Customer Data from Major Crypto Exchanges Listed for Sale on the Darknet

On the Dread darknet marketplace, user data from leading cryptocurrency exchanges Bittrex, Poloniex, Bitfinex, and Binance has been put up for sale. An individual using the alias ExploitDOT is offering customer data—including identification documents and driver’s licenses—collected as part of the Know Your Customer (KYC) process required by these exchanges.

According to CCN, the listing was first posted on Dread in July 2018. The seller is asking just $10 for a batch of 100 identity documents, with bulk discounts dropping the price to as low as $1 per package of 1,000 documents for orders of 25,000 or more. The seller claims to have files on users from every country where Bittrex, Poloniex, Bitfinex, and Binance operate.

A cybersecurity researcher, who wished to remain anonymous, managed to obtain files on three Binance users by posing as a buyer. To prove the authenticity of the data, the seller sent photos showing people holding a sheet of paper with “Binance” written on it in one hand and their passport or driver’s license in the other.

The researcher contacted Binance representatives, who stated there were “discrepancies” between the acquired documents and the data provided by users. A Binance spokesperson emphasized that there were no signs of unauthorized access to Binance’s systems, but the exchange has some theories about how the information may have ended up in the wrong hands. However, the spokesperson did not disclose who might be responsible for the data leak.

KYC (Know Your Customer) is a regulatory term for banks, exchanges, and other financial institutions, requiring them to identify and verify the identity of their clients before conducting financial transactions.