Cryptocurrency exchange Binance is being blackmailed by hackers that claim to have access to customer passport and identity documents. In a statement, Binance said that "an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data."
Some of the KYC data -- which is photographic "know your customer" data -- has begun circulating online after Binance refused to pay the 300 BTC, equivalent to around $3.5 million. The data has been shared in an anonymous group on messaging app Telegram. According to Yahoo Finance UK, some 400 images of people holding passports and official documents have been shared. At 03:34am ET / 00:34am PT a message was sent by the group's admin, noting that "Uploading will be continued later."
However, Binance said in its statement that there are "inconsistencies" when comparing this data to the data in its system, and at the present time, "no evidence has been supplied that indicates any KYC images have been obtained from Binance," largely because the images do not contain the digital watermark imprinted by its system. The company did note, though, that the images appear to be from February 2018, a time when Binance outsourced its KYC verification processes to a third-party vendor.
While it's not clear if the leaked documents have been stolen from Binance, one of its partners or another source altogether, Binance is now under pressure to identify the individual behind the blackmail attempt -- particularly as it was the subject of a $40 million security breach earlier this year. In its statement, it said that its security team "is hard at work pursuing all possible leads in an attempt to identify the source of these images." The company added that it is offering a reward of up to 25 BTC (around $288,000) to anyone with information that leads to the identification of the hacker.