[2019-08-07] Binance Has Denied Information About Users Data Leak

[Vialaia]

A new post has appeared on the Internet about the hacking of the Binance cryptocurrency exchange. According to it, scammers stole the data of users of the trading platform and posted photos of documents on the Telegram group.
Binance CEO Changpeng Zhao reacted to the report of a hacker attack and promised to investigate the situation. At 12:15 UTC, he posted on Twitter an information which stated that the information about the hacking of the exchange is not true. He posted a link to similar news that appeared on the network on August 24, 2018. Then an unknown hacker claimed that he was able to get user data. He uploaded scans of documents as a confirmation. However, this information was subsequently refuted by the Binance staff.

Read more https://en.bit.news/binance-denied-information-users-data-leak/

[1715024206]

1715024206

[1715024206]

1715024206

[1715024206]

1715024206

[1715024206]

1715024206

[mich]

Seems real to me   



https://www.coindesk.com/binance-kyc-issue?utm_source=twitter&utm_medium=coindesk&utm_term=&utm_content=&utm_campaign=Organic%20

Binance, the world’s largest cryptocurrency exchange by trading volume, said it’s investigating the alleged leak of its customers’ verification information. The leak could affect up to 60,000 individual users who sent KYC information to the company in 2018 and 2019.

This leak is said to be directly related to a hack that nabbed 7,000 bitcoin last May.

On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/19,” alleging that the data presented was hacked from the exchange. The hacker supplied CoinDesk with hundreds of photographs and we have identified a number of users who recognize the photos of their faces and personal IDs that they sent into Binance for know-your-customer purposes.

[roosbit]

This is the very reason why people try to avoid KYC because we all know that data storage is never 100% secure no matter what they tell us!

And seeing more decentralized exchanges like idex becoming some sort of centralized exchange all requiring KYC we shall soon have no exchange to go to.

[carlfebz2]

Seems real to me   

Same here but Binance is trying to deny it up to death. hehe. If users do able to recognized those images where sent on KYC proceedings then theres no doubt that this leakage is legit.So whats next with Binance? known to be a secure exchange and a top tier one.

[squatter]

On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/19,” alleging that the data presented was hacked from the exchange.

So much for Binance's initial statement that "they all appear to be dated from February of 2018."

There are some irregularities that suggest something more complex is going on than a simple hack of Binance's database, though:

A third user we contacted could have been a victim of identity theft. The photograph we analyzed contained a face similar to the victims but incorrect address information.

An error-level analysis of the photo suggests that the some of the image had been modified, especially the brighter edges in the photo above. “Similar edges should have similar brightness in the ELA result,” wrote the photo forensics site FotoForensics. “All high-contrast edges should look similar to each other, and all low-contrast edges should look similar. With an original photo, low-contrast edges should be almost as bright as high-contrast edge.”

And Binance continues to say that the images aren't watermarked, therefore not taken from their database.

It looks like there may have been a leak of KYC data from a third party vendor they used in February 2018. That data may be mixed in with a larger set of data taken from other sources and modified.

[BitHodler]

CZ on Twitter already said that it was old news with a different spin. It definitely doesn't make it less bad, but people shouldn't jump to conclusions just because news outlets are spreading these articles.

If you sign up to an unregulated exchange, this is something that can happen. You don't know their security procedures when it comes to the KYC information people sent them, and you don't know if they outsource KYC verification.

I however don't think people care enough with how their greed is blinding them. They'll care one or two days and then move on to what they have been doing before, which is trading shitcoins and invest in IEOs.

[Harlot]

They have the power to do so since they don't have any evidence against them, not until their own users comes forward and they know themselves that their public information are being used by other people then we don't really have any proof that a data leak happened. They can say a lot of excuses that the leak documents was not even from Binance or they don't even have that users in them. As far as they are concerned they are just only victims of black propaganda trying to damage the reputation of their business.

[o_e_l_e_o]

On Wednesday, a Telegram group created by an admin under the pseudonym “Guardian M” distributed hundreds of images of individuals holding their IDs and pieces of paper written with “Binance, 02/24/19,” alleging that the data presented was hacked from the exchange.

So much for Binance's initial statement that "they all appear to be dated from February of 2018."

I'm obviously not going to link to them, but you can view the pictures online. All the ones I've seen are dated 24th February 2018. All the other articles I have read also say 2018. I suspect this is just poor reporting by coindesk.

There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

I'm a strong advocate of never doing KYC for anything crypto related, and this is why.

[joniboini]

There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

The phishing idea afaik comes from Binance too. Basically, they're saying they don't know where do those photos comes from and said that there's no Binance digital fingerprint on all of them. Which is why, it seems likely that those photos were either submitted to fake Binance sites, fake email, or it was a leak from 3rd party provider that they hired at some point in 2018.

So yeah, pics are real probably, but where it comes from remains unclear. Of course, we won't know whether Binance is saying the truth or just saving themselves.

[buwaytress]

There are also a couple of articles which say that all these photos are from Binance phishing sites. It seems a number of Binance users were previously emailed to say their account was locked, and they were required to upload KYC documents to unlock it, along with a link in the email to a phishing site. Binance's statement on the matter is far from reassuring though. It sounds like they have no idea whether or not they were hacked, or how it might have happened.

The phishing idea afaik comes from Binance too. Basically, they're saying they don't know where do those photos comes from and said that there's no Binance digital fingerprint on all of them. Which is why, it seems likely that those photos were either submitted to fake Binance sites, fake email, or it was a leak from 3rd party provider that they hired at some point in 2018.

So yeah, pics are real probably, but where it comes from remains unclear. Of course, we won't know whether Binance is saying the truth or just saving themselves.

What else would we expect them to do or say? Denial is not illegal, as long as you keep from saying false statements (and technicalities are always going to get people into loopholes easily).

They are a business, no matter what anyone says, so their sole purpose is profit and preservation of their business.

What this does show already is they did not reveal everything about the earlier hack and there is likely much more they are not letting on. We shouldn't be surprised though. And i think there's so much naivety when people get shocked by these guys.

[Kemarit]

There was a different twist on the story now.

An Extortion Gone Bad: Inside Binance’s Negotiations With Its ‘KYC Hacker’

In what appears to be an elaborate game of hackers hacking hackers, an individual operating under the pseudonym “Bnatov Platon” has provided CoinDesk with extensive information about their attempts to obtain millions of dollars in exchange for declining to release information about customers of one of the world’s largest cryptocurrency exchanges, Binance.

Information about the hack, gathered over a month-long interaction with the hacker, was pushed into the public eye today when Platon began posting what he alleged were images and information about real Binance customers, first on an open website and then on Telegram.

The idea customer information might not be safe on the world’s largest exchange was enough to immediately spark the attention of the industry, with major news websites and Twitter influencers swiftly broadcasting the news.

Yet, the full story was – and remains – more complicated than it first appeared.

So the hackers hacked those who hacked the Binance platform. And when the extortion fails, he just decided to released all the information, LOL.

So there's a lot of mysteries that we are not aware of. Lessons learned: There are no safe exchanges, everyone is hackable specially when there is a connivance from someone inside.

[kryptqnick]

Binance involvement in this has already been proven? No, so we will not make premature conclusions

Binance might not be involved, it is true. In fact, it probably is not involved. At least, Binance claims they have digital watermarks by which they can identify whether the data was taken from them and that the leaked photos do not have it. They are also saying that they used to work with an intermediary in February, so it could be some issues resulting from there. However, I think that Binance is responsible nevertheless because people never gave their data to some random employees or companies. They trusted Binance, and the exchange was not able to secure information that can do a lot of harm.

[Schirer]

First thought it is real, then denied y Binance - so fake, now i see the information about the ids in telegram group- seems that the truth is that it is real and Binance is denying it.

I wonder- what could be the possible fine by GDPR of losing custoers data, or it does not work with theft ?

[o_e_l_e_o]

I wonder- what could be the possible fine by GDPR of losing custoers data, or it does not work with theft ?

Theres certainly a precedent for it, and a very recent one at that.

Just last month, Marriott International (the hotel chain) were handed a fine of over $120 million after hackers stole the personal details of several million customers. A few days before that, British Airways were fined over $220 million after a similar hack and security breach.

The GDPR allows a maximum fine of up to €20 million or 4% of annual turnover. The hacks above involved hundreds of thousands individuals, though. If Binance were fined, i would suspect it would be a much lower sum.

[erikalui]

If the telegram group actually had pictures of users then the data is leaked and 2 users confirmed it so definitely it looks like some insider's job. Now they are negotiating deals with the hacker. Ridiculous!

“We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy.”

https://www.coindesk.com/a-bitcoin-extortion-gone-wrong-inside-binances-negotiations-with-its-kyc-hacker

Earlier money hacked and now data. Wonder how can we believe Binance now as nothing they say actually shows they can be trusted.

The hackers of the 4000+ are now using chipmixer to mix the coins.

[LeGaulois]

Binance denies information data leak but why didn't they talk immediately about these discussions with the hacker?
Immediately ... in July, when it started...

...

It depends on the laws of each country. The states had until last year to notify the Commission. In mine, the fine is up to 300 000€. Peanuts for a medium or large company

The problem is that there are 4 levels of sanctions and in general when it is the 1st or 2nd, companies do not have much.
In addition, what may be difficult is to prove that the company has failed to meet its obligations. A company can very well get hacked even if it does everything it can to protect its data.

[erikalui]

^And who gets the money when they pay the fine? The victims or the Government?

It's a law of EU and some other countries where hefty fines are applicable but not common in other countries. Binance is headquartered in Malta in this case.

[bryant.coleman]

Binance have been going through all sorts of trouble, and personally I would advise everyone not to store any of their crypto or fiat in that exchange. First, it was the news of their hot wallets getting hacked and coins worth BTC7,000 getting stolen. At first, Binance team denied that they were hacked, but had to admit when the users posted evidence. Then after a few months, they had issues with IRS regarding the KYC process. That issue was resolved after Binance promised to keep the US users away from its main platform.

As far as I know, Binance is still denying that any of the data regarding to its users got stolen. But looking at their reaction after the hack earlier this year, I would be more skeptical. Coindesk is reporting that the hacker (known as "Bnatov Platon") is holding KYC information of more than 60,000 users and he had demanded BTC300 from Binance to withhold them. The talks between the hacker and Binance has broken down without a deal and interestingly Platon accuses one of the Binance staff of involvement in the earlier hack (in which BTC7,000 was stolen).

[Schirer]

^And who gets the money when they pay the fine? The victims or the Government?

It's a law of EU and some other countries where hefty fines are applicable but not common in other countries. Binance is headquartered in Malta in this case.

This is an interesting question. GDPR protects citizens and every one who has suffered from them can claim compensations:

Under Article 82 of the GDPR, any person who has suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the data controller or processor for the damage suffered. The individual is entitled to bring a compensation claim in the courts

If we suppose that no one claims them  but data is leaked, who will start the process and who will get the reward?
As far as i have red, GDPR claims are responsibility of each individual and has to e claimed within the country of resident.
So I suppose someone has to start the ball rolling and it will get very very expensive for Binance, this means that they would prefer to pay the hackers .

[rodel caling]

It's obvious binance denied that issues to protect and avood scandals and panic for the users. Binance need that because to stay people trust for the security system of the binance exchange is strong the investment of the user is protected.