If you’ve ever completed the KYC process, you know what a hassle it can be to submit so many photos. Have you ever stopped to wonder if those photos are totally safe on their journey to the platform and what happens if the platform gets hacked? Well, that’s exactly the questions Binance is being asked as a hacker has allegedly procured more than 10,000 KYC images and is extorting the exchange to the tune of $3.6 million in Bitcoin to prevent them from being leaked to the world.
Are the Reports Credible?
If you cast your mind back to early 2018, we saw a similar issue where a hacker allegedly stole a large amount of these KYC images from a number of top crypto exchanges. Now, these two incidents are beginning to share a lot of resemblances, leading people to believe that this is just a scam to try and get some free Bitcoin from Binance.
So far, the Binance team has stated that the images presented by the hacker don’t show any of the system’s watermarks which are digitally added the second an image is taken by the user. This all points to the same conclusion from the 2018 incident which is that these images were obtained through a phishing scam where people believed they were onboarding to the Binance exchange. This would explain the lack of watermarks.
KYC Details Have Been Left Exposed Before
Now, we’re not saying that this threat from the alleged hacker is credible, but we have seen KYC photos left in the public domain before. An ICO that took the personal details of more than 15,000 investors left the images on a publicly accessible WordPress registry. There were driving licenses, passports, selfies and much more all available to the public. While this ICO wasn’t packing an experienced developer team like Binanace, these mistakes can still be made. However, it looks very much like Binance didn’t make this mistake.
Beware of Telegram Groups
There are a number of Telegram groups doing the rounds at the moment that purport to have access to the full list of leaked Binance KYC images, but many users are posting the images as a .zip file. This is incredibly dangerous for you, as hackers can easily slide in malicious scripts that become active the second you unzip that file. It’s best to avoid downloading anything from the Telegram groups. If you’re still curious and want to check them out, Find Your Binance KYC has a large number of images already available. There are others, but don’t download any .zip files, be sensible.
KYC is a necessity in the crypto world to stop bad actors from using crypto maliciously, but it can be risky. If a hacker does manage to steal KYC data, they have more than enough information to steam your identity and clear out your bank accounts, run up huge bills and create incredible debt. As CZ has mentioned, don’t believe the leaked KYC image FUD!
Don’t fall into the “KYC leak” FUD. We are investigating, will update shortly.
— CZ Binance (@cz_binance) August 7, 2019