Over the weekend, several reports suggested a potential database leak comprising 22,500 records of emails and passwords allegedly from Bitfinex users.

However, Ardoino opined that the purported breach was likely fake, stating that only a small percentage of the leaked information matched the exchange users, adding that the firm does not “store plaintext passwords, nor 2FA secrets in clear text.”

Moreover, Ardoino questioned the legitimacy of the hackers’ claims, noting their failure to contact the exchange directly. According to him, the hacker group announced the breach on April 25, but Bitfinex only became aware of the incident a day before the deadline.

Ardoino added:

“Different security researchers rushed to hype the breach. Yet from what we could gather, the hackers collected a database of emails/passwords likely from different crypto breaches. Most of users unfortunately use same email/passwords across multiple sites.”

Nonetheless, the CTO promised to “keep reviewing information to ensure no stone remains unturned.”

Meanwhile, Alice from Shinoji Research, one of the accounts that propagated the Bitfinext database leak claim, has retracted the statement. They wrote:

“Removed the original BFX hack post as I’m not able to edit it. What appears to have happened is this ‘Flocker’ group curated a list of BitFinex logins from other breaches. They then made the site look like a ransom demand for a major breach.”

Alice further noted that the hackers exploited the rumor to generate hype around their activities and attract potential investors for future hacks.

“Instead it seems the plan is to hype up their operation so that people can ‘invest’ in future hacks. They are probably not related to the real FLocker group from a few years ago,” Alice added.

Mentioned in this article