An anonymous hacker claims to have obtained sensitive KYC data from Binance. Blackmails the crypto exchange for 300 BTC not to release it publicly.
13 August 2019 Update:
The CoinDesk editor John Biggs explains in a short video his findings about the potential Binance KYC data leakage. He claims the hacker under the pseudonyms John Amate, Bnatov Platon, and Gen M initially emailed him on the 17th July 2019. Then Biggs decided to continue the conversation via Telegram, digging deep into the situation. He suggests that the matter is much more complex than what it looks like on the surface.
Biggs said he received a string of Java code with important bits missing (including logs and API keys). Those stolen pieces of code could have been used to manipulate the system and buy, sell, and send crypto on someone else’s behalf.
In conjunction with the potentially leaked KYC photos, Biggs says he has a total of 636 of them in his possession. He contacted 3 of the people over the email. They confirmed they were through a KYC process with Binance at the time.
John continues that Bnatov Platon claimed to be a white hat hacker, trying to help Binance find the villains who have stolen around 7,000 BTC (worth circa US$40 million at the time) in May 2019. He also reveals that Bnatov Platon was in touch with the Binance Chief Growth Officer Ted Lin, however, the latter disregarded the hacker’s messages. Being the biggest cryptocurrency exchange in the world, Binance receives data breach false alarms on a daily basis.
Is John Biggs mudding the waters for Binance, becoming a pain in Changpeng Zhao’s neck? Is the CoinDesk whistleblower going to force Binance officials shed more light on the subject? Watch the video now for more insights about the potential KYC breach saga.
The biggest cryptocurrency exchange by trading volume was extorted by an unidentified hacker about 10,000 photographs of users claimed to be leaked from the exchange’s database.
Binance security team announced in an official statement on their blog that an unknown individual tried to intimidate them, stating he obtained about 10,000 photos from the KYC database of the crypto exchange.
The hacker refused to provide irrefutable evidence whether the photos are genuine and demanded 300 BTC (above US$3.5 million) in order not to release them publicly. He also claimed to possess sensitive data extracted from other crypto exchanges as well.
Some of the pictures have been shared on a dedicated Telegram group, catching the attention of the general public.
An anonymous Twitter post raised the voice about the so-called incident.
BREAKING; Thousands of #Binance users KYC data has been hacked and all ID's are posted in a telegram group chat…. @cz_binance needs to make binance more secure because this, along with the 7000 BTC “hack” a few months back, aren’t making binance look to trustworthy! pic.twitter.com/gh3Kjz8vTg
— Kra₿₿y 🦀 (@BitKrabs) August 7, 2019
Binance officials said there is no tangible proof for any data leaks whatsoever, adding that the photos do not incorporate the digital watermark imprinted by the exchange upon processing the provided documentation.
The crypto exchange officials speculate that the pictures shared on Telegram are part of the same data set covered in previous articles.
Furthermore, a reward of up to 25 BTC (almost US$300,000) has been offered for the unidentified hacker’s head or any valuable information regarding his identity and whereabouts.
The presumably leaked photos date back to February 2018, when a third-party vendor was employed to carry out the Binance verification procedures, due to the huge workload at the time. The exchange’s security team does not disclose the name of that third-party, however, they say the relevant law enforcement structures have been informed, the matter is currently under investigation and will release a statement as soon as they manage to obtain more details.
Binance founder and CEO Changpeng Zhao tweeted that their users should not fall into the so-called “KYC leak” FUD (fear, uncertainty, and doubt), and that “will update shortly” with more information.
Don't fall into the "KYC leak" FUD. We are investigating, will update shortly.
— CZ Binance (@cz_binance) August 7, 2019
As the official statement goes:
“Please remember that protecting our users’ privacy and keeping our systems secure, including the funds stored within, is our utmost priority. We have numerous measures in place to ensure the safe-keeping of our users’ information, and we will continue to maintain the highest degree of transparency while serving our community.”
Due to the rules and regulations imposed by many regulatory bodies around the world, enterprises offering financial services to retail clients have to perform what’s called a Know Your Customer verification process, prior to authorizing clients to perform a financial transaction on their system. That verification requires the client to provide certain valid copies of identification documents, e.g. an id card, a passport, or a driving license, as well as a photo of their face, so the document may be properly linked to the individual undergoing the identity verification. Depending on the circumstances, additional documentation may be required, like a copy of a proof of address for instance.
Being the biggest and most popular cryptocurrency exchange in the world, Binance proves to be very attractive for malicious attempts by anonymous individuals, trying to make quick and easy money out of thin air.
First and foremost, Binance users should remain calm and not act impulsively, as history shows that is never the right thing to do.