Binance’s security team says new evidence indicates that stolen know-your-customer images publicized earlier this month overlap with those processed by a third-party vendor the exchange hired a few times in late 2017 and early 2018.
Rumors began circulating on social media in early August about a massive know-your-customer (KYC) data leak on Binance, the world’s largest crypto exchange by trading volume.
The Binance security team initially stated an unnamed individual had allegedly been “threatening and harassing” the exchange. The unidentified person was demanding 300 BTC, currently worth more than $3 million, in exchange for 10,000 customer photos they claimed they obtained.
According to Binance, there appear to be distinct sets of photos: ones that Binance now says “bear similarity to Binance KYC images” and “overlap with images that were processed by a third-party vendor,” and others that were photoshopped. However, none of the images appeared to bear the watermark affiliated with the company’s KYC procedure.
“During our review of the leaked images, there were multiple photoshopped or otherwise altered images which do not match the KYC images in our database and are being accounted into the comprehensive investigation. In addition, every image processed through Binance for KYC purposes is embedded with a concealed digital watermark, which was notably absent from all of the leaked images.”
The shared images appear to have originally leaked in January and were likely taken in February 2018 when Binance contracted the third-party company to handle KYC checks.
Binance recommends that impacted users “apply for new identification documents in their respective region.” The exchange also plans to compensate those who were affected.
“We are compensating affected users with a lifetime Binance VIP membership, including preferential trading fees, support, and more services.
We encourage users to contact us with questions and about restitution by submitting a request on the Binance Customer Support Center under ‘Security Issue.’ Please make sure to verify you are being contacted via official Binance email communication.”
The Binance security team says it “has been pursuing all leads” regarding the source of the leak.