January 23, 2019 | AtoZ Markets - The global cryptocurrency exchange Binance has recently denied the news that were circulated over the internet two days ago, which said that the servers of each of Binance, Bittrex, Bitfinex, in addition to multiple ICOs, was hacked.
On January 22, the market woke up to the news of a big data breach of 100,000 Know-Your-Customer (KYC) documents from the servers of the exchanges mentioned above.
The hacker referred to with the pseudonym “ExploitDOT”, as per media resources, has an ad that has been online since July 2018, in which they said they had hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.
However, Binance seemingly communicated with the hacker, and had talk with them, over the veracity of the documents the latter claimed they hacked.
After serious investigations, the exchange concluded there was no evidence of breach of its data, as came on the tongue of Leah Li, the global PR manager at Binance.
“We’re aware of this allegation and have investigated the photos in question, but there is no evidence that the leak is from Binance.”, Li explained.
The latter went further confirming that their investigations could unveil that there were fabricated photos of the allegedly hacked KYC data.
The hack could have happened this way
The analysis reached to that in case a breach did really take place, this could have happened through using what is so called “phishing websites”, which they are created for stealing personal data from those who use them.
Phishing websites are those which look like other authentic ones, with similar names, logos, and content.
The one in question in this case, could have been a website that looked like one of the aforementioned exchanges which were said to have been hacked. As the phishing website will definitely have fields for logging in with a username and password, that could be the reason, as any victim would register their credentials in those fields, they will have stored those very credentials in the phishing website, the thing that will definitely enable those who run the site of using the credentials they put their hands on, and go to the authentic websites and long on with them, and then they have full control over that victim’s account.
The anonymous hacker was said to have thought of launching a crowdfunding campaign to delete the documents so they “don’t fall into the wrong hands,”, as per media resources.
The news referred to previous incidents seeming, were the hacker seems to have a record in scamming, as long as fabricating websites for blackmailing and extorting their owners and those registered in those websites, in addition to a link between the hacker and drug dealing, as the media unveiled.