You data is not safe on centralized exchanges

[_act_]

How do hackers know who to send messages to?

Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

[Maus0728]

Right now, whoever the company who texted me, especially if it is finance related mobile applications, I make sure to ignore or much better delete them.

And now that the Philippines' health insurance corporation has been hacked and become a victim of ransomware, SMS and email of millions of people could have fallen victim to these attackers—a reservoir for bad actors to steal not only money but also PII (Personally Identifiable Information) that they can use to exploit.  

Somewhat similar story: https://www.philstar.com/headlines/2023/10/10/2302640/philhealth-hacked-what-we-know

[Yamane_Keto]

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

This does not have to be the only cases. One of the loopholes that hackers use and that companies use to evade responsibility is sharing data with third parties is sharing data with third parties, whether those parties are legal or for commercial purposes, and therefore there are several copies of your data in several Parties. Some of these parties abide by the laws and maintain the confidentiality of the data and delete it after a while, but there is always a third party that is vulnerable to hackers or to leaking and selling the data. even the current laws that protect customer data will fail with such data sharing.

You should use better email filters, check any link before clicking on it, and make sure it is not a phishing link.

[Ruttoshi]

This is the major problem of using a centralized exchange, because it opens room for scammers to disguise as the exchange to ask customers some personal information that they can use to have access to your funds.

I could remember that this trick is not new here in my country because this is how scammers will send you a text message or call you, that they are from your bank and that you should send them your last four digit number of your ATM card for them to verify your bank account to avoid blockage of ATM card. So many people fell for this trick, especially the ones that were not educated , and they got all the funds in their account wiped out.

This is the same method that these scammers has come with by deceiving people to verify their Binance account through the form so that they can have details which they can use to access your their Binance account.

It is better to stay away from CEX and if you can't, don't believe in whatever message or link that you get from anyone when it comes to your finance.

[Lida93]

How do hackers know who to send messages to?

Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

Centralized exchanges we know are not safe and the bitter truth is that we can't completely avoid them. Although In this scenario Its not just enclosed in how unsafe having our data's on  centralized exchanges or any other kyc required entity, It also has a lot to do with knowledge.  Anyone using binance and is well informed about how binance operates in terms of notifying or reaching out to their customers will  not have problem identifying that binance don't notify their customers on any important issues as such through text messages and will move straightaway to login into their account to check for such notification if it's there or better still contact the customer service.
There are many advance fashions of scammers that is why whatever crypto exchangers we are using we ought to study and research to learn about their operations as having prep knowledge of that can easily save us from falling to a scam coming through that angle.

For the fact that we can't completely guarantee of not using centralized entities which means these are the kind of risks we'll likely be experiencing using them  we also have to equip ourselves in knowledge against these expected scams. For without knowledge it's easy for anyone to fall to their antics.

[michellee]

Hackers will use a lot to trick their targets, which has been proven by several cases we have heard about. The hackers sent random text messages to many people and just waited for someone to fall into their trap. We have to be careful and confirm the information we receive, and the important thing is that we don't panic if we get a message like that.

If we panic, we won't be able to think clearly and will fall into their trap easily because they can also play with their target's psychology. They will very convincingly influence their targets to follow what they want. The hackers already had the target's data but sent the messages randomly.

So the sale of customer data does exist, and hackers can get it easily. We may also have experienced getting an offer from someone we don't know, but he already knows our name and address. That's because the data we provide to banking or insurance agencies share the data with each other.

[Razmirraz]

Insider involvement is very likely in cases of this type of fraud because they only target Binance Hong Kong users, these types of messages are not sent randomly, they already hold user data leaked by insiders. The contents of the message they sent made the victims who were always active on Binance and stored assets there feel afraid, without thinking twice they immediately clicked on the link as directed in the message.
It is very easy for hackers to get user data, they can work with insiders to get user data who store assets on the exchange. Avoid storing assets on the Exchange, there is no guarantee that your assets will be safe there.

[dzungmobile]

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

If the deadline is a few days or weeks, no need to be panic and immediately click on link to verify your identity. If you can not keep your mind fresh and calm, you will be scammed. Like scammers always try to create pressure on you when you are trading with them. Hurry up, release your bitcoins. Else you will be reported as scammer and your account will be banned.

Being in cryptocurrency for a while, this message is red flag of scam.

How do hackers know who to send messages to?

If such things sent to your email, you must check whether your email was pwned.
https://haveibeenpwned.com/

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

If it is from internal staffs, they will be caught by the exchange soon. It's your responsibility to wait for confirmation from the exchange about that message as well as how they handle their internal problems.

[Doan9269]

How do hackers know who to send messages to?

Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

Maybe newbies may be the ones to easily fall a victim of this kind of attack because when something is coming from Binance or any reputable exchage, one should be able to descern if they are actually from a verified source or not through the content on what they are sending, also, for every user of any of centralized exchanges, there's no privacy and security at it's highest order on such user that guaranteed the safety of one's asset, if you're using an exchange then know it that everything you do there is at your own risk, they can experience any challenges that will directly affect you as well being their user, what they give is not wallet but accounts, all user wallet keys are in their possession, remember not your keys not your coins.

[Fiatless]

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

This is an important danger of using centralized platforms that should be considered. Any KYC requirement that requires information like phone numbers, residential addresses, social media handles, and other personal data is highly dangerous. With these data, criminals can physically track their targets with less restrictions. These days many people live their lives on social media. They cheaply give out their locations on the internet which will give these criminals access to them. The recent murder of a well-known rapper in South Africa was facilitated because he gave out his location on social media. Having a special email, phone number or social media media account for registration in these centralized platforms will reduce some of the risk of using them. 

[Antotena]

How do hackers know who to send messages to?

There is only way to not worry about centralized exchanges, data breach, and privacy breaking. The solution is never do KYC or simply avoid centralized exchanges, don't use their service, it will give you rest of mind and happiness. In short, when you see this type of news, you will walk pass like you don't know anything about it because they have nothing on you. Simply see kyc as criminal activity that people indulge in and we know when you don't do crime, you will not have any fear even if they(hackers) try to stop you.

[dzungmobile]

There is only way to not worry about centralized exchanges, data breach, and privacy breaking. The solution is never do KYC or simply avoid centralized exchanges, don't use their service, it will give you rest of mind and happiness. In short, when you see this type of news, you will walk pass like you don't know anything about it because they have nothing on you. Simply see kyc as criminal activity that people indulge in and we know when you don't do crime, you will not have any fear even if they(hackers) try to stop you.

Note that even decentralized exchanges are not actually decentralized and they can collect user data like centralized exchanges too. They only don't require users to do KYC but using decentralized exchanges and some of their services like staking, farming to earn is not safe. Their decentralized exchanges can stop operation anytime and if you lock your coins in their staking pools, you can lose your coins anytime.

Privacy is not completely secured on decentralized exchanges and you have to use them with caution too.

On centralized exchanges, KYC is not only to prevent and control criminal activities, money laundering. KYC serves many purposes for centralized exchanges and governments.

[shield132]

OP, thread's title is very misleading because "You data is not safe on centralized exchanges" has nothing to do with the given case. In article, we read that 11 users become a victim of phishing. It's their responsibility to check the url of where they enter the data. Centralized exchange is not an issue here. Even if these users ha self-custody wallets, they would still lose it because of their inattentivness.

[Obari]

This is the only reason why I don’t trust KYC and I think there should be a serious screening before employing anyone to work in firms that require clients to submit KYC and this is because it is becoming very risky submitting KYC to online platforms and I’m sure to an extent, binance might be losing customers at least in Hong Kong.
Personally I have been a person who doesn’t have any issues with submitting KYC especially if I trust a platform and binance despite being a centralized exchange has been one of my favorite and I trust them but this news is already getting me scared and I hope they strengthen their security.

[Faisal2202]

I am not based in Hong Kong but such attacks should be avoided easily if Binance comes up with something unique for the communication purpose. Which is already there, but those who are new to the crypto field and fall prey to such phishing links might not think of it. Because last time I checked, such phishing attempts also occurred in the Electrum desktop wallet. Where user activates it after many months and on the app he is asked to update the wallet in a built-in app pop-up notification.

Well, those who were active in the market did know that this pop-up notification was a phishing scam but that user was not active in the community and clicked on the link and updated the electrum wallet of those scammers and when entered the seed phrase lost all of his money.

The best way to confirm the signature but if the same system of confirmation of messages, sent by the Binance or any centralized exchange would be provided then it will be easier for the newbies.

By the way thanks for informing me about it.

[jrrsparkles]

Physical attacks are less possible scenarios from the data breach but what they most likely will do is to attack them via phishing links and hopefully, they expect the prey to fall into the trap so it will be easy money for them.

This generation should know the importance of keeping their data to be safe in general not limited to exchanges alone, most data breaches happen on random websites where we used to submit our details for no reason at all and then it can be easily hacked then it will be sold then it can be used for illicit activities. Don't expose your status 24/7 but people are used to social media life and things are out of hand already.

[Woodie]

Things I tell family and friends, if you haven't entered or played any lottery and you receive a message or call saying you have won X amount yet you did not play/buy a lottery ticket then you automatically know it's a scam!!! Same principle can be applied here, you have passed KYC and documents aren't expiring soon why would an exchange request you to go through the process again without any heads up before expiry... sometimes it takes your sixth sense to see through such scams.

By the way ,with below standards of safeguarding user data why do exchanges feel compelled to carry KYC checks on clients when they themselves can't guarantee security??

[CryptSafe]

How do hackers know who to send messages to?

Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

From the onset people have been warned about centralized exchange not to be safe for holding of large amount of funds or assets as the case may be. This information is not hidden anymore that one can not see it or use their common sense to know that centralized exchange is not safe. I believe that "there can never be a smoke without fire" so data leakage can not be a surprise to me because there is definitely an inside work to have aided in the hack to accessing customers information. This is why we are advised to know this "not your keys, not your coin" slogan.

[nakamura12]

How do hackers know who to send messages to?


Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

This is what I can think of why hackers know where to send message. It's either data breach, insider and maybe from phishing although I don't think they will get many data from phishing. This should be the reason why KYC is not good and there could be a consequence that a person may face such like identity theft. It's better if we use decentralized exchanges where as we all know it doesn't require KYC before you can use it or a feature that an exchange have.

[Text]

I don't trust unexpected text messages, especially with links. In any case, I visit the website to confirm if it is legitimate. It seems that hackers are behind this due to a data breach. Our identity is no longer safe in centralized exchanges once they are accessed by criminals. We know that KYC is a regulatory requirement in the financial industry designed to verify the identity of customers to prevent money laundering and fraud. However, when you do comply, your identity becomes vulnerable to risks, and the level of anonymity in transactions decreases. No matter how secure a platform may be, it's pointless if it's not responsible.

KYC is useless because it doesn't actually prevent criminals from using centralized exchanges. Criminals can simply provide fake or stolen personal information during the KYC process. This means that KYC doesn't make centralized exchanges any safer for their customers.