Paolo Ardoino, the CTO of Bitfinex, has branded claims that the crypto exchange was breached by the ransomware group Fsociety as “pure FUD.” In a post on May 4, Ardoino said a “deep analysis” of Bitfinex’s systems detected no breach. He suggested that the database of emails and passwords published by the hacker group likely originated from different crypto breaches.
Everyone panicking for a potential database breach on bitfinex.
Tldr: seems fake.The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords.
– we don't store plaintext passwords, nor 2FA secrets in clear text.
– only 5k of 22.5k…— Paolo Ardoino 🍐 (@paoloardoino) May 4, 2024
Still, in his statement, Ardoino acknowledged that users might have been alarmed by claims that Fsociety had gained access to 2.5 terabytes of the crypto exchange’s data and the personal details of 400,000 users. According to a report by Shinoji Research, the hacker group also claimed to have uploaded two mega links leading to a text file containing a partial dump of usernames and plaintext passwords.
The report also suggested that the hacker group might have access to every Know Your Customer (KYC) document since the inception of the exchange. To substantiate the hacker group’s claims, the report mentioned that one Bitfinex user attempted to use the leaked password and was prompted for a two-factor authentication code.
However, in his rebuttal of these claims, Ardoino highlighted that the hacker group had not made contact for seven days following the breach. Ardoino argued that if the hacker group possessed any substantial information, they should have attempted to secure a ransom through Bitfinex’s bug bounty program, customer support tickets, emails, or the social media platform X.
To further substantiate his argument that the claims could be a FUD, the CTO referenced the comments that were shared by an unnamed security researcher. Besides appearing to dismiss the breach claims, the security researcher said the people behind the said breach did so to attract the attention of scammers. The security researcher explained:
So by creating a buzz about successfully hacking well-known companies / a university, it is an advertisement of how good their tool is and others should buy it so they can make millions of dollars by using it to exploit companies using this tool.
An updated version of a report from Shinoji Research appears to share the conclusion of the unnamed security researcher.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
暂时没有评论,赶紧抢沙发吧!