Binance Exchange Investigates KYC Data Leak Allegations
Once again, a hacker made allegations on possessing data gathered during the trader monitoring process on Binance.
The Binance exchange tried to calm traders this Wednesday after fears surfaced of another data leak. In the past, hackers have reported passport data leaks from various exchanges, although Binance denied it was affected. Now, the exchange once again called for not spreading fear and pronounced the leak a fabrication, while investigating the matter.
The hacker is indeed distributing a file containing KYC selfies, but Binance claims the leaks are not from their system, and that there are discrepancies between the leaked data and their database. Still, the leaked pictures “bore resemblance” to the contents of the Binance KYC files.
“On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. Currently, we are investigating with the third-party vendor for more information. We are continuing to investigate and will keep you informed,” explained the exchange.
The hacker demanded a ransom of 300 Bitcoin (BTC), and started to distribute the data when Binance refused to pay. Moreover, Binance offered a bounty of 25 BTC to anyone who could point to the identity of the hacker.
Exchange leaks are not uncommon, as market operators were pressured to implement trader screening. Binance worked for more than a year without KYC. In the past, leaked passports were distributed after it became clear that Bittrex sent unencrypted email responses containing passport shots as attachments. Later, Bittrex was denied BitLicense because of the shoddy KYC procedure.
Binance also warned against trusting emails claiming to be from Binance Support, especially if they call for the withdrawal of funds.
The hacker also alleged he owned KYC data from other exchanges, without giving a verified data source. Crypto companies usually use third-party providers for screenings, to ensure they follow the new requirements barring certain countries, as well as screening for wrongdoing and potential terrorism financing.