News is emerging that the world’s largest crypto exchange, Binance, has been the victim of an attempted ransom demand from a scammer. The attacker threatened to release KYC information if the company did not cough up 300 Bitcoins.

Give me Bitcoin or Else …

In its efforts to be totally transparent, Binance has just released a statement revealing that an unidentified individual has ‘threatened and harassed’ them. Enigmatic CEO, Changpeng Zhao, urged people not to believe or spread the FUD which had already been disseminated across social media.

“Don’t fall into the “KYC leak” FUD.  We are investigating, will update shortly.”

Don't fall into the "KYC leak" FUD. We are investigating, will update shortly.

— CZ Binance (@cz_binance) August 7, 2019

Just like Facebook before it, Twitter has now become a hotbed of scams and fake news and the platform seems indifferent to the problem. These types of posts started appearing on Twitter prompting Binance to clarify the situation.

The statement added that the scammer demanded 300 Bitcoin in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. It said that the company was investigating the legitimacy of the images and had refused to comply with the extortion. By then the perpetrator had begun releasing them online.

A spurious Telegram group was created to disseminate the bogus KYC images. CZ responded to those sharing the link stating that they are doing greater harm than good.

“I would like to add, by joining or spreading the link of the telegram group, you are helping malicious hackers (at least giving attention). What we should do as an industry is to fight them. Stay on the positive side. Report the group, then leave.”

I would like to add, by joining or spreading the link of the telegram group, you are helping malicious hackers (at least giving attention). What we should do as an industry is to fight them. Stay on the positive side. Report the group, then leave. ??? https://t.co/Cvxks2S69i

— CZ Binance (@cz_binance) August 7, 2019

The statement continued to add that the images did not include the digital watermark and efforts were being made to identify their source. The exchange did say that they had previously outsourced KYC services to a third party vendor earlier this year.

“On initial review of the images made public, they all appear to be dated from February of 2018, at which time Binance had contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time.”

The hacker claimed to have images from other exchanges but could not supply irrefutable evidence of their findings. Binance has already contacted the relevant law enforcement agencies to pursue the perp. Additionally CZ and co offered a 25 Bitcoin reward for any information leading to the apprehension of the suspect. Finally there was a warning over impersonators attempting to contact customers and online scams in general.

The incident does shed light on the clumsy way that KYC data is collected and stored, and may lead to improvements in methods exchanges get to know their customers.

Image from Shutterstock