Cryptocurrency exchange Bitfinex reported a “minor” information security incident following the hacking of one of its customer support agents between Oct. 30 and Nov. 5.
The breach resulted in phishing attacks against Bitfinex users, with the compromise of partial, incomplete, and stale information on the customer support boards. The agent in question had limited access, lacking “senior permissions” to crucial tools and help desk tickets.
Bitfinex reassured its users that its systems remained uncompromised, and no customer funds were lost.
The breach involved unauthorised access to a portion of the customer support boards through phishing attacks on a support agent with “limited access to supporting tools and helpdesk tickets”. The compromised information, described as “partial, incomplete, and stale,” did not extend to core systems, and user funds remained unaffected.
The statement clarified that no server, wallet, or database infrastructure was accessed during the incident. Customer assets on the platform were deemed secure, and password information remained inaccessible. Most affected customer accounts were either empty or inactive.
While Bitfinex considers the issue “resolved,” the exchange continues to review the incident and the compromised information. It has engaged with law enforcement, expressing confidence in its track record of securing convictions against those attempting to attack its operations.
In a blog post on Nov 4, Bitfinex announced that it had resolved the security incident, and also took to X to reassure customers that their funds were safe and that the exchange prioritises the security of their customers’ funds.
The exchange emphasised its commitment to customer safety, highlighting routine security reviews and mandatory cybersecurity training for all personnel.
Bitfinex also stressed that it maintains a close relationship with law enforcement and plans to collaborate with investigative authorities to track down the perpetrator.