Bitcoin Forum

A supposedly hacker stated that he/ has stolen at least a billion of Chinese citizens record. The Shanghai National Police (SHGA) data was leaked with those information like: name, address, birthplace, national ID number, mobile number, all crime/case details.”

https://www.reuters.com/article/china-data-hack-idTRNIKBN2OF0I1

As for the veracity of the news, CZ has this to do say:

https://i.imgur.com/f2WvH5d.png

https://twitter.com/cz_binance/status/1543700689611792386

Just baffling though that the hackers is asking for just 10 BTC? Maybe he thinks that asking for me, the Chinese government or whoever agency is not going to pay him?

And let's say he did received his ransom, how can he hide it?

This is the ultimate problem we face when sending our data online, to anyone (government or private companies).

Those companies might not be willing to sell your data. But they might get hacked and the hacker will sell our data in the deep web...


It is not a ransom.

He is selling the data to third party. The buyer will sell to other companies.
Many companies are interesting in buying this kind of data (name, profession, phone number, email, etc), so they can spam our email/phone advertising their products, and stuff like that.

A small company may be interested in selling a new type of financing for a specific group of people (a specific profession, for example), with high incomes and residents of a specific neighborhood. They can just buy this kind of data from this buyer and spam peoples email, phones, etc.

The fact that someone is asking for a ransom in BTC is the least important in this case - because this is the problem of those who were supposed to protect personal data, and if this is true, they obviously failed.

In addition, although the article claims that it is about the data of Chinese residents, CZ claims that it is about an Asian country, so it is not entirely clear who exactly it is about. Also are the Chinese even allowed to trade on Binance considering CZ claims they are taking measures to protect their customers?

If nothing else, this is good PR for the company, at least judging by the comments I read from delighted users who expressed their satisfaction because they are safe ::)

Only one third party you think? The buyer won't be the only one selling to others, they'll be selling numerous copies I imagine. Much more money in selling to 10 different third parties for 10 BTC, then trying to get 50 BTC from 1, probably a bit easier as well. Then buyers who bought for 10 BTC can try "launder the data" and quickly sell to 50 companies for 1 BTC.

There's so much money in data these days it's insane. If sold, which it probably will be if legit, it'll get repackaged and resold a hundred times over until it becomes public information.

Lol! It seems that the details of Chinese people has no value! Jokes apart, this is some nonsense ongoing and people with multiple apps on their phone, are more prone to such things. Especially beware from some apps that promises you to give you money on ad clicks. Probably that's how the hacker has done it but it's upto the investigation authorities to find it out.

If the hackers receives the ranson, he can simple push the coins through some mixers or from some coinjoin services to hide the trail. It's easy!

did someone say a "hacker"??

https://i.imgur.com/FZUvoBl.jpg

no but seriously, it was ONE person who "accidentally" leaked his police network user/pw, someone saw it, grabbed the database and bailed... no hacking

I suppose CZ's team were able to match some of the database credentials [from the db sample provided by hackerman] to Binance db and after they confirmed binance users they told CZ to tweet something about the data leak (or maybe CZ is just being a good guy, idk)

that's the easiest part of this whole thing for hackerman. There are tons of reliable btc mixers

hackerman ChinaDan actually shared a sample of 750k. You can go that forum and read the OP, all the info is there, even the link to the government agency

These sort of reports or rumours only accentuates a problem which has been existing for quite a long time.

Data is on high demand globally, not just in the darkweb. Businesses, government, brokers, intelligence agencies, politicians etc. Everyone is trying to get their hands on as much data as possible.
Governments, especially dictatorial ones like China holding personal data of citizens does not instill confidence at all, and those data getting leaked to the dark web creates more problems.

No ransom was requested. The hacker is allegedly putting it up for sale in the darkweb.

Some government agencies may have been already accessing them from whatever cloud services.


Exactly. The irony is in the fact that no matter how good we protect our KYC information, that also resides in govt databases. And who is the most careless in handling people's goods, including their data? Yep, the governments.

That makes 1 satoshi per person. Lol.

How convenient for the police to keep records on every citizen in one system.

Imo, The hacker isn't asking for a ransom, but it looks like he wants to get 10 bitcoin by selling that data to whoever will. Cases like this just remind me of the poor choice of users to store their data online regardless of the platform, so it should be a lesson too even though it is a very common topic to discuss.

Hackers might know about mixers, so that's what made him ask for btc as payment, imo. Of course if he was smart enough to hide with her.

As disturbing as it is not to key in your privacy details, some policy formulations have made it so difficult to be so private. Like in my country, there are certain transactions and registrations you can’t go through with less you present some ID. Mostly bank related transactions and enrolling in some government spearheaded parastatals. Eventually, there could be leaks such as in this case and your compromised already.
What is more disturbing about this for those of us that aren’t Asians is the choice of payment being cryptocurrency as this would reflect negatively and the Chinese government is likely to react in ways that would spread FUD coupled with the fact that, we are in a bear market session. What should we be expecting I wonder!

If he is smart about it he can get away with the ransom. He could use sophisticated Bitcoin mixing methods and/or sell his Bitcoin anonymously underground. I'm not sure how efficient are the mixing services. Governments can have access to powerful blockchain analysis tools.

I am deeply concerned about the ability of our governments and publc institutions to keep our data safe, not even talking about individual companies. I think there should be certain policies implemented to enforce companies to respect certain safety standards and constantly invest in upgrading their cybersecurity.

In my own opinion, 10btc is small compared to the number of compromised data. The hacker can use mixing tools around the internet to launder all of that and spread it out to different addresses. I don't know if there's a analytic technology that can counter the mixing tool. There would be a change that the hacker would be caught before the Chinese government pay that hacker. The country where am I living experienced such situation that the registered voters information is leaked, Thankfully the hacker was caught before asking for any ransom or reward, we do have much smaller technology offerings compared to china that's why I think Chinese government will resolve this without paying the demand of the hacker. One awful thing that could possibly happen is if the hacker leaked the database to deepweb, It could greatly affects the victims and the government integrity.

I think it shows that the hacker is not a sophisticated attacker who planned to do this to get rich.  More likely it is someone living in a poor country that saw an opportunity and wants to get 10 BTC, which for them is likely a massive amount of life changing money. 

For me though, the real story here is the danger of KYC and how it can be used to compromise people's lives in ways that will have fallout for years.  At a time when the government is forcing people to KYC in order to spend their BTC on a burrito, this makes a pretty big statement about how they are putting legal users of BTC in jeopardy for their own control issues.  The hacker may only want 10 BTC, but let's be honest.  This data is out there and no amount of money will put the cat back in the bag.  10 BTC is also the tip of the iceberg for how much financial damage will be caused as a result of this thoughtless handling of user data.

No way to trust hackers, they will have a copy always and could sell dark Web. Paying hackers is now useless. Rather Police should fix the security issue of how hackers access the database. It's a shame how data has been stolen from the security department. The sad thing is hackers asking for BTC, haters will create another FUD against Bitcoin. Although 10 Bitcoin isn't a big amount, I don't think the government will agree to pay.

He's not considering whether the Chinese government would be willing to pay him - they'd receive no benefit as he'd still have a copy of their data. They are likely looking for any other country who might want access to this data, if it exists, which might be very beneficial to certain intelligence agencies in piecing together information in future. To the average person or company, this information is mostly worthless anyway because it's very hard to make money out of this enclosed ecosystem. If it's real, this person likely has a target on their back from every Chinese police service and will be highly vulnerable to backlash if they are ever identified in future.

Exactly my thought while reading the op, those who have been FUDing against Bitcoin will definitely use this incident as another thing to base their Fud on, but my joy is that this is not the first, Bitcoin have survived every fud that came its way in the past since its inception, if this turns out to be a source of fud against bitcoin for some persons, Bitcoins will still continue to survive.

And for the hacker, I honestly don't think its a good idea if the government decides to pay the hacker 10 bitcoins, like you said, hackers can not be trusted, there is no guarantee anywhere that the hacker would hand over all the record to the government without keeping a copy, if the government goes ahead to pay for it, I think the government should rather look for a way to catch this hacker than succumbing to his or her demands.

Funny is that a guy that implicetely helps those events comes out to tell the world that 1B chinese information might be leaked in the dark web. This is just another example of how important is the custody of your assets, their being Bitcoin, personal information, gold or any other. It is a fact that with custody comes responsability that many of us are not willing to cary. Commodity feels better. It's easier to let others to take on the opsec for our assests/goods!

For sure it would really be pertaining into its government which do really ask out 10 BTC in exchange with those leaked information.
Currently 10 BTC = $204,400  which i could say that not really that big i must say. Its not surprising about exploits and loopholes made
out by these hackers as long they could able to have those ransom or make money.

How they would received it out? Via their own wallet.. How he would hide it? We know that mixing and transferring funds
is something that could be done if you do really tend to lose your tracks.

Perhaps the fact the hacker is asking for such relatively low price has to do with the fact that most of the data involves normal citizens and even though it is highly sensitive information, it has no inmediate effective use for rival intelligence agencies, but I dont know I am just a normal with no ties to agencies so I could be completely wrong.

Or maybe the hacker only wants to get a buyer as quick as possible before disappearing?

Also, it is interesting he/she  did not ask a coin like Monero as payment, keeping in mind she/he will likely be hunted down by Chinese authorities, one could have guessed opacity would have been a priority. This must be a Bitcoin maximalist hacker.  ;)

Perhaps there's too much data the hackers don't know how to actually analyse it themselves.

Since it contains so many records it might not split up convictions and accusations too or have other reasons it's not worth much to them (either that or it's a test to see if they can get them to payout something).

It wont change the effect if they really pay the hacker, its a digital copy of the personal information. They will only lost twice the cost if they pay.

What they only need is to enhance their security and practice to avoid something related to inside job. And relay things to others institution to get trace the hacker.

True, but I don't think hackers will analyze that much, perhaps they will look for 'specifics', but that's it. They really have to dump it right away and ask for random money.

I agree that 10 BTC ≠ 1 Billion records, maybe it was a mistake on his side, should be like more than that. Or yeah, testing the waters so to speak if the Chinese government are going to entertain black mailers and cyber criminals. But there could investigations already and they are locating this cyber criminals and who knows what they are going to do with them if caught.

Imagine stealing the data of 1 billion Chinese citizens just to request 10 BTC @ current market price which is just $200,000.  ::)

The fact they were able to do that before anyone else makes it highly paid and I think they should get almost 1 Million however who am I to tell a government what to do.

Oh! And thanks for being bearish on BTC, Mr. China.

Wow, you'll probably have an entity of governments portraying themselves as one individual or group to buy and get their hands on this data.  With this approach if the records aren't all what they are cracked up to be, then cost is spread out and individual price points are significantly lowered. 

He'll get arrested by Chinese police long before he sees a sat from this.

He knows that BTC is banned in China, I'm not sure who in the country would want (or can) pay him.

Not sure though why a government will want to have this data, what purpose it will serve them? Just a waster of taxpayers money if any of them go with it.

And with that CZ tweet though, makes this hack more pronounce.

But I will agree that asking for a penny change with this huge amount of data in your hand, something is not really right with this hackers.

Who said personal information obtained from organizations is unimportant? Some months ago, I was so focused on Beginner Board telling them how to prevent everything related to their internet privacy been broken, but many people were interested in my advice. I'm wondering how privates agency will handle stolen people's documents if these ones come from the government.
The hacker will undoubtedly profit from this, I'm confident of it because people on the dark web will be eager to buy it and use it for fraudulent purposes in order to make more money, and also as China been one of the world's most powerful countries, other countries may even disguise themselves in order to obtain information about high-profile people.

Yeah, for sure the Chinese police are on the manhunt for this guy and maybe just a matter of time. The question is if they are late, maybe it was already in the dark web and some entities are willing to pay him with 10 BTC, so it's a bargain that anyone is willing to pay. And this could be the reason why this asking price is not that big, not even million of dollars are the current rate. So that he can get rid of the data and will not touch the ransom money for a long time and wait till we are in a bullish season again and obviously, that amount will grow as far as fiat value goes.

According to  this CNN article (https://edition.cnn.com/2022/07/05/china/china-billion-people-data-leak-intl-hnk/index.html), the data seems to be real as per analysis of a small subset of the sample of 750K records that was made available by the seller.

The important detail that the article points out is that the data from the full set has been around hacker forums for … over a year …, having now made it its way to the media and the general public.

The person attempting to make the sell for 10 BTCs is likely an opportunist trying to get something out of it, and not the initial person to start shifting the data around over a year ago.

Nothing strange in the largest communist country in the world that wants to control every individual to the extent that it has already surpassed those from whom they once learned. The system called "one person, one file" (https://www.reuters.com/world/china/china-uses-ai-software-improve-its-surveillance-capabilities-2022-04-08/) has been in force for at least 6 years and is one of the largest mass surveillance projects in the world. The problem is, of course, that such data can leak out at any time - but such a bulky system can never be 100% perfect.

Maybe the hackers are small group that's why they settle to ask 10 BTC only, also maybe they didn't think that the government will take this as huge threat that's why they lower down the bribe so that they can be paid easily by them.

Curious to know if Chinese hacker can do something towards this data leaking.

Imagine getting away with selling it 10-20 times to different buyers without them being aware  ;)

Thinking they'd only sell one copy to one buyer is very naive imo, and not how darkweb works...


They probably knows that stealing mass amounts of data from China is also illegal, but that didn't seem a concern.

Why would someone in the country need to buy it? They are selling it internationally surely...

I saw this news first on CZ and then with the group that I'm following, they've confirmed that it's actually on the market place and data that were stolen are for sale.

Now, most people now that are concerned about their data wouldn't be willing and will have that worry to send their data to any party and even the government since they can't protect their data.

AFAIK, this happened due to one personnel's error of accidently posting it on his blog.

Tracking down that hacker requires a better hacker lol.
And no the government would not pay them with the amount being demanded. The hacker is gonna sell it to whoever is interested in it, maybe a company who loves to have an information from every single citizen from a specific country. That's also the reason why he publicised the threat.

Ever wonder why some people got random calls and emails from a company offering you promos and stuff like that but will eventually scam you. They are the target market for the hacker where they can sell these infos.

They likely sought for something which can be used for relatively quick profit, like bank accounts private addresses of elite chinese citizens, if they could not find any of that then it is time for them to seek someone to pay for the huge amount of information itself.

If caught, I would not be surprised if they are punished with death, Chinese government has proven itselt to be quite efficient when comes to execute criminals of high enough caliber, keeping in mind this case damages the image of the Chinese digital system, death would be proper, at least in the eyes of the Chinese Communist Party, I assume.

Probably, but I think that the hacker probably want the data to sell it in dark web if in-case he wouldn't receive what he's asking and he's not interesting in analyzing it for other purposes, it was stated that he was just asking 10 bitcoin so it really seems that he just want the bitcoin and not the sensitive information of the Chinese citizens that he have.

The government is not responding to this claim. Do you think they will do something about this?

It's the Chinese government, authoritarian, so they might be doing something in 'secretive'.

And probably it's a race against time, as others have speculated that other entities could be interested on the huge data. So we don't know, maybe someone have bought it already from the hackers, or the Chinese has arrested the hackers. And I guess we will not know the truth after this report surfaces.

It looks a complete banquet for telemarketing sector of companies which have the masses as their target public. I don't know how is the approach of these services in China, but if it were in my country, my phone would be already ringing, receiving calls and messages all day long from those companies offering services and also from unknown senders trying to scam money.

Our informations aren't safe anywhere at this point, doesn't matter if under private or public vigilance. There are people profiting and making a living selling data from others to different buyers over internet and all you can do is to filter what kind of content you take in consideration on your phone register and email.

From my viewpoint, it smells fishy that with such an enormous amount of personal data for 1bil Chinese citizens, he only asks for 10 BTC.
Even giving out 750k data for verifying its legitimacy, I doubt anyone can make a cross-reference and verifying it except China govt. So again, 10 BTC for 1bil Chinese citizens data? If it was real then the 10 BTC price tag is just for show.

This is quite worrisome that data was hacked from the security data base. It isn't alright that the security that ought to protect such information with utmost care could encounter such incidence. It's unfortunate this happened but paying such ransome wouldn't help in any way because the hacker(s) are already in possession of the data and the would still trade it as long as they have it still with them.
Come to talk of it, after thrse series of data hack and data leaks can these kyc firms be trusted anymore to properly secure the information of their clients. This goes to show that personal information supplied during kyc verifications are no more safe.

I think you forgot that he can resell the same data countless times. It is not blackmail, but a simple sale of illegally collected information on the black market. If he only has ten customers, that's already 100 Bitcoin!

Indeed. It's a bigger prize than it appears, and probably could even sell in in chunks of data, be surprised how many buyers they can be, even put up a shop for individuals. Was big in the 90s, bigger in the 00s, and this is Chinese data now.

What's interesting later for me is who'll be the dogs set on the buyers later on. Bitcoin does leave the hacker(s) vulnerable to forensics. We'll never know, of course.

I would not be surprised if the Chinese government could buy the information to see how much out of it actually is up to date and also as a way to try to track those coins and get the hacker, also I think the hacker is being very smart by giving it such a low price as he can resell that information over and over again not only to private business but even to foreign governments that are against China, after all if you were one of the top agents on a secret agency would you not be interested in obtaining all of that information?

I agree with this, I mean if we are selling 1 billion Chinese data for the very first time, you could even contact FBI or CIA or something and ask for a lot more, you could get rich. But if you already sold it like 100 times, then you could not ask that much, you just gotta drop the price a ton.

It is still 1 billion Chinese, so it is not going to be free or 100 bucks, but believe me as long as this exists eventually it will become free as well, you will see it shared everywhere eventually. My nation had a similar situation and now you can get it for free after 5 years. If this is real, the first one was probably expensive, now 10 btc, later it will be 1, and eventually free.