Bitfinex, a prominent and long-standing cryptocurrency exchange, recently grappled with what it categorized as a “minor” information security incident occurring between October 30 and November 5. The root cause of this breach is traced back to the hacking of a customer support agent, leading to a series of phishing attacks targeting Bitfinex users. However, the repercussions of these phishing attempts were reported as relatively contained by the firm.
Bitfinex explains platform security breach
The disclosure, made by Bitfinex on November 4, detailed an unauthorized breach that enabled an individual or group to access a limited segment of their customer support boards. The accessed data was described as partial, incomplete, and outdated. This intrusion was facilitated through the phishing of a customer support agent, which granted unauthorized access to specific sections of the platform. Bitfinex notably highlighted that the compromised support agent did not hold senior permissions, thus limiting their access to crucial supporting tools and help desk tickets.
Consequently, the breach did not extend to more critical systems or databases within the organization, safeguarding the core infrastructure. The exchange emphasized that their foundational systems remained uncompromised and secure throughout the incident. They confirmed that no server, wallet, or database infrastructure was breached, ensuring the protection of customer funds. Additionally, Bitfinex assured that customer assets on the platform were never at risk, and essential password information remained out of reach.
Collaborative investigation and commitment to solving the issue
Most of the affected customer accounts were either empty or inactive, thereby minimizing the potential impact of the breach. Although Bitfinex confirmed that the issue has been resolved, the company is actively engaged in reviewing the incident and the compromised information. Furthermore, they are proactively communicating with customers who were affected by the breach. In response to the breach, Bitfinex promptly notified law enforcement authorities about the situation.
The company expressed its commitment to collaborating with investigation authorities to identify and locate the individual or group responsible for the phishing attack. Notably, Bitfinex underlined its history of successfully pursuing legal action against individuals who have attempted to disrupt their operations in the past. Despite the occurrence of this incident, Bitfinex reaffirmed its dedication to maintaining robust security measures. The exchange regularly reviews its security procedures and mandates comprehensive cybersecurity training for all employees.
These measures are aimed at mitigating potential risks and fortifying the overall resilience of their systems against future breaches. Founded in Hong Kong in 2012, Bitfinex has been under the leadership of CEO Jean-Louis van der Velde since 2013. The exchange holds a significant position within the cryptocurrency landscape, currently ranked 17th in CoinGecko’s “Trust Score” index among various cryptocurrency exchanges. In the last month, Bitfinex recorded over 800,000 visits on its platform, indicating a considerable user base and market presence.