FSOCIETY Threatens Massive Bitfinex Data Leak: 400,000 Users At Risk

Key Points:

• FSOCIETY threatens to leak Bitfinex user data.
• Bitfinex CTO suggests leak origin is multiple crypto breaches.
• Leaked list suspected as a scheme for dubious ads.

Bitfinex data leak allegedly by FSOCIETY includes 2.5TB of exchange data and 400K users’ details. Bitfinex CTO responded, raising questions about the leak’s origin.

The ransomware group, FSOCIETY, alleges to have gathered 2.5TB of Bitfinex exchange data, and personal details of 400,000 users.

Bitfinex Data Leak: Ransomware Group FSOCIETY’s Threats

They’ve threatened to leak users’ Know Your Customer (KYC) data unless their demands are met. A user authenticated a password from the leaked data, as per Shinoji Research.

FSOCIETY has uploaded a page on their onion site with links to a text file containing a partial dump of usernames and plaintext passwords. However, several accounts, including those associated with known trading firms like Alameda Research, were not in the list.

The group has threatened to leak all KYC data if their demands are not met, suggesting they have access to all KYC records since the company’s inception.

Analysis of Leaked Accounts and Bitfinex’s Response

A list of email domains from the leak primarily includes public domains, with the exception of coinfarm.co.za, suggesting the hacker may have intentionally excluded corporate accounts.

Bitfinex CTO Paolo Ardoino responded that only 5,000 of the 22,500 leaked emails match Bitfinex users, suggesting the hacker likely compiled a database from various crypto breaches.

Paolo noted that Bitfinex’s KYC system has heavy rate limiting, and passwords are not stored in plaintext, raising questions about the leak’s origin.

Assuming Bitfinex’s claims are true, most of the leaked accounts are heavily present on the HaveIBeenPwned website, with many logins traced back to the Coinmarketcap breach. It’s possible the list was reverse-engineered by using breached passwords on BitFinex, but the motivation is unclear.

Interestingly, the list is not for sale but is freely available on the hacker’s site, and Bitfinex wasn’t extorted. This raised suspicions of a potential scheme to charge for a fake KYC database. However, it appears F Locker, associated with FSOCIETY, is using the leaks to advertise dubious investments.