On Wednesday (August 7), Riccardo Spagni (aka “fluffypony”), the lead maintainer of the Monero (XMR) project and a member of the Monero Core Team, warned people about a Telegram group that contains allegedly leaked KYC images (i.e. images of government-issued IDs) that it says came from Binance.
It all started around 05:50 UTC on Wednesday when Binance CEO Changpeng Zhano (aka “CZ”) sent out the following:
Don't fall into the “KYC leak” FUD. We are investigating, will update shortly.
— CZ Binance (@cz_binance) August 7, 2019
What CZ was referring was a rumor floating around that time about Binance’s database of Know Your Customer (KYC) images (photos of people holding their government-issued IDs) getting hacked and the images stolen from there residing on a Telegram group, which the group’s creator was inviting Binance users to so that they could find out if their KYC image had been stolen.
Around 25 minutes later, CZ tweeted that this “news” was really “old news” that had first surfaced in January 2019:
We saw the same. Old news. But still dealing with it.
— CZ Binance (@cz_binance) August 7, 2019
Then, at around 07:51 UTC, Binance issued an official statement about the fake “KYC Leak”:
Statement on False “KYC Leak”https://t.co/fJ00W564KC pic.twitter.com/40eI7Eovyd
— Binance (@binance) August 7, 2019
This notice contained several important comments:
We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy. After refusing to cooperate and continuing with this extortion, this individual has begun distributing the data to the public and to media outlets.
At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system.
On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. Currently, we are investigating with the third-party vendor for more information.
Approximately 20 minutes later, CZ said that it was a bad idea to join the unnamed Telegram group or to give out a link to it since this would only help the “malicious hackers” by giving them the attention they crave:
I would like to add, by joining or spreading the link of the telegram group, you are helping malicious hackers (at least giving attention). What we should do as an industry is to fight them. Stay on the positive side. Report the group, then leave. 🙏🙏🙏 https://t.co/Cvxks2S69i
— CZ Binance (@cz_binance) August 7, 2019
Around 40 minutes before Binance issued its official statement, Dovey Wan, a Founding Partner at blockchain-focused venture investment firm Primitive Ventures, said that she had heard from a few of her friends that they had received phishing calls shortly after joining the infamous Telegram goup:
Updated:
A few friends said receiving calls after they joined the telegram group, and there are systematic phishing call to Binance customers started a few days ago it seems like.
But my understanding is Binance will never call you … https://t.co/mVATBmwSZn
— Dovey Wan 🗝 🦖 (@DoveyWan) August 7, 2019
This prompted Spagni to warn people that it looked like the Telegram group in question might be trying to get people to join so that they could Binance users for the purpose of scamming them later:
FYI I wouldn’t advertise the Telegram group, it’s most likely just an attempt at identifying Binance users on Telegram for phishing.https://t.co/Z9pS9eSPcz
— Riccardo Spagni (@fluffypony) August 7, 2019
