a ransom demand from a scammer who claimed to have hacked the KYC
(Know Your Customer) data of thousands of its customers.
The unknown attacker threatened the world’s largest
cryptocurrency exchange by volume to release KYC information of
10,000 users if the company did not pay 300 Bitcoins—that’s
equivalent to almost $3.5 million at today’s exchange
value.
Although the authenticity of the hack is not confirmed yet, several
photos of individuals holding their identity cards, such as
passports and voter IDs, have been circulating across different
online channels.
In response to the incident, Binance just released[1] an official statement
today confirming that “an unidentified individual has threatened
and harassed us, demanding 300 BTC in exchange for withholding
10,000 photos that bear similarity to Binance KYC data.”
Binance said the company is still investigating the legitimacy
of those images and has refused to pay the ransom and, as a result,
the unidentified individual behind the demand began distributing
the data online and to media outlets.
has already attracted over 10,000 people, and shared more than 400
images of people holding passports and identity documents from
France, Turkey, the United States, Japan, Russia, and other nations
around the world.
However, according to Binance, images posted to the attacker’s
Telegram group lacks the digital watermark the exchange uses for
its internal information, adding doubts about its
authenticity.
Binance also adds that its initial review of the leaked images
shows they’re all appeared to be dated from February of 2018 when
the exchange “contracted a third-party vendor for KYC verification
in order to handle the high volume of requests at that time.”
“Currently, we are investigating with the third-party vendor for
more information. We are continuing to investigate and will keep
you informed,” the company adds.
“The relevant law enforcement agencies have been contacted, and
we will be working closely with them to pursue this person.”
bitcoins—worth over $290,000—to anyone who provides information
related to the identity of the blackmailer.
Binance CEO Changpeng Zhao has also issued a statement on
Twitter[2] urging users not to fall
for the “KYC leak” FUD (fear, uncertainty, doubt), saying that the
company is currently looking into the matter and will update its
users shortly.
Read more http://feedproxy.google.com/~r/TheHackersNews/~3/uy8veW56hwI/binance-kyc-data-leak.html