Binance, the world’s largest cryptocurrency exchange by trading volume, was the target of a leak that resulted in customer data being compromised. According to a report, the leak has the potential to affect up to 60,000 users who sent KYC information to the company in 2018 and 2019.
The reports also claim that the leak is directly related to the $41.5 million bitcoin hack that managed to steal 7,000 BTC from the exchange in May. It all started on Wednesday when a Telegram group distributed several images of people holding their IDs and pieces of paper written with “Binance, 02/24/19”, which sort of implied that the data presented has allegedly been hacked from the exchange.
2019 has been a rather tough year for the cryptocurrency exchange Binance as it has been battling one blow after another. Just a few months back in May, it became the target of a serious security breach. Later, during the same month, the exchange came was in the limelight when crypto traders lost thousands due to Binance critical lag, and now this alleged customer data leak.
Reportedly, the hackers handed out the pictures to CoinDesk which claims to have identified a few of the users from the pictures of their faces and personal IDs that they had sent to Binance for know-your-customer (KYC) purposes. KYC involves the collection of identifying information of all those customers wishing to trade, withdraw or deposit assets and is a requirement by financial institutions.
Further news from the report suggests that the hackers have at least 60,000 more of such pictures in their possession and that they are planning on releasing them over time. As of now, CoinDesk has access to nearly 1,000 of them.
However, the dreadful claims of the hackers regarding the KYC data leak have been shut down by Binance as plain rumors and an attempt to spread fear, uncertainty and doubt (FUD) among the crypto community. In his tweet on May 7, Binance CEO, Changpeng Zhao wrote:
Don’t fall into the ‘KYC leak’ FUD. We are investigating, will update shortly
The main objective of the hackers is likely to attack Binance’s credibility in the eyes of its users and the crypto community. They want to make individuals believe that their KYC data and other private information is not private at all, an objective they somewhat managed to achieve as it caused panic among the users on social media.
In order to take control of the situation that was close to getting out of hand, Binance soon released an official statement addressing the issue, which might not be what it seems. The statement revealed that the pictures in circulation are in fact being used to blackmail and extort the exchange. The statement read:
We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy.
The platform also shared that its initial review of the leaked images reveal that they in fact date back to February 2018, which is when Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. The said third party vendor is being investigated for further information at the moment, as per the report.
Apparently, this extortion attempt on the crypto exchange goes back to January. Reportedly, the hackers had an ad up that claimed to have hacked documents used in KYC checks, including identity cards and drivers’ licenses, from users of top exchanges like Bittrex, Poloniex, Bitfinex, and of course Binance. Binance then publicly offered a reward of 25 BTC in exchange for further information on the extortionist.
If you are able to provide any information to help identify this person and allow us to pursue the individual through legal action, we will offer a reward of up to 25 BTC, dependent on the relevance of the data supplied.
Coming back to the current data leak, there is after all some good news for the Binance community as the report states that the Binance team has found inconsistencies when comparing the leaked data to the data in their system. Moreover, it also assured that at the present, no evidence has been supplied that indicates any KYC images have been obtained from Binance as these images do not contain the digital watermark imprinted by our system.
However, the one thing the statement didn’t do is confirm or deny the data breach which is bound to set the community into a bit of a frenzy. But, as always, the Binance team is on its toes to put this nightmare to bed as soon as possible.