According to findings reported by Shinoji Research, there has been a purported data breach on the cryptocurrency exchange Bitfinex, potentially affecting the data of 400,000 users and involving the theft of 2.5 terabytes of data.
However, it's important to note that these claims have not been officially confirmed by the exchange. As such, users are advised to await an official announcement from Bitfinex regarding the incident.
According to Shinoji Research, the FSociety ransomware group, notorious for its malicious activities, has allegedly claimed responsibility for the attack on Bitfinex. They purportedly posted two mega links on a page of their Onion site, leading to a text file containing a partial dump of usernames and plaintext passwords.
Shinoji Research noted that upon review, the list did not include any recognized accounts from trading firms like Alameda Research. Nonetheless, the extensive size of the data suggests that hackers may have gained access to every KYC document since Bitfinex's establishment.
The hackers reportedly issued a warning, threatening to disclose the KYC documents of all users unless their demands are met.
In an unexpected turn, a follower of Shinoji Research reportedly attempted one of the passwords from the file and received a 2-factor authentication (2FA) warning. Subsequently,
Shinoji Research confirmed the validity of the breach. Bitfinex has yet to respond to these allegations.
However, it's important to highlight that these are assertions made by Shinoji Research, and an official statement from Bitfinex is eagerly anticipated for clarification.
May 2024, Cryptoniteuae