Announcing CryptoSlate Research — gain an analytical edge with in-depth crypto insight. Learn more.

Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News?

Is the KYC Data Hack for Leading Cryptocurrency Exchanges Fake News?

Within the last 48 hours, news (re)surfaced suggesting that know-your-customer (KYC) information from some of the largest cryptocurrency exchanges was made available for sale. Yet, there is evidence that this is likely recycled news from over six months ago.

On darknet market Dread, a vendor going by ExploitDOT was reported to have been selling KYC data from exchanges in a sub-community (/d/DNMAds). The post suggested that the data came from larger exchanges such as Bittrex, Poloniex, and Bitfinex.

The reports are based on a post by ExploitDOT claiming they have “100k documents” containing sensitive user data. The seller was offering 100 such documents for $10 with discounts for larger purchases:

The crux of the issue, however, is that the post is over six months old. Although the claims appear to insinuate that some of the largest exchanges were hacked, none have confirmed a data breach. Although that doesn’t mean there wasn’t a breach, if all three exchanges deny these allegations it’s more likely that such a breach never occurred. One of the exchanges to deny these allegations was Bitfinex:

In the crypto-media, CCN claimed that they were provided “three free samples” of the data shown, yet the authenticity and the origins of the data, as CNN mentioned, are debatable. Not only that, there is a real possibility that it is the same leaked data from six months ago.

Mainstream media, such as the Guardian, reported last week that “Largest collection ever of breached data found” detailing an 87 GB data dump of stolen data that had been labeled “Collection #1.”

Sanixer, the Telegram username of the person offering this data, told KrebsonSecurity “Collection #1” consists of data pulled from a huge number of hacked site, and was not exactly the hacker’s “freshest” offering, and that the data was two to three years old.

Alex Holden, CTO of Hold Security, explained that the black market sale of huge amounts of data is nothing new:

“It was popularized several years ago by Russian hackers on various Dark Web forums. Because the data is gathered from a number of breaches, typically older data, it does not present a direct danger to the general user community. Its sheer volume is impressive, yet, by account of many hackers the data is not greatly useful.”

Overall, the alleged KYC hack and re-emergence of the information might not be relevant, especially if users aren’t affected. Some in the community have labeled the news FUD (fear, uncertainty, and doubt). And, without any verifiable claims, the community’s assessment could be true.

Filed Under: Crypto Exchanges, Hacks, Rumors
Darryn Pollock

Darryn is an award-winning journalist that began his career covering sports for a major national newspaper group in South Africa. Since then, he has married his interest in blockchain and cryptocurrency and looks to cover the emerging ecosystem as thoroughly as possible. He is particularly interested in the technical and economic impact of cryptocurrency.

View author profile

Disclaimer: Our writers' opinions are solely their own and do not reflect the opinion of CryptoSlate. None of the information you read on CryptoSlate should be taken as investment advice, nor does CryptoSlate endorse any project that may be mentioned or linked to in this article. Buying and trading cryptocurrencies should be considered a high-risk activity. Please do your own due diligence before taking any action related to content within this article. Finally, CryptoSlate takes no responsibility should you lose money trading cryptocurrencies.