According to a one-month investigation, it seems that the recent know-your-customer (KYC) data leak including data from Binance trader is related to the Binance hack in May that resulted in hackers stealing over 7,000 stolen Bitcoins.
Despite the fact that the investigation is still in progress, CoinDesk states it may affirm that two out of more than a hundred reportedly leaked profiles initially created in February 2018 belong to actual Binance customers who had finished the KYC inspection verifications needed by the cryptocurrency trading platform, which Binance states was dealt with by a third-party firm.
Information regarding the security breach was released publicly on August 7 when an unidentified hacker by the handle “Bnatov Platon” began disclosing what he asserts are pictures and information concerning Binance users.
CoinDesk mentions that Platon who proclaimed himself an ethical whitehat hacker seeking a bug bounty from Binance, is proficiently demanding 300 Bitcoin (BTC) worth around $3.5 million in return for the leaked KYC data and photos, uploaded the data to a website and then disseminated those photos on Telegram.
Platon asserts he possesses 60,000 parts of KYC information owned by customers of Binance.
Platon has denied any participation in the security breach that occurred in May. Interestingly, he stated that he hacked an insider working for the exchange who was supposedly involved in the May security breach.
Even though one of the images examined by CoinDesk appears to have been altered, the news site substantiated that the individual whose identity was uncovered was registered on Binance at the moment of the KYC data leaks.
Platon claims that a Binance insider aided in making numerous application program interfaces (APIs) public, which provided hackers with direct access to customer accounts.
Platon states that he has been able to acquire the text files deployed by the hackers to retain customers’ API keys, which are codes for accessing their accounts remotely.
Furthermore, Platon maintains that the files include exceptionally vital information like email addresses and passwords of users. The customers, who could be at risk, made Binance accounts during the last two years, Platon enunciated.
The unidentified hackers benefited from the leaked personally-identifying information by employing it to produce malicious scripts that permitted them to render numerous tiny withdrawals of 0.002 BTC, Platon discloses. Moreover, he points out that the scripts released buy orders for a BlockMason Credit token that was immediately transformed to Bitcoin.
The stolen cryptocurrency was kept in a wallet made on Blockchain.info, Platon asserts. Additionally, he maintains that the unknown hackers laundered approximately 2,000 Bitcoins from this wallet through peer-to-peer cryptocurrency exchange BitMEX, and various other exchanges such as Yobit, Huobi, and KuCoin.
Platon, who has allegedly distributed 636 files with CoinDesk, is supposedly expecting that publicly disclosed personal customer information will generate adequate media attention to compel Binance into revealing the actual size of the security breach. Notably, he wishes for the hackers who stole
In addition, Platon distributed code to CoinDesk that he asserts was deployed to access Binance’s services through a back door. Viktor Shpatk, the co-founder and Chief Technology Officer (CTO) of Blockchain startup VisibleMagic, substantiates that Platon was right. Shpak stated that the security incident was extremely possibly to be an API key attack and that the attackers harvested the API keys from someplace.
AP keys permit users to authenticate or confirm, services on cryptocurrency exchanges and different applications. In the event that a hacker obtains these keys, then they may buy cryptocurrency from the victim’s account and move it to extrinsic wallets.
As reported by CoinDesk, Ted Lin who is the Chief Growth Officer (CGO) of Binance informed Platon that Binance was willing to pay for information that would ultimately result in the apprehension of the unidentified hackers. Nevertheless, Lin states that the exchange will not pay 300 Bitcoins for the leaked KYC data.
Intriguingly, Platon asserts that he doesn’t need money since he is currently the owner of an exchange that is one-third the size of Binance.