By CCN: Binance, the world’s leading cryptocurrency exchange, has recently put out a statement claiming that the leaked cryptocurrency exchange user know-your-customer (KYC) data isn’t from its users, as it uses digital watermarks on every user picture it collects.
Recently, CCN revealed a hacker going by “ExploitDOT” was selling leaked KYC data from cryptocurrency exchange user son the dark web, after seeing three pictures of individuals holding up a piece of paper with the word “Binance” and the date the picture was taken at in them, while holding their identity cards or drivers’ licenses next to them.
While these had the word Binance in them, the hacker advertised KYC data from leading exchanges, including Bittrex, Poloniex, and Bitfinex. While initially the cryptocurrency community largely dismissed the report as “fake news,” soon the hacker posted proof he/she does have leaked KYC images from crypto exchange users after seemingly feeling provoked.
— Francisco Memoria (@FranciscoMemor) January 24, 2019
In correspondence with CCN, Binance has now revealed it has evidence indicating the leaked KYC pictures “are not from Binance accounts.” In a statement, the cryptocurrency exchange noted security is its top priority, and it has “various measures in place to ensure safe-keeping” of its customers’ information.
Binance KYC data, it adds, is “stored and indexed with fine-grained permission controls and further protected by stringent security audits.” The company was able to conclude the photos aren’t from Binance accounts after it found these don’t contain a digital watermark it adds to these images.
The statement reads:
To elaborate, in regards to the image data we collect from our customers during the KYC process, every image that the Binance system processes for KYC purposes is embedded with a hidden Digital Watermark.
These watermarks, Binance noted, are “only perceptible under specific conditions,” and allow it to “embed information on each personnel that has initiated image-related operations, as well as the source of the photo and relevant audit details.”
Per its release, the watermarks can be detected even if the images are modified. In order to further protect its users, Binance clarified, it also ensures sensitive user information – such as KYC images – are “encrypted in accordance with industry standards (AES).”
The statement ends by claiming the company will remain diligent by “promptly reviewing and assessing” the validity of any further allegations regarding sensitive information leaks arise. Bitfinex, another cryptocurrency exchange mentioned in the ad, assured its users it’s aware of the situation, and that its platform hasn’t been breached.
We want to assure our customers that Bitfinex is aware of this situation and can confirm there is no security breach to our platform. As always, if there are any queries please get in touch with our support team – https://t.co/YslE5GtSGT https://t.co/VeW08TqgWn
— Bitfinex (@bitfinex) January 21, 2019
Where the data the hacker leaked comes from is currently unclear. After being in the spotlight, he/she announced a nickname change to avoid unwanted attention.