Attention! KYC data sold on the Dark Web! Proofs!

[Polizei]

Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web

On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.

According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.

The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service.

https://www.ccn.com/wp-content/uploads/2019/01/exchanges-kyc-sale.png

A cybersecurity expert who contacted CCN and chose to remain anonymous has detailed that after contacting the individual posing as a buyer, he was able to get three free samples out of him as proof that the leaked documents are legitimate.

As proof, the cybersecurity expert got pictures of individuals holding up a piece of paper with the word “Binance” and the date the picture was taken at. In these pictures, their faces are visible, as well as their identity cards or drivers’ licenses.

CCN had access to these images, which appear to be legitimate. Although the sample was small, the vendor selling the hacked data claims it has documents from people in every country cryptocurrency exchanges serve.

An exchange the security expert allegedly had with Binance via email, which couldn’t be independently verified, seems to show the latter found “some inconsistencies” between the data it was presented with and the “samples provided” – presumably the KYC images.

The exchange’s spokesperson allegedly further noted they have their “theories in regards to how this information may have been obtained,” detailing that no signs of unauthorized access to their system had been found. CCN has reached out to Binance to clarify the situation but hasn’t heard back at the present time.

Binance is notably an exchange praised in the cryptocurrency community for its security practices. Recently, It foiled the plans of the Cryptopia hacker by freezing the stolen cryptocurrency, and last year thwarted a large-scale attack that saw Syscoin (SYS) surge on its platform.

Whether the leaked documents are connected to the recent ‘Collection #1’ 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, isn’t clear.

Original article is here: https://www.ccn.com/hacked-customer-data-from-world-leading-cryptocurrency-exchanges-for-sale-on-the-dark-web

[Anti-Bitcoin]

KYC - is an evil

[Polizei]

Most of popular exchanges - is a scam. All personal data is leaking

[ERC-223]

Do not send a personal data to scammers (Binance, Huobi, etc)

[ERC-223]

Use an exchanges without KYC

Like what, for example?

[icalical]

This is why many people move to decentralize exchange, like IDEX, Etherdelta and so on. However, those exchanges are far behind the Centralized exchanges in term of features, UI/UX, and stability. There also some centralized exchanges that is not require KYC, but most of them don't provide any customer support, so it is more risky to put your money there.
I think the best option is register in a local exchange, that limit their user to certain nationality, so it is not too hard for handling user and the KYC data, so it is not easy to get hacked. 

[gerobakcrypto]

10$ for 100 Document is too cheap for any exchange. If that document from KYC any exchange/market. Why they sell with cheap price? Why that exchange not steal more assets from their member? Why must their document?

[examplens]

KYC it is not good at all in any exchange. Also, the meaning of anonymity is lost with KYC. I think all exchanges need to use external KYC service, then will reduce the risk of a hacker attack and they can bring only to funds safe. Everybody to do their part of the job.

This is why many people move to decentralize exchange, like IDEX, Etherdelta and so on. However, those exchanges are far behind the Centralized exchanges in term of features, UI/UX, and stability. There also some centralized exchanges that is not require KYC, but most of them don't provide any customer support, so it is more risky to put your money there.
I think the best option is register in a local exchange, that limit their user to certain nationality, so it is not too hard for handling user and the KYC data, so it is not easy to get hacked. 

Etherdelta, Forkdelta etc ... it was worst exchanges ever. there are many complaints about them, especially on the security issue.

[korner]

Be aware! KYC is always leaks

[Crypto Girl]

10$ for 100 Document is too cheap for any exchange. If that document from KYC any exchange/market. Why they sell with cheap price? Why that exchange not steal more assets from their member? Why must their document?

That wasn't cheap if you sell all over 700 million email addresses, technically that will be $70 million, is that what you call cheap?
Yet, binance won't take any action to this hence their only serious concern is that no funds were stolen. That's it.

Whether the leaked documents are connected to the recent ‘Collection #1’ 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, isn’t clear.

[milewilda]

10$ for 100 Document is too cheap for any exchange. If that document from KYC any exchange/market. Why they sell with cheap price? Why that exchange not steal more assets from their member? Why must their document?

That wasn't cheap if you sell all over 700 million email addresses, technically that will be $70 million, is that what you call cheap?
Yet, binance won't take any action to this hence their only serious concern is that no funds were stolen. That's it.

Whether the leaked documents are connected to the recent ‘Collection #1’ 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, isn’t clear.

$1 for 1000 and it do have discounts for bulk orders but well we cant really make fix calculations but sure thing that these info's been leaked out and been sell off on dark web which isnt
really a surprising thing thats why even upto these days im still hesitant to leak or give out documentations due to this issue.Info can be used into other illegal means
which will put out your name into problem.

[Netnox]

Horrible... In the past I went through KYC for at least a dozen crypto exchanges and now I am afraid of someone stealing my identity for criminal purposes. I am never again going through this process, but it looks like the damage has been done already.

[sunsilk]

Horrible... In the past I went through KYC for at least a dozen crypto exchanges and now I am afraid of someone stealing my identity for criminal purposes. I am never again going through this process, but it looks like the damage has been done already.

Mostly everybody complied to KYC especially those local exchanges that forced their customers to avail a levelled up service by passing on our IDs.

This is why many doesnt like sending KYCs anymore although there were gimmicks that you might get a free token after passing on the requirement. I'm not sending mine again as well.

[leowonderful]

I typically don't register, use or submit KYC documents for smaller exchanges as I mostly trade on bigger exchanges like Bitstamp, hope these leaked docs aren't from the ones I signed up for. This is also why you shouldn't ever submit KYC for giveaways, even from sites like Blockchain and their Stellar giveaway right now. The potential damages that can be caused from your documents being leaked can be much more than what you gain from submitting documents in the first place.

DEXes currently have very low volume compared to centralized exchanges and many flaws compared to centralized exchanges, but I'm keeping an eye on most of 'em for the future as I'm sure things will improve in the future. I've used several like Forkdelta and the Waves DEX in the past and things weren't the greatest, especially the volume for the pairs offered.

[Crypto Girl]

Mostly everybody complied to KYC especially those local exchanges that forced their customers to avail a levelled up service by passing on our IDs.

That is sort of black mail and we leave no choice than to comply to it or else we can't use their platform and the worst they will hold our funds.

I'm not sending mine again as well.

Let just hope that our documents aren't there. lol!

[sunsilk]

Mostly everybody complied to KYC especially those local exchanges that forced their customers to avail a levelled up service by passing on our IDs.

That is sort of black mail and we leave no choice than to comply to it or else we can't use their platform and the worst they will hold our funds.

If we want to cash out and use their service, because of the convenience they offer, we have to comply but it's our choice if you will look for another exchange that offers same convenience or stay to that exchange that you used to use before. I experienced it before when they have held my funds and they want to me comply, if that is not for my balance, I wouldn't comply.

I'm not sending mine again as well.

Let just hope that our documents aren't there. lol!

Yeah, I hope so too and that would be the last time to comply with KYC.

[stadus]

These data are from crypto exchanges and we trust them with our information.
I think it's riskier in the ICO market as there are projects who requires KYC to participate in the token sale and the bounty campaign.

Let's be careful, our information at risk, could also mean our life are at risk then.

[Yoshinoya]

be more careful in sending KYC forms, monitoring sites and teams within them.
indeed, many who advocate KYC are new exchanges, and one of the conditions is KYC so that we can make transactions safely. actually I agree with this program, but many do not agree, maybe the reason for the security of information about their personal data.

[korner]

Binance - SCAM. These scammers steals money

[Sorbent]

Binance - SCAM. These scammers steals money

Sad, but true