News
Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News? Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News?
๐Ÿšจ This article is 5 years old...

Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News?

Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News?

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Within the last 48 hours, news (re)surfaced suggesting that know-your-customer (KYC) information from some of the largest cryptocurrency exchanges was made available for sale. Yet, there is evidence that this is likely recycled news from over six months ago.

On darknet market Dread, a vendor going by ExploitDOT was reported to have been selling KYC data from exchanges in a sub-community (/d/DNMAds). The post suggested that the data came from larger exchanges such as Bittrex, Poloniex, and Bitfinex.

The reports are based on a post by ExploitDOT claiming they have โ€œ100k documentsโ€ containing sensitive user data. The seller was offering 100 such documents for $10 with discounts for larger purchases:

The crux of the issue, however, is that the post is over six months old. Although the claims appear to insinuate that some of the largest exchanges were hacked, none have confirmed a data breach. Although that doesn’t mean there wasn’t a breach, if all three exchanges deny these allegations it’s more likely that such a breach never occurred. One of the exchanges to deny these allegations was Bitfinex:

In the crypto-media, CCN claimed that they were provided โ€œthree free samplesโ€ of the data shown, yet the authenticity and the origins of the data, as CNN mentioned, are debatable. Not only that, there is a real possibility that it is the same leaked data from six months ago.

Mainstream media, such as the Guardian, reported last week that โ€œLargest collection ever of breached data foundโ€ detailing an 87 GB data dump of stolen data that had been labeled โ€œCollection #1.โ€

Sanixer, the Telegram username of the person offering this data, told KrebsonSecurityย “Collection #1” consists of data pulled from a huge number of hacked site, and was not exactly the hacker’s โ€œfreshestโ€ offering, and that the data was two to three years old.

Alex Holden, CTO of Hold Security, explained that the black market sale of huge amounts of data is nothing new:

โ€œIt was popularized several years ago by Russian hackers on various Dark Web forums. Because the data is gathered from a number of breaches, typically older data, it does not present a direct danger to the general user community. Its sheer volume is impressive, yet, by account of many hackers the data is not greatly useful.โ€

Overall, the alleged KYC hack and re-emergence of the information might not be relevant, especially if users aren’t affected.ย Some in the community haveย labeled the news FUD (fear, uncertainty, and doubt). And, without any verifiable claims, the community’s assessment could be true.

Mentioned in this article
Posted In: Exchanges, Hacks, KYC, Rumors