KYC data exposure leads Binance to a 300 BTC ransom demand

Binance becomes a victim of scammers demanding ransom in exchange for the hacked KYC data

Scammer urges Binance to pay 300 BTC in exchange for not exposing personal data of KYC users

Binance, a cryptocurrency company hailing from Malta, has received a threat from a random scammer. The criminal is stating that he is holding around 10,000 records involved in KYC( Know Your Customer) data category.^[1] In exchange of not exposing such information worldwide, the bad actor is urging the company to pay 300 Bitcoin as a ransom which is equal to $3.5 million nowadays!^[2]

The company did not agree to pay the demanded ransom price and the cybercriminal truly did start spreading private information of users on the web:^[3]

We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy. After refusing to cooperate and continuing with this extortion, this individual has begun distributing the data to the public and to media outlets.

According to some sources, various photographies of people with their own IDs and passports in their hands have been released to the cyberspace. Even though the cryptocurrency exchange has been making a big effort in the investigation process of the whole incident, the hacker behind all this activity still remains unknown.

Users' data posted on a Telegram group which has over 10,000 visitors

The same hacker also created a specific Telegram group which is supposed to help him post collected credentials of Binance users.^[4] This group is including over 400 photos of exposed ID cards and passports which are held in peoples' hands. The most popular countries involved in the attack are the United States, Russia, Japan, Turkey, and France.

According to Binance, the thing that is showing the lack of originality of posted information pictures is that there is no watermark that has been officially used by the company. So if you are an accurate person, this detail should not slip through your view. In addition, the leaked images included personal information of customers who have been signing for KYC services since February 2018.

Binance is offering up to 25 BTC for the person who helps to identify the criminal

The cryptocurrency exchange organization is looking forward to identifying the criminal who is behind such activity. Nonetheless, Binance offers a reward of up to 25 BTC for that person who finds out something valuable that can lead to an easier identifying process of the hacker and informs the company about his/her findings:

If you are able to provide any information to help identify this person and allow us to pursue the individual through legal action, we will offer a reward of up to 25 BTC, dependent on the relevance of the data supplied.

In addition, Binance has expressed thoughts about customers' security and safety being their first priority. The company also urges not to fall for the leaking activity,^[5] be careful, and stay updated. The investigation process is still in the state of continuation and everything important will be announced widely once discovered.