{"id":13227,"date":"2024-05-05T13:39:04","date_gmt":"2024-05-05T10:39:04","guid":{"rendered":"https:\/\/forklog.com\/en\/paolo-ardoino-dismisses-claims-of-bitfinex-data-breach\/"},"modified":"2024-05-05T13:39:04","modified_gmt":"2024-05-05T10:39:04","slug":"paolo-ardoino-dismisses-claims-of-bitfinex-data-breach","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/paolo-ardoino-dismisses-claims-of-bitfinex-data-breach\/","title":{"rendered":"Paolo Ardoino Dismisses Claims of Bitfinex Data Breach"},"content":{"rendered":"<p>Bitfinex&#8217;s Chief Technology Officer, Paolo Ardoino, expressed skepticism regarding reports of a potential user data breach at the cryptocurrency exchange.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Everyone panicking for a potential database breach on bitfinex.<br \/>Tldr: seems fake.<\/p>\n<p>The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords. <br \/>\u2014 we don\u2019t store plaintext passwords, nor 2FA secrets in clear text.<br \/>\u2014 only 5k of 22.5k\u2026<\/p>\n<p>\u2014 Paolo Ardoino ? (@paoloardoino) <a href=\"https:\/\/twitter.com\/paoloardoino\/status\/1786751936760312050?ref_src=twsrc%5Etfw\">May 4, 2024<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On April 26, hackers from FSOCIETY <a href=\"https:\/\/t.me\/FSOCIETYWETRUST\/6870\">claimed<\/a> to have breached Bitfinex, obtaining 2.5 TB of information and personal data of 400,000 users. They demanded a &#8220;significant sum&#8221; within a week to prevent a &#8220;catastrophic leak&#8221; of this data.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u201cThe alleged hackers published two links with sample data containing 22,500 records of emails and passwords. We do not store passwords and 2FA in plain text. Only 5,000 of the 22,500 email addresses match Bitfinex users. If this were part of our database, we would expect a 100% match,\u201d Ardoino wrote.<\/cite><\/p><\/blockquote>\n<p>According to him, the alleged hackers have not contacted the exchange with a ransom demand.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u201cThe hackers compiled a database of emails and passwords, likely from various crypto breaches. Unfortunately, most users use the same email addresses and passwords across multiple sites. We are conducting a thorough analysis of our systems, and no leaks have been detected so far,\u201d added the Bitfinex CTO.<\/cite><\/p><\/blockquote>\n<p>Ardoino also shared a message from an unnamed cybersecurity researcher, who claims that the alleged hackers are using this method to advertise a hacking tool.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Here a message from a security researcher (that instead of panicking, trying to dig a bit more into it).<\/p>\n<p>\u201cI believe I start to understand what is happening and why they are sending these messages claiming you were hacked.<br \/>The message in the screenshot in the ticket came from a\u2026 <a href=\"https:\/\/t.co\/YjwG2eeXw2\">pic.twitter.com\/YjwG2eeXw2<\/a><\/p>\n<p>\u2014 Paolo Ardoino ? (@paoloardoino) <a href=\"https:\/\/twitter.com\/paoloardoino\/status\/1786753451814277525?ref_src=twsrc%5Etfw\">May 4, 2024<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u201cCreating hype about successfully hacking well-known companies advertises how good their tool is, prompting others to buy it and earn millions of dollars by hacking companies with it,\u201d the specialist explained.<\/cite><\/p><\/blockquote>\n<p>The Bitfinex CTO doubted that hackers who breached a cryptocurrency exchange would sell tools for $299. He also posed a question to the audience:<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>\n<cite>\u201cIf someone compiles a database of 100,000 emails clearly belonging to people in crypto (collected from all previous crypto hacks), how likely is it that 20% of those are valid emails on some crypto exchange?\u201d<\/cite><\/p><\/blockquote>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">Question for the CT community: if someone compiles a database of 100k emails clearly belonging to people in crypto (collected from all previous crypto hacks), how likely is that 20% of those are valid emails on some crypto exchange?<\/p>\n<p>\u2014 Paolo Ardoino ? (@paoloardoino) <a href=\"https:\/\/twitter.com\/paoloardoino\/status\/1786754624906518700?ref_src=twsrc%5Etfw\">May 4, 2024<\/a><\/p><\/blockquote>\n<p> <script async=\"\" src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>Back in August 2016, Bitfinex lost nearly 120,000 BTC ($71.8 million at the time, over $7.6 billion at current prices) due to a hack and temporarily suspended operations.<\/p>\n<p>On February 1, 2022, 94,643 BTC were moved. In the same month, U.S. authorities arrested 34-year-old Ilya Lichtenstein and 31-year-old Heather Morgan on charges of laundering 119,754 BTC stolen from Bitfinex. In August 2023, they pleaded guilty.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Bitfinex&#8217;s Chief Technology Officer, Paolo Ardoino, expressed skepticism regarding reports of a potential user data breach at the cryptocurrency exchange. Everyone panicking for a potential database breach on bitfinex.Tldr: seems fake. The alleged hackers have posted 2 mega links with sample data contains 22.5k records of email and passwords. \u2014 we don\u2019t store plaintext passwords, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":13226,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[95,1188],"class_list":["post-13227","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-bitfinex","tag-data-breach"],"aioseo_notices":[],"amp_enabled":true,"views":"22","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13227","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=13227"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/13227\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/13226"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=13227"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=13227"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=13227"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}