On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.
According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.
The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service.
A cybersecurity expert who contacted CCN and chose to remain anonymous has detailed that after contacting the individual posing as a buyer, he was able to get three free samples out of him as proof that the leaked documents are legitimate.
As proof, the cybersecurity expert got pictures of individuals holding up a piece of paper with the word “Binance” and the date the picture was taken at. In these pictures, their faces are visible, as well as their identity cards or drivers’ licenses.
CCN had access to these images, which appear to be legitimate. Although the sample was small, the vendor selling the hacked data claims it has documents from people in every country cryptocurrency exchanges serve.
An exchange the security expert allegedly had with Binance via email, which couldn’t be independently verified, seems to show the latter found “some inconsistencies” between the data it was presented with and the “samples provided” – presumably the KYC images.
The exchange’s spokesperson allegedly further noted they have their “theories in regards to how this information may have been obtained,” detailing that no signs of unauthorized access to their system had been found. CCN has reached out to Binance to clarify the situation but hasn’t heard back at the present time.
Binance is notably an exchange praised in the cryptocurrency community for its security practices. Recently, It foiled the plans of the Cryptopia hacker by freezing the stolen cryptocurrency, and last year thwarted a large-scale attack that saw Syscoin (SYS) surge on its platform.
Whether the leaked documents are connected to the recent ‘Collection #1’ 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, isn’t clear.