The world’s largest cryptocurrency exchange Binance has offered a reward of 25 Bitcoins to anyone who can help them identify a blackmailer.
The KYC blackmailer
An extortionist who claims to have data of 10,000 Binance customers is demanding Binance to pay 300 Bitcoins if the exchange doesn’t want him to release the data. He has selfie photos of users, which is a part of the company’s Know Your Customer (KYC) efforts. The company’s reward of 25 Bitcoins (approx. $290,000) is for anyone who could give clues to help identify the blackmailer.
Note that Binance contracted a third-party vendor for the KYC verification of its users because the volume was too high. The Chinese firm, which has since migrated to Malta, become popular very quickly because of its more open attitude towards users, less stringent regulations and a wide selection of cryptocurrencies to choose from.
The hack of a hack
According to a new report in CoinDesk, the extortionist used the pseudonym “Bnatov Platon” and stayed in touch with their team. He provided the media outlet extension information about his talks and negotiations with Binance, which continued for at least a month before eventually falling apart. Platon started released images of users alongside their information on an open website and also on his Telegram channel.
However, the case is not as simple as it seems. It stems from a Bitcoin hack in May, which saw hackers take out 7,000 BTC from the exchange in one smooth move. Binance called it a “large scale security breach” at the time, and the hackers were able to funnel out cryptocurrency, alongside 2FA codes, API keys and other information from the exchange’s servers. The company never mentioned that identifiable information about customers had also been leaked.
Platon says that he is not the same person who carried out the hack on the exchange. Instead, he went on to hack an insider at the exchange, who was a part of the May hack. While this raises several questions on the integrity of the exchange, Binance suggests that the data was lost via an unnamed third-party company that was doing KYC verifications for them since February 2018.
CoinDesk suggests that in their conversations, Platon claimed to be a white-hat hacker who asked Binance for a bounty for not exposing the information. Binance has since made the news public, writing that they are “still investigating this case for legitimacy and relevancy.”
Meanwhile, Platon claims to have 60,000 pieces of info and also alleges that Binance hack was an inside job.