Hackers demand 300 BTC from Binance cryptocurrency exchange over KYC data leak

• An attacker threatened Binance cryptocurrency exchange to release KYC information of 10,000 users if the company did not pay 300 Bitcoins which is worth approximately $3.5 million.
• The exchange is offering a reward of 25 bitcoins which is worth over $290,000 to anyone who provides information related to the identity of the attacker.

What is the problem?

A hacker who claims to have stolen Binance KYC (Know Your Customer) data from thousands of customers, demanded 300 BTC from the cryptocurrency platform to not release the data.

The detailed picture

An attacker threatened Binance cryptocurrency exchange to release KYC information of 10,000 users if the company did not pay 300 Bitcoins which is worth approximately $3.5 million.

“We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data,” Binance said in a statement.

In response to the exchange not co-operating with the attacker’s demand, he began distributing the data online and to media outlets.

The attacker created a Telegram group and shared over 400 photos of people holding passports and identity documents from France, Turkey, the United States, Japan, Russia, and other nations across the world.

What was the response?

Binance said that there are inconsistencies when comparing the leaked customer data to the data in their system. The cryptocurrency exchange also noted that the leaked images of KYC data do not contain the digital watermark imprinted by their system.

• The cryptocurrency exchange is currently investigating the data for legitimacy and is working to identify the source of these images.
• The initial investigation determined that the images appear to be dated from February of 2018, during which Binance had contracted a third-party vendor for KYC verification.
• Upon learning this, Binance is investigating with the vendor about the incident.
• The cryptocurrency exchange has also reported the incident to law enforcement.

“We believe this is the same data set that was covered in previous news articles, such as: https://decrypt.co/4648/binance-kraken-exchange-data-haul. The hacker also claims he has KYC information from multiple exchanges. When asked to prove the source of the data, the individual demanded 300 BTC and refused to supply irrefutable evidence of their findings. Later, they went to the press under false pretenses, posing as a white hat with good intentions,” Binance said.

Worth noting

The exchange is offering a reward of 25 bitcoins which is worth over $290,000 to anyone who provides information related to the identity of the attacker.

Meanwhile, Binance CEO Changpeng Zhao tweeted warning customers about the incident. “Don't fall into the "KYC leak" FUD. We are investigating, will update shortly,” Zhao tweeted.

“We are very sorry for the issue that happened. We understand that some users may feel offended, that is why we have prepared an official apology in a way of an airdrop to everyone who feels offended by the issue,” another tweet read.