A malicious hacker claims to have released Binance exchange customer data and that there’s more to come unless millions of dollars in bitcoin (BTC) is handed over.
Binance has issued a statement denying that it has suffered a data breach.
Know Your Customer (KYC) data from crypto exchange is purported to have appeared on the dark web in the past. The extortionist is demanding Binance pays 300 BTC or 10,000 photos will be released.
Binance says the individual has “begun distributing the data to the public”.
Binance denies security leak
So far the exchange is denying the data has come from inside its business. Binance’s blog post communication, confusing dated 6 August at the top of the post and 7 August in the footer, is titled: Statement on False “KYC Leak”.
The exchange says that it is the “same data set” already partly in circulation and previously reported by crypto news outlets such as CCN and Decrypt.
Data released in the previous dump was said to be Kraken and Binance KYC verification photos
Both exchanges denied that data was theirs. In the case of Binance it says all images that have been through its KYC are watermarked. It said that none of the sample images from the previous data dump had the watermark.
In today’s statement Binance says there are “inconsistencies” between its data and that seen in samples from the latest dump, with no Binance digital watermark evident in the photos.
“At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system,” reads the announcement.
Binance has put up a reward of 25 BTC for information leading to the individual’s identification.
Binance says from its initial view of the images, they are from February 2018. a time when it was employing a third party to cope with new customer onboarding load.
The hacker, according to Binance, has refused to “supply irrefutable evidence of their findings” and claims to have data from other exchanges.
Changpeng Zhao, Binance chief executive tweeted:
The exchange tweeted a link to its blog post on the “false” KYC leak at 8:52 UK time:
He has urged people not to share the link to the Telegram group: