In the words of Bitfinex CTO, Paolo Ardoino,”We're performing deep analysis of our systems and no breach was found currently. While we believe this is pure FUD we'll keep reviewing information to ensure no stone remains unturned.”
On May 4, a (now deleted) tweet by Alice of Shinoji Research noted that Bitfinex had been hit by a data breach. Soon, rumors about a large-scale hacking attack at Bitfinex started making the rounds. Additionally, reports suggested that 22,500 records of emails and passwords from Bitfinex users leaked, raising concerns about the security of the platform's infrastructure.
Within a few hours, Alice confirmed that the data breach incident was a ruse set up by the “Flocker" group. According to them, Flocker intended to hype up the incident to make people invest in their future hacks.
Meanwhile, Bitfinex's Chief Technology Officer, Paolo Ardoino, had debunked these rumors as fake. Ardoino pointed out that only a tiny percentage of the leaked information matched the data from actual user accounts on Bitfinex. He reassured users that Bitfinex does not store plaintext passwords or 2FA secrets in clear text, adding that the impact would have been minuscule even in case of a possible breach.
Moreover, Ardoino questioned the credibility of the hackers behind the alleged breach, noting that they failed to directly contact the exchange before making their claims public. According to him, the hackers announced the breach on April 25, but Bitfinex only became aware of it a day before the deadline.