- Bitfinex recently experienced a “minor” information security incident due to an employee account getting compromised
- Hackers used a phishing attack to infiltrate the exchange through a customer support account
- Fortunately, the breach resulted in minimal damage, and the access method has been patched
Bitfinex has revealed that it suffered a “minor” information security incident when an employee’s account was compromised, although no customer funds were lost. The breach involved a small section of customer support boards housing incomplete and outdated data, which was accessed via the phishing of a customer support agent with limited access permissions. Thankfully the breach was minimal in terms of damage and the method of access has been patched.
No Data or Funds Stolen
Bitfinex revealed the attempt in a blog post, where it explained that the work account of a low-ranking customer support agent was accessed via a successful phishing attempt, but that “Most of the affected customer accounts were empty or inactive”. None of Bitfinex’s systems were compromised, and “At no time were customer assets on the platform at risk, nor was password information accessible.”
Bitfinex added that it is conducting a comprehensive review of the incident and the compromised information and is actively reaching out to affected customers, with law enforcement also informed. The exchange added that it has “a very close relationship with law enforcement” and hopes to be able to trace the infiltrator.
Bitfinex is far from the first crypto exchange to fall victim to a phishing attack, with Electrum Wallet, bZx, Opensea, and more affected in previous years, but luckily this hack didn’t impact customer funds or security.
