By CCN.com: The hacker going by “ExploitDOT” has recently confirmed he/she was selling know-your-customer (KYC) data from world leading cryptocurrency exchanges on the dark web, in an attempt to clear his name from cryptocurrency news outlets claiming the ad was fake.
Last week, CCN broke the news and revealed the hacker was attempting to sell the data on the dark web, after being contacted by an anonymous cybersecurity expert that managed to obtain three samples as proof the documents were legitimate, while posing as a buyer.
The samples, reviewed by CCN, were pictures of individuals holding up a piece of paper with the word “Binance” and the date the picture was taken at in them. In all of the samples, their faces and identity cards or drivers’ licenses were visible.
The anonymous cybersecurity expert, at the time, claimed Binance had been warned about the potential leak, and an exchange spokesperson – according to an email whose authenticity hasn’t been verified by Binance, despite CCN’s contacts – revealed they had “theories in regards to how information may have been obtained.”
Reacting to the story, various cryptocurrency news outlets claimed the leak was fake. Binance’s CEO Changpeng Zhao, on Twitter, revealed he was disappointed with the “irresponsible in-industry journalism.”
Thank you! I can't believe CCN makes articles/FUD this bad. The original Reddit post didn't even include Binance. CCN also admit they did not verify or see any stolen data. Irresponsible in-industry journalism. Disappointed! https://t.co/1ACiY13xsd
— CZ Binance (@cz_binance) January 22, 2019
One news outlet in particular, Decrypt, claimed it was fake news after analyzing the hackers’ profile and noting the evidence it had pointed to “ a “hacker” with a history of hyperbole.” ExplotDOIT took to Pastebin to answer the news outlet and shed more light on the situation.
According to the hackers’ document, no exchange has contacted him/her about the leak. Although CCN purposefully omitted the link to his ad, he claims to have been contacted by researchers and onlookers trying to know more, but no cryptocurrency exchanges.
ExploitDOT further confirmed he sent the anonymous cybersecurity researcher three samples, but didn’t send any others after he started getting media attention, as no one accepted to transact with him via escrow. Per his words, exchanges “just want to cover up everything the fastest as possible. [sic]”
The document further reads he’s going to change his online handle to avoid receiving further attention “my nickname I will change it forever, to get out of the spotlight I never asked for.” As for his motivation to sell the images, he stated:
I do what gets me paid, that doesn’t hurt individuals personally, and I’m fine with what I do as long as I don’t hurt people personally and financially.
He further linked to twenty-eight screenshots showing hundreds of images that range from document scans to crypto exchange users holding up their personal documents.
CCN has been in contact with Binance’s head of PR, Leah Li, which noted the exchange has “investigated the photos in question, but there is no evidence that the leak is from Binance.” Li added that security is its highest priority and that it does its “utmost to ensure data breaches do not happen on our platform.”
No links to the leaked data have been added to protect crypto exchange users’ data.