Nobody’s data is safe. Off the back of the largest ever data dump Collection #1, CCN has reported that there is another data breach brimming with 100,000 know-your-customer documents from crypto exchanges Binance, Bittrex, Bitfinex and multiple ICOs. But all is not what it seems.
Six months ago, a hacker under the pseudonym “ExploitDOT” posted on darknet site Dread announcing he/she/they had a data haul of KYC documents, and they had the photos to prove it. While there was no uptake at the time, recently an anonymous cybersecurity expert contacted CCN with a sample of three pieces of KYC data from the data haul received from the hacker, and an exchange between hacker and Binance over the veracity of the documents in question. Despite the evidence not being independently verified, news sites have jumped on the news including Ripple News, Cryptoline News and The Block Crypto. But you shouldn’t be worried.
Binance investigated the matter and found no evidence of a data breach. Leah Li, global PR manager at Binance, told Decrypt, “We’re aware of this allegation and have investigated the photos in question, but there is no evidence that the leak is from Binance.” She added that Binance has even seen photoshopped versions of the KYC photos allegedly hacked.
This means that if there is a stash of KYC documents, it’s more likely they came from a phishing website—than stolen from the official exchanges. A phishing site is a website set up by malicious actors to look like the official one. It will usually function in almost the same way but instead of signing users up to the exchange, will steal their login details. Typically these would then be used to sign into their accounts and make off with their funds. There are a number of fake Binance—and other exchanges—websites, The Next Web has done a fine job exploring this topic. So, if you’ve always used the genuine site, you should be safe.
What's more likely is that the documents don’t exist in the first place. Unlike Collection #1, where details of the breach were released on an undisclosed hacking forum, the KYC breach was revealed on a discussion forum—the darknet equivalent of Reddit—where it received not a single comment or upvote for six months until the CCN story. In fact, since the story came out, the hacker posted that he had "made the news :)" and was thinking about launching a crowdfunding campaign to delete the documents so they don’t fall into the wrong hands. But who is this hacker and do they have any pedigree in hacking mainstream exchanges?
In the initial post, they claim to be a veteran of the online drug market community, having been an seller on Alphabay—a site used for selling drugs. But since selling drugs, the user has branched out somewhat. Four months ago, the hacker offered to sell an Alphabay-style darknet market for the bargain price of $5,000. Yet, like in the KYC data case, the hacker only offered three screenshots to prove they had something to sell. Beyond the basic graphics and different designs purportedly showing updating elements of the site—it’s essentially a re-skin of Dogecoin. Now if that isn’t enough to instil a healthy level of skepticism, how about this little ditty.
Following this, the hacker upped the ante. They tried several times to convince the Dread users to take part in a bank heist straight out of Mission Impossible. The job spec was to “gisguise” as somebody else, become employed at a bank or Western Union outlet, and covertly install a USB stick into a computer at one of the branches. The reward for such high stakes? $500. Unsurprisingly, there wasn’t much uptake.
Now, we can’t disprove the KYC data trove without forking out $1,000 for 100 documents to see if they’re real. But we like to think we're a pretty rational bunch, and all the above evidence points to a “hacker” with a history of hyperbole. If anything, the real story is far less glamorous: the hacker just didn't know its customers.
[Please note this article has been updated to reflect that the hacker was not an admin on Grams, not is it a darknet marketplace for selling drugs. Additionally, the title has been modified to more accurately represent the article.]