Binance KYC Breach — Did It Happen, and If So, Who’s to Blame?

Binance allegedly fell victim to security breach recently that saw the miscreant make off with a lot of the firm’s sensitive KYC data...
Binance allegedly fell victim to security breach recently that saw the miscreant make off with a lot of the firm’s sensitive KYC data...

On Aug. 7, Binance, the world’s largest cryptocurrency exchange (by daily trade volume), fell victim to a hacking scandal that saw the miscreant allegedly gain possession of a huge chunk of the firm’s Know Your Customer (KYC) data (10,000+ personal photos). The hacker is reportedly demanding a total of 300 Bitcoins (worth around $3.5 million) from the exchange, or else he or she will release all of the data.

Also, it bears mentioning that upon commencing his activities, the hacker set up a couple of dedicated Telegram groups (which have since been shut down) that allegedly featured a lot of the sensitive material. However, since all of this data lacked a digital watermark that Binance typically uses for its internal information, there are doubts regarding the authenticity of this material. On the subject, Binance’s security team had the following comment:

“At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system.”

Binance claims that the images released thus far can be dated back to February, a time when the premier trading platform was making use of a third-party service provider to process its KYC verifications. Similarly, the exchange reportedly also asked the hacker to provide them with more information regarding the source of this KYC data, but the individual simply demanded 300 BTC and refused to give the team any irrefutable evidence.

At this point, some are questioning if Binance may be trying to absolve itself of any wrongdoing in the matter by somewhat deflecting the blame toward the third-party vendor managing the company’s KYC info at the time. Cointelegraph spoke to independent crypto author and analyst Sam Town, who pointed out:

“KYC data should be — and is — currently handled in-house by major exchanges. We may be more than a decade post-Satoshi, but the cryptocurrency ecosystem is still a work in progress. Stop-gap solutions like third party KYC data management may be necessary to bootstrap a platform, but that doesn't absolve Binance of responsibility in this case.”

A similar sentiment is also shared by Paul Bischoff, editor at Comparitech, who agrees that even companies and governments are routinely blamed for errors made by their contractors and affiliates, and Binance therefore bears a huge chunk of the responsibility in relation to this entire episode — if the data turns out to be genuine.

Binance is talking active remedial measures to stop the bleeding

As part of the firm’s damage-control measures, Binance’s security team is offering a reward of 25 Bitcoins to any person who can supply them with pertinent information that can help in the arrest of the hacker/hackers behind this incident. And while all of this may sound fine, it is hard to avoid the fact that the leading crypto exchange also fell victim to another hacking scandal this past May, which saw the company lose around 7,000 Bitcoin (worth around $40 million at the time of the hack). At the time, many people predicted that the incident would have an irreparable impact on the company’s image. However, Binance’s performance has only continued to improve ever since. 

BNB price chart from Aug. 6 and onward.

Binance Coin

Source: Coin360.com

In this regard, following this latest data breach, the price of Binance Coin (BNB) — the premier crypto exchange’s native digital currency — has soared by over 12%, thereby indicating that the global crypto community doesn't seem to care all that much about this possible security mishap. On the subject, Town bluntly notes:

“Over 500,000 Facebook users had their private data — including ID details and location data — leaked in April this year. The Cambridge Analytica saw the private data of 87 million Facebook users exploited in early 2018. Did anybody really care? Did anybody stop using Facebook? Bithumb lost $30 million in a hack in June — it still turns over $700 million in daily volume and ranks in the top 30 exchanges. Nobody cares enough about data privacy for the Binance KYC ‘hack’ to matter.”

It is also worth mentioning that soon after the incident came to light, the CEO of Binance,  Changpeng Zhao (aka CZ), took to Twitter to tell his followers that they should not fall into the “KYC leak” FUD. However, this remark does not seem to address the heart of the issue: If it’s true that sensitive KYC data was leaked online, it puts a lot of people’s privacy and digital security at risk. 

If the stolen data turns out to be real, the 10K+ leaked images in question could be worth a lot of money to various criminals. Bischoff points out that they could potentially be used by miscreants to bypass two-factor authentication measures, or even facilitate a variety of bank drop scams. In a recent article, Bischoff wrote at length about how passport images and scans are regularly used by nefarious, third-party agents to carry out their illegal activities. Not only that, leaked KYC data is often used to create fake IDs and passports, which can be sold for as much as $1,500. 

Lastly, according to various unconfirmed reports, it does not seem as though the actions of the hacker(s) are an attempt to spread any FUD regarding Binance, but rather he/she seems to be motivated by the Bitcoin ransom alone. Cointelegraph reached out to Binance for comment, but the exchange representative said that no further information is available.

Another side of the story emerges

All of the information that Binance and various credible media sources have provided has already been discussed at this point. However, if certain theories are to be believed, a hacker by the name of Bnatov Platon could be behind this entire ordeal. It is alleged that Platon offered to assist Binance when the exchange was hacked back in May. He was apparently able to track the people who stole the 7,000 BTC from the premier trading platform as well recover over 60,000 KYC files associated with the company’s customer base.

Related: Funds Are SAFU, but Reorg Is Not: What We Know About the Binance Hack So Far

Platon claims that the hacker(s) could gain access to all of this information by infiltrating the account of a company insider who allegedly installed a back door into Binance’s trading module (via API keys) — thereby allowing the hacker(s) to make off with the aforementioned sum of crypto.

However, this is where matters get interesting. Platon — who refers to himself as a “white hacker” — allegedly demanded a reward of 300 Bitcoins from Binance in return for providing the company with details of the intruders, including their names, phone numbers, photos, server data and correspondence. But when representatives working for the exchange did not grant his request for a reward, he released the KYC details of more than 600 Binance customers via different Telegram groups. In relation to the matter, Platon reportedly added:

“When I require money, I can just hack out one exchange account balance (hacker’s). I could retrieve more than 600 or 700 coins easily by hacking the hacker’s wallet. [...] My decision for negotiation with Binance was wrong. They are not the right people… so I will just publish all of the data.”

Lastly, Platon also claims to have tracked the bulk of the laundered Bitcoins that were stolen from the exchange back in May. According to him, at least 2,000 of these coins were sent to various wallet addresses via different exchanges, including Bitmex, Yobit, KuCoin and Huobi. He now claims to have plans of publishing all of the data he has under his control across various public domains.

In relation to the matter, we reached out to Benjamin Pirus, the host of a podcast called “Crypto: Secrets of the Trade.” He believes that the narrative including Platon is quite compelling and is definitely worth investigating further. When asked about what the best way for CZ to tackle this situation would be, Pirus responded by saying:

“I think it really depends on how Binance deals with the situation in the coming days. CZ has done a decent job over the past two years in handling difficulties, especially considering the exchange’s rapid growth. I hope the authorities will be able to work with Binance to solve the issue, in line with proper laws and regulations.”