Binance, the world’s largest cryptocurrency exchange by trading volume, said it’s investigating the alleged leak of its customers’ verification information. The leak could allegedly affect up to 60,000 individual users who sent KYC information to the company in 2018 and 2019.
This leak is allegedly directly related to a hack that nabbed 7,000 bitcoin last May.
On Wednesday, a Telegram group created by an admin under the pseudonym Guardian M distributed hundreds of images of individuals holding their IDs and a piece of paper written with “Binance, 02/24/19,” alleging that data was hacked from the exchange. The hacker supplied CoinDesk with a hundreds of photographs and we have identified a number of users who recognize the photos of their faces and personal IDs that they sent into Binance for know-your-customer purposes.
The hacker told CoinDesk that he or she has at least 60,000 more and that he will release them over time. We have access to nearly a thousand.
Know-your-customer, or KYC, is a legal requirement by financial institutions to collect identifying information for all customers attempting to trade, withdraw, and deposit.
In a response on Wednesday, Binance said the information circulated in the Telegram channel does not match data inside Binance’s own system, and as such said there’s no evidence so far to show it’s directly coming from the exchange itself.
“These images do not contain the digital watermark imprinted by our system,” the company said. “Our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images, as it remains unclear where they were obtained.”
Binance added that the unidentified individual previously demanded 300 BTC from it for “withholding 10,000 photos that bear similarity to Binance KYC data.” After Binance refused to continue the conversation,