A user by the name of “Miembro” posted on Breach Forums on Dec. 14 seeking to sell access to Binance’s law enforcement request panel for a price of $10,000 in Bitcoin (BTC) or Monero (XMR).
According to the post, the access provides “private access only used by Law Enforcement,” with unlimited requests to be answered within three to seven days.
The poster said inquiries can be made through the website portal or via Tox or Telegram with straightforward offers, “nothing saying hi or hey.”
According to an investigation by Hudson Rock researchers, Binance uses a third-party service called Kodex, which validates law enforcement requests.
Hacker Sells Access to Binance’s Law Enforcement Portal, Cryptocurrency Holders at Risk.
— Hudson Rock (@RockHudsonRock) December 19, 2023
Details inside: https://t.co/f4avLWOVvK pic.twitter.com/urIJB5hXBH
The account is accessed via compromised credentials, which are said to belong to law enforcement officials. Three computers infected by malware were the cause of the compromised credentials, which subsequently ended up in the hands of the hackers.
Related: How the Ledger Connect hacker tricked users into making malicious approvals
The credentials belonged to the Taiwanese Criminal Investigation Bureau's law enforcement officers, the Uganda Police Force, and the Anti-Cybercrime Group of the Philippine National Police (PNP).
The report said it is still unclear whether access was actually achieved through the compromised login credentials. However, in a follow-up post, the user said they have been testing the access, and it “works fine.”
“EDR works with email, phone numbers, doc numbers and even TXID or wallets.”
Binance is facing an impending ban from the Securities and Exchange Commission in the Philippines for operating as an unregistered exchange.
On Dec. 18, a United States court ordered former CEO of Binance, Changpeng “CZ” Zhao, to pay $150 million for violating the Commodity Exchange Act and Commodity Futures Trading Commission regulations, while the exchange itself must pay $2.7 billion to conclude the CFTC enforcement action.
Magazine: Lawmakers’ fear and doubt drives proposed crypto regulations in US