Binance has confirmed that an unidentified entity has contacted them claiming to have Binance KYC data and demanding 300 BTC in return for not leaking it online. The case is still being investigated internally, but since the exchange has decided not to cooperate with the entity, they began sending this data to media outlets, August 7, 2019.
Is the Hack Legitimate?
The first thing that Binance noticed with the supposed hacked KYC data is that the individual photos didn’t have the Binance watermark digitally imprinted onto each individual’s documents. However, the photos have a timestamp of February 2018, at which time Binance was using a third party vendor for its KYC. They are working with this vendor to uncover any potential clues.
The hacker claims to have KYC data from multiple exchanges but refused to provide an origin or supply concrete evidence for their claims. Binance has contacted authorities and will extend their full cooperation to help uncover the hacker’s identity.
Binance claims that the hacker posed as an ethical hacker with positive intent and contacted the press to inform them of the vulnerability in their system.
The exchange asks customers to be wary of people impersonating Binance customer service representatives sending them a phishing link and requesting they withdraw their funds at the earliest.
They maintain that they are dedicated to protecting user privacy and have numerous safeguards in place to mitigate data leaks.
The reason most hackers target exchanges is because their addresses are known to the public via block explorers and they are known to keep a significant amount of funds on their hot wallets to provide liquidity.
Live custody arrangements for exchanges needs to be drastically improved as the current technology is very obviously riddled with flaws.
In this case, it is still not known whether the KYC details are legitimate or not, but something like this isn’t in the hands of custody and depends on the exchange’s level of information security.
Individuals are hardly targeted except for mass cryptojacking and phishing schemes; this is simply because it isn’t profitable to expend the resources to uncover the identity of a person behind an address with significant funds.
The security infrastructure on cryptocurrency platforms is weak from the core. More innovation and funding is required to fill the gaps. Until then, decentralized exchanges are the safest best, though they don’t offer fiat to crypto conversion.