Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News?
Within the last 48 hours, news (re)surfaced suggesting that know-your-customer (KYC) information from some of the largest cryptocurrency exchanges was made available for sale. Yet, there is evidence that this is likely recycled news from over six months ago.
On darknet market Dread, a vendor going by ExploitDOT was reported to have been selling KYC data from exchanges in a sub-community (/d/DNMAds). The post suggested that the data came from larger exchanges such as Bittrex, Poloniex, and Bitfinex.
The reports are based on a post by ExploitDOT claiming they have “100k documents” containing sensitive user data. The seller was offering 100 such documents for $10 with discounts for larger purchases:
The crux of the issue, however, is that the post is over six months old. Although the claims appear to insinuate that some of the largest exchanges were hacked, none have confirmed a data breach. Although that doesn’t mean there wasn’t a breach, if all three exchanges deny these allegations it’s more likely that such a breach never occurred. One of the exchanges to deny these allegations was Bitfinex:
We want to assure our customers that Bitfinex is aware of this situation and can confirm there is no security breach to our platform. As always, if there are any queries please get in touch with our support team – https://t.co/YslE5GtSGT https://t.co/VeW08TqgWn
— Bitfinex (@bitfinex) January 21, 2019
In the crypto-media, CCN claimed that they were provided “three free samples” of the data shown, yet the authenticity and the origins of the data, as CNN mentioned, are debatable. Not only that, there is a real possibility that it is the same leaked data from six months ago.
Mainstream media, such as the Guardian, reported last week that “Largest collection ever of breached data found” detailing an 87 GB data dump of stolen data that had been labeled “Collection #1.”
Sanixer, the Telegram username of the person offering this data, told KrebsonSecurity “Collection #1” consists of data pulled from a huge number of hacked site, and was not exactly the hacker’s “freshest” offering, and that the data was two to three years old.
Alex Holden, CTO of Hold Security, explained that the black market sale of huge amounts of data is nothing new:
“It was popularized several years ago by Russian hackers on various Dark Web forums. Because the data is gathered from a number of breaches, typically older data, it does not present a direct danger to the general user community. Its sheer volume is impressive, yet, by account of many hackers the data is not greatly useful.”
Overall, the alleged KYC hack and re-emergence of the information might not be relevant, especially if users aren’t affected. Some in the community have labeled the news FUD (fear, uncertainty, and doubt). And, without any verifiable claims, the community’s assessment could be true.