Back to the list

Tether CEO responds to alleged Bitfinex database attack from ‘F Society’

source-logo  crypto.news 04 May 2024 19:56, UTC

A ransomware group claims to have targeted Bitfinex, but top brass at the cryptocurrency exchange deny that a cyberattack occurred.

The notorious group known as F Society is raising concerns across the cryptocurrency community after it claimed to have successfully breached Bitfinex and gained access to a staggering 2.5 terabytes of information, including the personal details of approximately 400,000 Bitfinex users.

See below.


FSOCIETY hacking group claims four attacks: Bitfinex and Rutgers University among the victims.

The ransomware group FSOCIETY has returned with a new data leak site and claims 4 attacks:

– Bitfinex: "We have successfully breached your security measures and… pic.twitter.com/hxwbrTiapb

— HackManac (@H4ckManac) May 3, 2024

In response to the allegations, Tether CEO Paolo Ardoino, who is also the Bitfinex CTO, took to X to address the situation directly

“Everyone panicking for a potential database breach on bitfinex. Tldr: seems fake,” Ardoino posted on social media.

But, according to Shinoji Research, F Society has uploaded a page on their onion site, accompanied by two Mega links leading to a text file containing a partial dump of usernames and plaintext passwords.

Yet, Ardoino cited the absence of plaintext passwords and two-factor authentication (2FA) secrets in Bitfinex’s storage systems.

Tether CEO responds to alleged Bitfinex database attack from 'F Society' - 1
Source: Shinoji Research

The ransomware group has threatened to escalate the situation by leaking know-your-customer (KYC) documents to all users if their demands for a “substantial payment” were not met.

Given the volume of data claimed to be in their possession, it is suggested that they might have access to KYC documents spanning Bitfinex’s entire operation history.

The leaked data reportedly contains email domains, with one domain, coinfarm.co.za, drawing particular interest. However, most of the domains appear to be public rather than corporate, indicating a potential selective curation by the hackers.

You might also like: BTC-e founder pleads guilty to laundering stolen Bitcoin


Everyone panicking for a potential database breach on bitfinex.
Tldr: seems fake.

The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords.
– we don't store plaintext passwords, nor 2FA secrets in clear text.
– only 5k of 22.5k…

— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024

In his posts, Ardoino sought to allay fears, suggesting that the purported breach may be unfounded.

“Different security researchers rushed to hype the breach,” he said. “Yet from what we could gather, the hackers collected a database of emails/passwords likely from different crypto breaches. Most of users unfortunately use same email/passwords across multiple sites.”

Bitfinx is conducting a “deep analysis” of its systems and “no breach was found currently,” Ardoino added, calling it “pure FUD.”

Furthermore, Ardoino pointed out discrepancies in the leaked data, such as only a fraction of the email addresses matching Bitfinex users. He questioned the legitimacy of the hackers’ claims, noting their failure to contact Bitfinex through established channels for reporting vulnerabilities or seeking ransom.

Ardoino also shed light on the possibility that the leaked data could be aggregated from various crypto breaches, as many users tend to reuse email and password combinations across multiple platforms.

Additionally, Ardoino emphasized the robust rate-limiting measures in place for the KYC platform, which would prevent bulk downloading of sensitive information.

Meanwhile, in a separate post, Ardoino shared insights from a security researcher who speculated that the purported hack may be a ploy to advertise a hacking tool for sale.

Here a message from a security researcher (that instead of panicking, trying to dig a bit more into it).

"I believe I start to understand what is happening and why they are sending these messages claiming you were hacked.
The message in the screenshot in the ticket came from a… pic.twitter.com/YjwG2eeXw2

— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024

The message allegedly originated from a Telegram channel, suggesting that the dissemination of claims regarding Bitfinex’s breach could serve as a marketing tactic to promote the tool’s efficacy.

In light of these developments, Ardoino posed a question to the crypto community regarding the likelihood of some of the valid emails belonging to crypto users compiled from previous breaches. “If someone compiles a database of 100k emails clearly belonging to people in crypto (collected from all previous crypto hacks), how likely is it that 20% of those are valid emails on some crypto exchange?” The Bitfinex CTO asked.

We reached out to Bitfinex for comment regarding the alleged breach, but they had not responded.

Read more: ZKasino rug pull suspect detained in Netherlands