Bitfinex’s Chief Technology Officer, Paolo Ardoino, has formally dismissed allegations of a data breach at the cryptocurrency exchange, asserting the security of user data remains uncompromised. Over the past weekend, Ardoino conducted a detailed internal review in response to claims of a severe data breach, which he has now confirmed were baseless.
The controversy began last Saturday when a report by Alice of Shinoji Research suggested that Bitfinex had fallen victim to a data breach orchestrated by a hacking group known as FSociety. The claim, which was swiftly retracted, alleged that approximately 2.5 terabytes of data, including the personal details of some 400,000 users, had been stolen during an attack dated April 26. However, this tweet was later removed.
In clarifying the situation, Ardoino explained that the supposed data leak was, in fact, a compilation of information from previous breaches unrelated to Bitfinex. This collection of old data had been misrepresented as a current breach specifically targeting Bitfinex, fueled by reused credentials to amplify the false narrative.
Subsequently, Alice of Shinoji Research issued a statement correcting her initial report, admitting the data was old and had been gathered by a different group, Flocker. This misrepresentation was designed to imitate a ransom demand, capitalizing on the anxiety surrounding potential major breaches.
Ardoino seized this moment to highlight the dangers of password reuse on multiple platforms, a prevalent but risky security practice. He strongly advised Bitfinex users to establish unique passwords for each service, particularly on platforms managing sensitive financial data, to bolster their personal security.