A while ago some news was published about a hacker who had succeeded in stealing the users’ Know-Your-Customer (KYC) data of the reputable cryptocurrency exchange Binance and then attempted to sell that information on Dark Web. In fact, Dark Web is a part of the internet which is not available to the public and is used for illegal purposes. This claim was strengthened after three separate images showing the hackers released the information. In these images, three small pieces of paper with the word Binance on them, along with ID cards and licenses of users were shown.
The reputable cryptocurrency exchange Binance, which based on trades volume is considered to be the largest cryptocurrency exchange in the world, has taken the necessary steps with respect to these reports and published an announcement. This exchange, after publishing an official press release, announced that the users’ exposed KYC data and personal information, do not belong to the users of Binance exchange; since this exchange puts its watermark and the digital signature on any picture it receives. Despite the fact that the word Binance can be seen in all the images released by the hackers, the attackers have claimed hacking information of large exchanges such as Poloniex, Bittrex, and Bitfinex. At first, the entire cryptocurrency community thought that the published news is fake, but after a short while this hacker published documents of the hacked users’ information, and proved the claim to be true, and caused agitation and suspense about this incident.
Now, Binance exchange has released information which shows that images published by the attackers, do not belong to this exchange’s accounts. In this announcement, Binance stated that security is one of their most focal priorities, and they have taken various steps to ensure totally that users’ information is secure.
In this announcement, it is said that KYC data of Binance exchange have rigorously been listed and stored by security authorities under more control and protective steps. Through investigations, Binance found out that these images lack Binance’s watermark and digital signature; therefore, they do not belong to this exchange’s users.
It is mentioned in a section of Binance’s announcement that, “to elaborate, it should be mentioned that in order to respect the gathered information via KYC process, Binance’s image processing system creates a hidden digital watermark on all the images it receives.”
Furthermore, Binance announced that these digital signatures are identifiable just under special circumstances, and the data such as sender’s information, image source details, and the information of the person who has done various operations on it, are all included in the image.
Based on these announcements, even if the pictures are altered, these watermarks will be identifiable. Moreover, to more protect the exchange users, Binance encrypts sensitive information such as images and personal pictures based on industrial standards (AES).
At the end of this announcement, it is mentioned that Binance works very hard and seriously in dealing with such issues, and in case of any accusation regarding the exposure of users’ sensitive information, Binance will instantaneously investigate and evaluate the authenticity of these claims.
In this hacker’s ads, the name of Bitfinex exchange has also been seen, but this exchange said in a Twitter post published on January 21 that no security breach has taken place in this platform.
Currently, no information is available as to what is the source of the data in the hands of this hacker. After the release of this ad and attracting the attention of everyone, the said hacker changed his pseudonym to avoid any unwanted attention.