In the last few hours, there have been many rumors about X, in which a possible leakage of Binance customers’ KYC data is reported, following a breach that occurred on Github a few days ago.
The result is that some user data from the exchange such as name, nationality, and phone number appear to be for sale on the dark web.
If confirmed by Binance itself, this news would be a hard blow for the crypto exchange platform, which has always based its roots on the concept of security.
At first glance, the exchange denied any involvement of its customers’ KYC data.
Let’s see all the details below.
Customer KYC Data Breach: Information Leak for Sale on the Dark Web
The latest news reported by the crypto community about X would be a hand grenade for Binance and its reputation: apparently there has been a leakage of KYC data from the exchange’s customers with information for sale on the dark web.
More precisely, the data that has been compressed includes information about the name, nationality, and phone number of some users who have completed the Know Your Customer (KYC) procedure on the platform.
As visible from the following photo reported by testimonies on X, an account from the dark web known as “Jinx88” is allegedly selling user data from around the world, most of whom are English-speaking individuals and part of Tier1.
The authenticity of the data, according to the criminal seller on the dark web, could be confirmed by trying to access the Binance account with the phone number or simply by calling the victim.
The users’ funds seem to be safe and the leakage of KYC data has not compromised access to the various Binance profiles, but only revealed information that should be kept confidential to the exchange and not publicly disclosed.
Binance Customer Support has denied the existence of any data breach, confirming that user funds are safe.
Since there are no official confirmations of what happened, it is possible to hypothesize that the deep web data seller was lying and that it is all just a orchestrated move to produce FUD within the cryptocurrency market.
According to the world’s leading crypto exchange platform, customer accounts are protected from various potential risks, incorporating security measures on multiple layers, including Multi-Factor Authentication (MFA), biometric data, and authenticators.
Even if the news were to prove unfounded, this incident reminds us that by carrying out a KYC registration procedure, we are potentially exposing our data to centralized entities, which in bad faith or good faith could disclose them to third-party companies without our consent.
There are several NO-KYC solutions, such as Relai, that allow you to buy BTC without having to provide any personal data and without risking being financially persecuted by the supervisory authorities of your country of residence.
Internal data from Binance leaked on Github, but the exchange reassures its customers
The leakage of Binance customer KYC data and the alleged sale of this information on the dark web could be linked to a breach that occurred on Github.
In particular, according to the online newspaper 404 Media, a collection of sensitive material belonging to the exchange such as internal code and passwords has been published within the hosting service by an account called “Termf”.
The material, which included infrastructure diagrams, internal passwords, and other technical information, was available for months before the crypto community noticed.
Other data concerned passwords for systems marked with “prod”, which were probably used as part of the site’s code.
These confidential information were removed last week after Binance requested their removal for copyright infringement, confirming that the data contained code belonging to the exchange.
In the copyright removal request, Binance argued that the violation of the internal code: “presents a significant risk to Binance and causes serious financial damage to Binance and confusion/harm to users.”
According to 404 Media’s estimates, the data was present and publicly available on Github at least since January 5th.
This “old” violation may have created the conditions for the leakage of customers’ KYC data, which were recently sold on the dark web.
A spokesperson from Binance, after this incident, reassured their community by explaining during an interview with Decrypto that the information was outdated and did not resemble what is currently in production on the exchange.
The risk of hack of funds on the platform resulting from this breach is therefore absolutely negligible, as stated by Binance spokesperson, the published information was “so outdated that it would have been unusable by third parties or malicious individuals”
Binance has nevertheless acted promptly to prevent the spread of FUD among users, which would cause unnecessary confusion and unjustified fears about the publication of private data
We remain waiting to find out how the situation will evolve and what additional measures Binance will take to protect its infrastructure and reputation after the alleged data breach.
For now, checking on the on-chain analysis platform Nansen, we can confirm that the funds on the platform are safe, and that the 74.2 billion dollars held by the exchange have not been touched by unauthorized hands.
Source: https://en.cryptonomist.ch/2024/02/06/kyc-data-of-binance-customers-for-sale-on-the-dark-web-panic-among-users/