Let's suppose Bonthu did in fact tell you in advance, and you acted on it. The SEC can see your trades, and you don't know if Bonthu has mentioned this conversation to someone else - in particular, you don't know if he told, or will tell, the SEC or FBI. What are you going to say when the FBI comes asking? If they can show you lied to them, you just made things a whole lot worse for yourself. Did you tell someone else? If they also acted, they may well face the same issue, and they might well choose full disclosure...
IANAL, I would guess not answering is safer than lying, but it does not stop the investigation of you, and it does signal information. Obviously, the fifth is far from a stay out of jail card, if a case can be made from other peoples' testimony.
After any corporate action, the SEC (and various other agencies) trace back through trade records to look for suspicious trades. Family members are a matter of public record. And friends are now announced on LinkedIn, Twitter, Facebook, et cetera.
While the SEC can undertake the tedious process of clearing all individuals with knowledge of the breach, a more effective tactic would be to look at suspicious trades and investigate potential insider knowledge. In that method, SEC looks at unusual volume/patterns in options contracts and security sales. The SEC will comb through each suspicious security sale that occurred prior to the breach announcement and cross reference the account owner's information with their list of insiders. If they have reasonable suspicion that a crime occurred, investigators obtain a warrant and complete the picture with phone records, email accounts, Facebook info (if not already obtained via parallel construction), etc.
So let's say in theory you could add a great deal of people as friends (thousands even) and in that case it would be quite difficult for the FBI to run that down (as they say). Besides they would have to supoena records from Facebook at a certain point if the 'friend' was not someone they could easily determine just from a picture or limited contact info.
And don't even get into 'linkedin' that is filled with more people you don't really know or care about than any service.
Most likely they will just work the other way. Someone makes a trade and they then see if they are linked to anyone in anyway at the company.