At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system. With that said, our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images.The cryptocurrency exchange does, however, note that the images made public "all appear to be dated from February 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time." The implication is clear: if these indeed are, as appears to be the case, the images of Binance users, then it may be that the unnamed third-part vendor suffered a security breach. Binance says it has sought more information from the vendor as to whether that theory might be accurate. To perhaps underline the point that any hack may not have been specifically against Binance but instead against third-parties providing services, the cryptocurrency pointed out that the hacker "claims he has KYC information from multiple exchanges." According to Binance, after they turned down the extortionist's demands, some of the "stolen data" was distributed to interested parties in the media as well as the rest of the world via a public website and Telegram group. The chief executive of Binance, Zhao Changpeng (also known as "CZ"), turned to Twitter to discourage anyone from joining the Telegram group being used to distribute the photos:
By joining or spreading the link of the Telegram group, you are helping malicious hackers (at least giving attention). What we should do as an industry is to fight them. Stay on the positive side. Report the group, then leave.It certainly hasn't been a great year security-wise for Binance. In May, it revealed that it had suffered a security breach that saw hackers steal more than $40 million worth of Bitcoin. And it's not even the first time that Binance has offered a substantial reward for information that leads to the arrest of hackers. Last year, the cryptocurrency exchanges offered a reward equivalent to $250,000 as it sought to identify criminals who attempted to steal from the site after grabbing trading API keys from unsuspecting investors they had previously phished. Binance says it has been in contact with law enforcement agencies about the latest incident and that it will assist the authorities with any investigation.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.