardoino emphasized the robust rate-limiting measures in place for the KYC platform, which would prevent bulk downloading of sensitive information.

Meanwhile, in a separate post, Ardoino shared insights from a security researcher who speculated that the purported hack may be a ploy to advertise a hacking tool for sale.

The message allegedly originated from a Telegram channel, suggesting that the dissemination of claims regarding Bitfinex’s breach could serve as a marketing tactic to promote the tool’s efficacy.

In light of these developments, Ardoino posed a question to the crypto community regarding the likelihood of some of the valid emails belonging to crypto users compiled from previous breaches. “If someone compiles a database of 100k emails clearly belonging to people in crypto (collected from all previous crypto hacks), how likely is it that 20% of those are valid emails on some crypto exchange?” The Bitfinex CTO asked.

We reached out to Bitfinex for comment regarding the alleged breach, but they had not responded.