Leading cryptocurrency exchange Binance has recently revealed it’s looking into an alleged know-your-customer (KYC) leak that has seen photos of various individuals next to their IDs circulate on social media.
The story dates back to earlier this year, when a cybersecurity researcher who chose to stay anonymous decided to reach out to reporters to reveal the leak occurred. At the time, Binance’s CEO Changpeng Zhao claimed the alleged KYC leak was FUD (Fear Uncertainty and Doubt), and the exchange later on issued a statement clarifying it wasn’t affected:
What @binance said when we first reported the kyc leak:— Francisco Memoria (@FranciscoMemor) August 7, 2019
"To elaborate, in regards to the image data we collect from our customers during the KYC process, every image that the Binance system processes for KYC purposes is embedded with a hidden Digital Watermark."
Social media users are now concerned about the leak once again, as images of various individuals are being spread on a Telegram group that currently has over 9,000 members and is growing by the minute. CryptoGlobe will not link to this group to protect the identities of those affected.
On the group, a user with the name “Guardian M” has claimed it’ll keep uploading KYC leaks “at a later date.” CZ responded to the situation on the microblogging platform Twitter by noting Binance is investigating and will issue an update shortly.
Don't fall into the "KYC leak" FUD. We are investigating, will update shortly.— CZ Binance (@cz_binance) August 7, 2019
When the alleged leak was first reported, the hacker soon dumped documents showing he had what he claimed to have, in response to a story from other cryptocurrency news outlets that claimed he didn’t.
The KYC breach hacker has just dumped documents showing he does have what he claims. As reported, I saw samples myself and they don't look photoshopped.— Francisco Memoria (@FranciscoMemor) January 24, 2019
While the hacker claims to have data from @Poloniex @BittrexExchange and @binance the pictures I saw were from the latter https://t.co/DtsPHtXfpF
Initially, as reported, the hacker was trying to sell the KYC documents on the dark web. His listing showed he didn’t just have leaked documents from Binance, but from other leading exchanges including Bitfinex, Poloniex, and more.
It's worth noting the leak might've not come from Biannce or from other cryptocurrency exchanges, but from phishing websites that tricked users into going through a KYC process with them, or from account selling services that were hacked.
This is a developing story and will be updated once more information is available.