Brief Overview:
• Paolo Ardoino denies Bitfinex was hacked, citing data mismatches.
•Of the 22,500 emails claiming to be from Bitfinex users, only 5,000 matched Bitfinex accounts.
• Cryptocurrency exchanges continue to undergo robust security reviews.
Bitfinex CTO Paolo Ardoino has confidently refuted allegations that the cryptocurrency exchange suffered from security breaches.
Ardoino’s clarification follows rumors of a possible database leak, allegedly involving 22,500 email and password records of Bitfinex users.
Bitfinex CTO Paolo Ardoino Denies Hacking Rumors
According to Ardoino, the evidence provided by the alleged hackers is inconsistent with Bitfinex’s data management practices. He highlighted significant discrepancies in the data and, as a result, noted that only about 5,000 emails matched Bitfinex user accounts.
He said this was a clear indication that if the records were from Bitfinex, then they should be an exact match.
“We don’t store plaintext passwords, we don’t store 2FA (two-factor authentication) keys in plaintext,” Ardoino said. “And out of 22,500 emails, only 5,000 matched Bitfinex users. If this was part of our database, we would expect a 100% match.”
When confronted with the hacker’s claims, Bitfinex CTO Paolo Ardoino questioned their legitimacy, noting that the hacker did not contact Bitfinex directly, but chose to make their claims public on April 25 and set a seven-day deadline for a response, but Bitfinex was not informed of this until the day before the deadline.
Ardoino further explained that if the hackers did have substantive information, they could have contacted the company through official channels such as Bitfinex’s bug bounty program, customer support tickets, email, or Twitter, and possibly even demanded a ransom.
Security experts quickly joined the discussion, hyping up the alleged breach without sufficient evidence. For example, Shinoji Research claimed that 2.5 terabytes of customer data were compromised, but initial findings from Bitfinex showed that the database in question was likely an aggregation of information from multiple different cryptocurrency breaches.
Ardoino also mentioned that it’s common for users to reuse the same email and password combinations across different websites, which could be one of the reasons why email addresses matching Bitfinex user accounts appeared in the data that the hackers claimed to have leaked.
Although Bitfinex believes that this may be just a panic created by uncertainty and doubt (FUD), the company is still continuing to conduct a thorough review and system analysis. Ardoino assured users and stakeholders that Bitfinex will continue to review all relevant information to ensure that no details are missed. #Bitfinex #黑客攻击
