Binance is currently running interference against what it views as a “fear, uncertainty, and doubt” campaign against the Bitcoin exchange giant. The objective of its perceived attackers seems to be making Binance users believe that their know-your-customer or private information is not private at all.
Rumors of a Binance KYC leak began circulating in January.
This reporter was among the first to receive the dumps, but ultimately, investigations were inconclusive. CCN reported on the matter on January 26th.
As CCN wrote at the time:
“In correspondence with CCN, Binance has now revealed it has evidence indicating the leaked KYC pictures 'are not from Binance accounts.' In a statement, the cryptocurrency exchange noted security is its top priority, and it has 'various measures in place to ensure safe-keeping' of its customers’ information.”
Binance’s much more serious hack, where approximately 7,000 BTC were stolen in one night, trumped any rumored data breach. Binance shut down for a week in response, and CEO Changpeng Zhao floated the idea of a “chain reorganization” on Twitter.
Binance, in publicizing a 300 BTC ($3.5 million) ransom the exchange has been dealing with, is still not sure whether the alleged 10,000 KYC files are real or not. They admit this in the first paragraph of their latest statement on the subject:
“We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy. After refusing to cooperate and continuing with this extortion, this individual has begun distributing the data to the public and to media outlets.”
As we said, the first mention of a data breach goes back to January.
Data breaches play a crucial role in the appropriate regulation of exchanges.
If Binance has been outright denying an actual data breach for the last eight months, where do they stand on their upcoming Binance US project? CCN reached out to Binance for comment on this aspect of the ongoing drama.
Binance believes the data is from the previous, denied batch of customer files. They have put out a 25 BTC reward for information leading to the capture of the extortionist, saying:
“If you are able to provide any information to help identify this person and allow us to pursue the individual through legal action, we will offer a reward of up to 25 BTC, dependent on the relevance of the data supplied.”
What Binance’s Wednesday statement does not do is confirm or deny the data breach. Regulators are likely watching the issue closely – the collation of personal and financial data is a powder keg forever waiting to blow.
Data protection is but one of the significant concerns expressed by regulators struggling to accept the budding mainstream cryptocurrency world.