Binance, one of the largest cryptocurrency exchanges, seems to be in dire straits. Lately, a hacker, operating under the pseudonym Bnatov Platon, has demanded 300 BTC from the exchange. Apparently, the man has access to the data of Binance users.
Every story starts with a twist, and this one is nothing unusual. In July, a cryptic man who refers to himself as Bnatov Platon contacted a media outlet and claimed to have obtained access to Binance user data. To be precise, 60,000 pieces of KYC information.
According to Platon, he got hold of this data during a hack which occurred in May. Back then, the hackers managed to seize around 7,000 BTC. Binance also revealed that malign actors stole “APIs, two-factor codes, and “potentially other information.”
And yet Platon claims he was not part of that heist. Apparently, he performed an additional hack on the hackers, one of whom was an insider. According to him, the insider was the one to release the APIs.
The data concerns customers that created accounts between 2018 and 2019. Some of the files that Platon shared appear to belong to real customers. All of them are holding their identity cards such as drivers license and passports. According to Platon, he hoped that such a major leak would help customers realize Binance’s downsides.
Platon also sent CoinDesk a code that he purportedly used to access “a back door placed in Binance servers by an “insider.” It seems as though the code works.
“This is highly likely to be an API key attack,” said Viktor Shpak, CTO at blockchain development firm VisibleMagic. “They harvested API keys from somewhere.”
Shpak went on to suggest that an insider might be indeed behind this.
When money is at stake
So far Platon comes off as a noble man. He hacked hackers and suggested that Binance’s workers are the ones behind wrongdoings. He even contacted Binance’s chief growth officer (CGO), Ted Lin. The rationale is clear: to inform Binance about his findings.
“I informed [Lin] that I have got insider information such as insider’s detail, insider’s communication details with outsiders and even insider’s photo. I informed him that I have details of hackers – server information, their identity, their phone numbers and etc.”
However, money can do magic. And it seems like Platon has fallen prey to its sorcery. It has emerged that, in fact, Platon demanded a substantial sum of 300 bitcoin for his information. Binance refused to give it and as a result, Platon decided to turn his threats into reality.
On 5th of August, he uploaded 500 photos for 166 people’s KYC to an open file-sharing site, under the pseudonym “Guardian M.”
Another dump followed shortly. This time it took place inside a Telegram group.
But why?
The story is certainly peculiar, as it never really answers the question why Platon is doing all of this?
He says that money is not the primary reason. “When I require money, I can just hack out one exchange account balance (hacker’s). I could retrieve more than 600 or 700 coins easily by hacking hacker’s wallet,” Platon said.
Then why ask Binance for money? 300 BTC is not a symbolic sum. It is more than 3.5 million dollars. Has vanity come into play?
Observers are asking the very same question, as the situation is quite frankly baffling.
“People keep asking, ‘Why are you releasing those KYC photos?’ ‘How did you get them?’ The reason I am releasing those KYC is simple: To warn you people who are dealing on Binance,” they wrote. “If I needed money, I would sell it underground, not to publish it.”
Am I in danger?
Naturally, all of Binance’s customers are now wondering whether their money is safe. And the answer is far from unambiguous and depends on whom you choose to believe.
Yesterday Binance made a statement that denies the veracity of the leaked data.
“There are inconsistencies when comparing this data to the data in our system,” Binance said. “No evidence has been supplied that indicates KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system. Our security team is hard at work pursuing all possible leads in an attempt to identify the source of these images.”
The exchange also says that the files lack a digital watermark it uses. It also emphasizes that the images belong to a batch which was originally leaked at the beginning of the year and subsequently sold on the dark web.
However, CoinDesk has different information in-store. The outlet has managed to confirm that at least two of the hundreds of leaked profiles belong to real customers who shared private information with the exchange.
What is definitely known is that Binance is now looking for the man. According to Newsweek, “it would now be offering a reward of up to 25 bitcoin—currently the equivalent of about $290,000—for information that helps to identify the person attempting to extort the organization, which has its origins in China.”