One of the world's biggest cryptocurrency exchanges says it has launched an investigation after an "unidentified individual" threatened to leak a trove of its customer data.
Binance, which ranks as the top exchange by volume traded, said in a company statement today that the individual had demanded 300 bitcoin—the equivalent of more than $3 million—to halt the release of 10,000 photos showing "know your customer" data from the organization.
KYC, which stands for Know Your Customer, are images obtained by the exchange to verify the identities of its users. Such data can include ID cards, driving licenses and face scans.
The cryptocurrency exchange has said the files appear to be linked to a previously-known batch of images that were first disclosed in January last year. At the time, a vast array of KYC data was listed for sale on the dark web, potentially taken during a breach of a third-party vendor. In this instance, Bianace says a probe is underway but the files lack a digital watermark its uses.
"We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data," the firm said in a release today informing the community of the situation.
"We are still investigating this case for legitimacy and relevancy. After refusing to cooperate and continuing with this extortion, this individual has begun distributing the data to the public."
Based on screenshots and videos that emerged on social media, it appears that stolen images are being spread in part via Telegram, a chat application that offers encrypted communications. The exact source of the KYC images, old or not, remains unclear at the time of writing.
One hacker claiming to be responsible for the leak told CoinDesk, a news website, that tens of thousands of KYC files may be released. The outlet reported that it had verified Binance user ID images, dated from 2018. The stolen data is "directly related" to a major Binance hack last year, CoinDesk reported. At the time, Newsweek noted how 7,000 bitcoin had been plundered.
In today's statement, Binance attempted to distance itself from blame.
"There are inconsistencies when comparing this data to the data in our system," Binance said. "No evidence has been supplied that indicates KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system. Our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images."
Yahoo Finance UK reported the Telegram group that was seemingly created to share the images after the failed blackmail attempt currently has more than 10,000 members.
On Twitter today, some accounts are sharing links which purport to offer a way to check if Binance customers have been impacted, which could potentially result in more data theft or compromise, according to industry commenters. "By joining or spreading the link of the telegram group you are helping malicious hackers, at least giving attention" noted Binance CEO Changpeng Zhao.
In its statement, the Malta-headquartered cryptocurrency company said it would now be offering a reward of up to 25 bitcoin—currently the equivalent of about $290,000—for information that helps to identify the person attempting to extort the organization, which has its origins in China.
"The hacker also claims he has KYC information from multiple exchanges," Binance said on its website, noting that it will release more information as the probe progresses.
"When asked to prove the source of the data, the individual demanded 300 BTC and refused to supply irrefutable evidence of their findings," the release added. "Later, they went to the press under false pretenses, posing as a white hat with good intentions. The relevant law enforcement agencies have been contacted and we will be working closely with them to pursue this person."
Changpeng Zhao today moved quickly to calm customer nerves as complaints surfaced across social media and speculation of a major data breach grew. "Old news, different spin," the CEO stated, appearing to dismiss any suggestion of a fresh data leak.