Confidence in cryptocurrency exchange Binance’s ability to protect private and highly personal user information took a hammering today after it was revealed that the details of potentially hundreds of Binance customers may have been leaked into an open social media group.
A public Telegram group has been set up that features photos and personal information and details of Binance customers, including their passport and driving licence details containing information such as their date of birth, address and identity numbers.
The group features nearly 900 images of what are supposedly Binance customers’ know your customer (KYC) photographs, in which they have to post a photo of their identity document, plus a photo of their faces alongside their identity documents.
The customers in the photos are from Japan, the UK, Vietnam, South Korea and many other countries.
Many of the photos also include a handwritten note that features the date, and the text ‘Binance’ to prove they are genuine.
This is a KYC practice used by Binance, and other exchanges, to verify user identity, and the potential breach of this system would be a huge embarrassment for the Binance.
It is unknown who has set up the group, but it has caused Binance’s security team to issue a warning to users about protecting their private data, and launch an investigation into where the information has come from.
Writing on its blog, Binace said the matter was being investigated by its security team.
“Our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images … We are continuing to investigate and will keep you informed,” it said.
“The relevant law enforcement agencies have been contacted and we will be working closely with them.”
Binance blames “unidentified individual”
In its post Binance says that the leak of the photographs follows threats and harassment from an unidentified individual who demanded that the exchange pay him 300 BTC.
The post says that while they are still investigating the “legitimacy and relevancy” of this claim, they have found “inconsistencies” in the photographs.
“First and foremost, there are inconsistencies when comparing this data to the data in our system. At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system,” the post says.