A Telegram channel with the name – “FIND YOUR BINANCE KYC” has been allegedly leaking KYC documents of Binance users since August 7, 2019. Binance issued an official statement and informed users that the leaks are “false”, and that an unidentified individual has threatened and harassed the exchange, demanding 300 BTC in exchange for withholding 10,000 photos that bears a resemblance of Binance KYC data.
Leah Li, global PR manager at Binance stated: “There are inconsistencies when comparing this data to the data in our system. At present, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system. With that said, our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images, as it remains unclear where they were obtained.”
On further investigation, CZ, CEO of Binance, eluded to the fact that the photos appeared to be dated back to February 2018, when Binance worked with a third-party vendor for KYC verification. The exchange is now pursuing the investigation with this vendor. A reward of 25 BTC was announced for individuals or entities who help in successfully identifying the unidentified attacker(s).
This KYC leak is not the first of its kind. There have been several similar instances in the past year and darknet vendors have circulated personal documents of over half a million cryptocurrency traders from notable exchanges, including Binance. Before publishing details of users online, a hacker by the pseudonym “Bnatov Platon” had a month-long conversation with a leading crypto news platform, CoinDesk.
In the talks, he revealed how he allegedly hacked individuals behind an earlier hack when 7,000 Bitcoin was stolen from the world’s largest exchange. Platon asked Binance for a fair deal in exchange of the stolen Bitcoin and the deal was later canceled. This appeared to be a layered and well-orchestrated attack with hackers hacking hackers and asking the hacked exchange for Bitcoin in exchange of information and the hacker’s identity. Platon alleged that the information that he obtained about Binance customers was hacked from an “insider” involved in the heist.
Binance was the target of a large scale security breach earlier this year and $41 Million in lost funds were furnished from the exchange’s insurance fund. However, identity theft cannot be reversed. With tens of thousands of documents that included personal information being shared publicly, the exchange has truly suffered a huge trust deficit due to the security breach.
The investigation is ongoing with the third party vendors that were associated with Binance in 2018, however, locating the hackers or their identities will not tackle the challenges faced by Binance users. Binance has lost its users’ trust yet again and despite a transparent approach, and amidst several hacks in the industry, users are now more skeptical than ever.
Cryptocurrency traders are looking for secure and trustworthy exchanges with over six layers of security infrastructure and no history of attacks. What’s a trader to do? Well, with large scale hack recently foiled, Coinbase emerges as the most secure exchange for crypto trading and HODLing, which leaves a huge hurdle for Binance to overcome if they want consume confidence again.