Nick Chong · 17 hours ago · 2 min read
News resurfaced that Binance’s know-your-customer (KYC) data had been hacked and uploaded into a Telegram group, dubbed “Find Your Binance KYC.” Several images of people holding their identities for the exchange’s verification process were posted in Telegram groups, causing customers to panic. In response, CEO Changpeng Zhao addressed the allegations.
— ๑ THE CRYPTO PANDA ๑ (@PandaofBinance) August 7, 2019
“Don’t fall into FUD”
The cryptocurrency community woke up on Wednesday with the news that Binance had been hacked once again. This time, several Twitter accounts were reporting that KYC data from the biggest cryptocurrency exchange in the world, in terms of trading volume, was leaked.
Despite the commotion, Binance’s founder and CEO Changpeng Zhao took to Twitter to warn the community against the “KYC leak FUD” and that the allegations were being investigated by the firm.
Don't fall into the "KYC leak" FUD. We are investigating, will update shortly.
— CZ Binance (@cz_binance) August 7, 2019
The founding partner at Primitive Ventures, Dovey Wan, commented that even though the rumor that was spreading throughout the cryptocurrency community was true, it was actually outdated. In fact, the accusations refer to a data breach that happened in late August 2018, which had been reported earlier this year.
It seems to be the same old Binance KYC hack dated back in 2018/8/24? Which was reported early this year? pic.twitter.com/rz7JKCTxk7
— Dovey Wan 🗝 🦖 (@DoveyWan) August 7, 2019
Along the same lines, Michael Gu (@boxmining) stated that the information going around about Binance’s KYC data was old news and that users should be extremely cautious about anyone claiming to help investigate if someone’s information was hacked. The YouTuber believes that groups attempting to provide information regarding the leak are likely bad actors.
— Boxmining (@boxmining) August 7, 2019
25 BTC bounty
Several hours after a series of Twitter accounts reported the news about the alleged KYC-data theft, Binance released an official statement to address its customers.
According to the statement, before exposing the information to the public and several media outlets, the hacker contacted Binance demanding 300 Bitcoin in exchange for withholding 10,000 photos of the exchange’s KYC data. After Binance refused to meet the hacker’s demands, he proceeded to upload the images into the Telegram group previously mentioned.
The firm’s security team found certain inconsistencies that lead them to believe that the data was not obtained directly from Binance’s servers but instead from a third-party vendor that used to be in charge of the KYC verification.
“At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system… On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. Currently, we are investigating with the third-party vendor for more information.”
Binance has now contacted different law enforcement agencies and is offering up to 25 BTC, approximately $300,000, to anyone who is able to provide relevant information that helps identify the hackers.