Leading cryptocurrency exchange Binance released a statement informing users it was “threatened and harassed” by an individual demanding 300 BTC from them.
The individual, Binance’s statement reads, demanded the cryptocurrency from them to withhold 10,00 photos that “bear similarity to Binance KYC [Know-Your-Customer] data.” The exchange clarified it’s still investigating the case “for legitimacy and relevancy.”
Per the exchange, after it refused to cooperate with the extortion attempt, the individual started distributing the data to the public and to media outlets. Its statement adds:
First and foremost, there are inconsistencies when comparing this data to the data in our system. At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system.
Binance added its security team is nevertheless looking into all potential leads to try and identify the source of the images. Its initial assessment revealed the images appear to be from February of 2018, a time in which Binance “contracted a third-party KYC vendor for KYC verification in order to handle the high volume of requests at that time.”
The statement adds Binance believes the leak is related to a previous one, in which an anonymous cybersecurity researcher revealed leaked KYC documents were for sale on the dark web.
The exchange claims the individual, at the time, went to the press under “false pretenses, posing as a white hat with good intentions.” The relevant law enforcement agencies, it adds, have been contacted to pursue the hacker and investigate the situation.
What @binance said when we first reported the kyc leak:— Francisco Memoria (@FranciscoMemor) August 7, 2019
"To elaborate, in regards to the image data we collect from our customers during the KYC process, every image that the Binance system processes for KYC purposes is embedded with a hidden Digital Watermark."
Binance added that those able to provide any information to help identify the individual and pursue legal action will be offered a reward up to 25 BTC, depending on the relevance of the data given. The user, as covered, is leaking KYC documents and selfies on a Telegram group that now has over 10,000 users.
CryptoGlobe reached out to the individual posting the images on Telegram. After we requested a statement from them, we received a blank “no time.” The individual then stopped replying.