The Darknet: a place where all kinds of nefarious deeds and dealing often go unpoliced; online marketplaces within this unrestricted zone of the internet sell anything from drugs to how-to guides and now, apparently, user data from crypto exchanges…
Within the depths of the darknet, a market dubbed "Dread" is app selling documents hacked from various exchange’s know your customer (KYC) data.
CCN reports that a vendor by the handle ExploitDOT, apparently sells this information for $10 per 100 documents, even going as far as to offer money off for bulk buys... Bargain.
According to the vendor’s ad compromised exchanges allegedly include Bittrex, Poloniex, and Bitfinex:
KYC information is an integral part of the user verification model of most cryptocurrency exchanges, and often includes user photographs and proof of address among other pieces of sensitive information.
An anonymous cybersecurity expert tipped off CCN after he managed to secure three sample files from the vendor as a way to verify the claims.
The sample files apparently included pictures of an individual holding up a piece of paper with the word “Binance” written on it, the date the picture was taken on, and drivers licenses/identify cards.
After reaching out to Binance, the anonymous security expert relayed that the exchange had their “theories in regards to how this information may have been obtained” but didn’t go into any further details.
Binance recently had its own dealings with hackers, when funds form the Cryptopia hack found its way to the exchange’s front door. After being notified by social media Binance immediately froze the stolen crypto.