Following a hack in which criminals stole 7,000 bitcoin from cryptocurrency exchange Binance, the company now finds itself at the centre of another media storm, after personal information of customers was leaked online, apparently by another hacker
It’s more bad news for Changpeng Zhao, CEO and founder of the Malta-based exchange, which was in May targeted by hackers who stole crypto now worth an estimated $80 million.
In terms of reputation, this hack could prove to be a lot more costly.
News emerged late last night that a public Telegram group was posting pictures of supposed Binance customers alongside their government issued identification papers, for example their driving licences and passports.
The Telegram group, called FIND YOUR BINANCE KYC, features nearly 900 pictures of what are thought to be Binance customers, along with personal details such as date of birth, address, full names and signatures.
Many of the images show the faces of customers as they hold a copy of their identity to prove that the image really is them, which is a part of Binance’s supposedly stringent know your customer (KYC) procedures.
The identities of customers cannot be revealed, but at press time we can report that customers from Europe and Asia have had their details revealed, including the UK, Romania, Turkey, Japan and Vietnam.
Binance has acted quickly to try and quell the fears of customers.
In a blog post titled “Statement on False “KYC Leak”’ the Binance security team said the potential breach was being investigated as a matter of utmost urgency and that they were working with law enforcement.
“Our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images … We are continuing to investigate and will keep you informed,” it said.
“The relevant law enforcement agencies have been contacted and we will be working closely with them.”
In the post they refer to a “unidentified individual” that has “threatened and harassed” them, and say the date stamps on the customer images appear to correlate to a time in 2018 when the company had hired a third-party to conduct KYC procedures.
“On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time. Currently, we are investigating with the third-party vendor for more information,” the post says.