The news, if confirmed, would really be very serious. An hackerwould be selling the data of thousands of users on the dark-web. We are talking about the documents that make up the KYC (know-your-customer), that is the set of data that are collected by the exchanges for each user. According to a report by CCN , the hacker would have in his hands the data of over 100 thousand registered users of Poloniex , Binance , Bittrex and Bitfinex .
The cybercriminal, which is identified with the name ExploitDOT , has published the following post:
The data on sale contain all the personal information of the users, a selfie, the photo of the driving license or the identity card or passport. The hacker would be collecting this data, no one knows how, from July 2018. The price for interested buyers varies with the amount of documents that he is willing to buy, as shown in the picture above.
Binance, Poloniex, Bitfinex, Bittrex: no comment
CCN has managed to verify that the hacker says the truth: the ad is still present on the dark web (I do not include the link to avoid promoting the fact). A security expert who contacted CCN and preferred to remain anonymous requested the hacker 3 test samples. The hacker has provided them and the documents are in order and the photos of excellent quality
.As proof, the seller sent the photo of users who hold a sheet with the word “Binance / date”. This is a mandatory procedure for the exchange as verification. In these photos the faces are clearly visible. CCN also had access to the images confirming they are original. The documents belong to the citizens of all the States in which these exchanges operate.
CCN contacted Binance who commented that ” they have theories about how the hacker obtained this informations“. However, Binance denied having suffered a data breach . Further clarifications will follow for the next few hours. At the time of writing, no exchange has yet published an official announcement about it. We will keep you posted.