Binance says they are investing an alleged data leak of their KYC data captured from customers in 2018 and 2019. Binance security has been compromised before, but the company has its doubts about whether a leak has actually happened this time.
KYC stands for “Know-Your-Customer” and is a regulatory requirement for financial institutions. Around 60,000 users are said to be potentially affected.
A Telegram group distributed hundreds of images of people holding their IDs and pieces of paper with “Binance” and a date on them. These were presumably pictures taken by clients as part of account verification and submitted to the exchange.
The statement released by Binance revealed that an individual had demand 300 BTC in return for not releasing around 10,000 photos related to the KYC information. At post time, 300 BTC is worth upwards of $3,000,000 USD. The exchange said the files appear linked to a hack that occurred in May 2018. The timeframe of the images also coincides with a period during which the company contracted with a third-party to verify its KYC data.
The individual who attempted to extort the exchange claimed he had data from multiple exchanges. When asked for proof, he issued the demand for 300 BTC and refused to provide any of the requested evidence. Binance is offering a 25 BTC reward for information on the person or persons responsible.
“We are still investigating this case for legitimacy and relevancy. After refusing to cooperate and continuing with this extortion, this individual has begun distributing the data to the public and to media outlets,” the company said in its public statement. Binance said that there are inconsistencies with the images and that they lack a digital watermark that the site uses. The Binance security team is working on possible leads to help identify the source of the photos.
Binance’s public statement on the potential data leak can be found here.