Binance has formally denied that it has lost control of some of its user data as rumors continue to swirl around a possible hack.
Hacker ‘Extorting’ Binance
In a statement issued August 6, the major cryptocurrency exchange said it was investigating the claims, which revolve around a hacker demanding 300 BTC in return for withholding traders’ personal data, including passports.
The threats, which Binance now acknowledge are genuine, came via a Telegram group which has amassed over 10,000 members.
In the statement, Binance explained that the alleged data set showed “inconsistencies” compared to genuine user information, such as a lack of an internal watermark. It thus remains unknown as to whether any of the documents are genuine or related to Binance.
“We are still investigating this case for legitimacy and relevancy. After refusing to cooperate and continuing with his extortion, this individual has begun distributing the data to the public and to media outlets,” the statement warns.
“…At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system. With that said, our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images.”
CZ Reprimands Users Accidentally Aiding Attacker
On social media, CEO Changpeng Zhao (known as ‘CZ’) requested users not share the address of the Telegram group or spread misinformation based on nonofficial sources.
“Don’t fall into the ‘KYC leak’ FUD. We are investigating, will update shortly,” he tweeted earlier Wednesday.
https://twitter.com/cz_binance/status/1159009039105155072
Some sources, including CZ, state that the data involved stems from a previous scare in 2018 which involved both Binance and fellow exchange Kraken and the current hype is merely a regurgitation of old news.
The statement further suggested this was the most likely explanation, noting that at the time, the would-be hacker refused to demonstrate the authenticity of the haul.
“On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time,” it reads.
“Currently, we are investigating with the third-party vendor for more information.”
Binance has remained broadly free of serious security compromises in its brief history. An exception came earlier this year when a hacker managed to steal user funds worth $41 million. Binance subsequently refunded users from its own pocket.
What do you think about the alleged Binance user data? Let us know in the comments below!
Images via Bitcoinist Image Library, Twitter: @cz_binance