Within the last 48 hours, news (re)surfaced suggesting that know-your-customer (KYC) information from some of the largest cryptocurrency exchanges was made available for sale. Yet, there is evidence that this is likely recycled news from over six months ago.
On darknet market Dread, a vendor going by ExploitDOT was reported to have been selling KYC data from exchanges in a sub-community (/d/DNMAds). The post suggested that the data came from larger exchanges such as Bittrex, Poloniex, and Bitfinex.
The reports are based on a post by ExploitDOT claiming they have “100k documents” containing sensitive user data. The seller was offering 100 such documents for $10 with discounts for larger purchases:
The crux of the issue, however, is that the post is over six months old. Although the claims appear to insinuate that some of the largest exchanges were hacked, none have confirmed a data breach. Although that doesn’t mean there wasn’t a breach, if all three exchanges deny these allegations it’s more likely that such a breach never occurred. One of the exchanges to deny these allegations was Bitfinex:
We want to assure our customers that Bitfinex is aware of this situation and can confirm there is no security breach to our platform. As always, if there are any queries please get in touch with our support team – https://t.co/YslE5GtSGT https://t.co/VeW08TqgWn
— Bitfinex (@bitfinex) January 21, 2019
In the crypto-media, CCN claimed that they were provided “three free samples” of the data shown, yet the authenticity and the origins of the data, as CNN mentioned, are debatable. Not only that, there is a real possibility that it is the same leaked data from six months ago.