Leading cryptocurrency exchange Binance is back on the spotlight following ‘rumors’ that the exchange has suffered another security incident leading to the loss of KYC data belonging to its users.
A telegram group named “KYC is important” has seen its membership sore by tens of thousands in hours as several users flock to the group to see whether their data is part of the leaked information. The group has shared several screenshots of alleged Binance users holding their identification documents, which is a common practice during KYC identification.
Binance CEO Changpeng Zhao has denied these allegations that the exchange got hacked claiming that the news is just FUD ‘Fear Uncertainty and Doubt’ asking his followers not to fall for the “KYC leak” FUD.
“We are investigating, will update shortly,” he wrote on Twitter early Wednesday morning.
A few hours later, Binance has released a statement saying that the information being leaked in the Telegram group is “inconsistent” with their data. In addition, Binance claims that most of the selfies are lacking the Binance watermark that helps identify the source of the images.
“At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system,” the statement reads.
Binance says that most of the images appear to be dated February 2018, a period in which the exchange was outsourcing its KYC handling to a third party. This information could mean that the third party may have been the one that was hacked and not Binance itself.
“Currently, we are investigating with the third-party vendor for more information.”
According to the statement, the hacker contacted the Binance to try and extort as much as 300 BTC in ransom but Binance failed to oblige which may have caused the hacker[s] to leak the information. It seems that the hacker[s] could be having more data from other exchanges but this has not been confirmed as of yet.
“Later, they went to the press under false pretenses, posing as a white hat with good intentions,” Binance claims.
Binance is now offering 25 BTC as bounty to help the exchange apprehend the hacker(s). The exchange has stated that it has now involved law enforcement to also aid in the investigation as well as possibly arrest the culprits.
“If you are able to provide any information to help identify this person and allow us to pursue the individual through legal action, we will offer a reward of up to 25 BTC, dependent on the relevance of the data supplied.”