A darknet hacker revealed hundreds of images yesterday purporting to be stolen know-your-customer data from leading crypto exchanges. Today, the exchanges have revealed some of the security measures they use in order to explain why the data was not hacked from their systems—but obtained through other means.
The data dump in question was first posted on darknet forum Dread around six months ago where it received no response until CCN published an article on January 20. Since then a spotlight has been placed on the hacker, who came out of the shadows in response to a Decrypt article that picked holes in the story. “ExploitDOT” posted a rambling missive on anonymous text storage site Pastebin, including twenty six links to photos purportedly stolen from exchanges. Yet despite this evidence, crypto exchanges have offered proof that their systems were not broken into—which suggests the data may have been obtained through phishing attacks or a third party KYC breach.
“I don’t see any clear evidence that any exchange was hacked,” Jesse Powell, CEO at Kraken, told Decrypt, adding, “We have a way of knowing if an image came from our system. I won’t say what we do but there is definitely a way to know if it came from us.”
Powell suggested the images could have been obtained through other means over a much longer timeframe. “This could easily be a ton of phished iCloud/GSuite accounts where people were auto syncing photos from their phones. There are just way too many possible sources of these images if you are looking back eight years.”
Binance was more explicit on its security measures. In a statement, it revealed that every image processed through Binance for KYC purposes is embedded with a hidden digital watermark. These are “only perceptible under specific conditions” and the data includes information on the person who initiated the movement of the images—which could be used identify an inside job if one were to happen. Crucially, it stated that “these watermarks can be detected even if the images have been modified.”
After analysing the sample images from the data dump, Binance concluded there was no hack. “After careful assessment, we have concluded the images in question do not contain our watermark, indicating that these images are not from verified Binance accounts,” the statement said. Binance added that all sensitive user information—including image data—is encrypted in accordance with industry standards.
Crypto exchanges are notorious for getting hacked. In total, more than $1.5 billion has been stolen out of exchanges thus far. And yet, despite presenting evidence of what would be a record data haul, the hacker has not been able to conclusively prove the data was obtained from the exchanges. It looks like ExploitDOT’s reputation for hyperbole will continue.