The Binance KYC Data Breach: The Hacker Confirms the Attack

TL;DR

• Recent reports — claiming that the hack of Binance and three other large crypto exchanges were false — appear to be wrong, according to the hacker themselves.
• In response to the accusations of not having data or simply obtaining it by phishing, the hacker ExploitDOT provided further proof to support their claim.
• The hacker also accused the media of trying to cover up the truth through false reports.

In the last several days, reports of a potential hack of 4 major crypto exchanges — Binance, Bitfinex, Poloniex, and Bittrex — started appearing and claiming that a hacker known only as ExploitDOT managed to steal their KYC information. This is the information that cryptocurrency traders need to provide to their chosen exchange to get their accounts verified and start trading.

The data is mostly considered to be sensitive and personal, providing details such as the user’s name, their photo, and an image of an official document such as an ID card, driving license, or a passport.

The original notification of the attack was allegedly posted six months ago by the hacker themselves, who chose to announce it on a darknet website called Dread. Since then, the post has received little to no attention, until an unnamed cybersecurity researcher got in contact with the hacker, demanding proof of the exploit.

According to them, the attacker provided three samples, all of which were later delivered to the CNN by the security researcher. While the samples seem genuine, many news outlets were denying their legitimacy and claiming that the data breach may be false, with Binance itself denying that it suffered a data breach.

New reports show that the hacker responded to these allegations claiming that Binance never contacted them to check the legitimacy of their claim. The attacker also claims that some statements, such as the possibility that they obtained such data via phishing attacks, are false. According to them, the amount of data in their possession itself is too significant to be obtained via phishing.

Furthermore, the hacker also claims that they are not in possession of the Binance customers’ login credentials, which means that they cannot steal their funds and that phishing is not a method they used.

Meanwhile, the hacker also offered to delete the documents if they receive a payment for them.

They proved to be in possession of the data by sharing links that show hundreds of images of the four exchanges’ users, who are holding a paper with names of these exchanges. The hacker also criticized the media for posting false reports and claims in an attempt to cover the “truth.”