Cryptocurrency exchange Bitfinex has reported a minor information security incident that occurred between 30 October and 5 November.
A customer support agent’s account was compromised, leading to phishing attacks against Bitfinex users.
The impact of this incident was minimal.
The breach involved a small section of Bitfinex’s customer support boards, which contained partial, incomplete, and outdated information.
The breach was the result of phishing activities directed at a customer support agent.
Importantly, the compromised support agent did not have senior permissions, which limited their access to support tools and help desk tickets.
Bitfinex Swift Resolution
Bitfinex was quick to reassure its users that its fundamental systems remained uncompromised and that no customer funds were in jeopardy.
The exchange’s servers, wallets, and databases were not accessed, and both customer assets and password information were safeguarded.
Notably, most of the affected customer accounts were either empty or inactive.
Bitfinex promptly addressed the incident, assuring users that it had been resolved.
Furthermore, the exchange is currently conducting a thorough review of the incident and the compromised data.
Additionally, Bitfinex is actively reaching out to affected customers to provide any necessary support.
Bitfinex mentioned:
“A small portion of our customer support boards, which held partial, incomplete and stale information was accessed by an individual or group, through the phishing of a customer support agent. No server, wallet or database infrastructure was accessed. At no time were customer assets on the platform at risk, nor was password information accessible. Most of the affected customer accounts were empty or inactive.”
Bitfinex Cooperation with Law Enforcement
In response to the incident, Bitfinex reported the matter to law enforcement and is collaborating with investigative authorities to track down the perpetrators behind the phishing attack.
The exchange highlighted its strong track record of securing convictions against individuals who have attempted to target their operations in the past, underscoring its commitment to maintaining security.
Despite this incident, Bitfinex emphasised that it regularly reviews its security procedures and ensures that all employees undergo cybersecurity training to uphold the safety and integrity of its platform.
