Extortion inside Binance Went Bad with It’s KYC Hacker

The incident took place inside Binance, the largest cryptocurrency exchange,. A person who was under anonymous called ‘’Bnatov Platon’’ expressed their trying to acquire millions of dollars in exchange for deteriorating to free information about customers of that exchange. The information of hacking was unveiled into public eye when Platon started posting his allegiances which were images and information about Binance customers on website and Telegram. This information was enough to spark the concentration of the industry but wasn’t safe and secure.

But there is something profound if you go deep into the matter. Back in May, some an outside group stole 7,000 bitcoin breaking into Binance user accounts through which hackers became able to seize a good number of API keys, 2FA codes and others info. May be, the leakage of information happened here. The person mentioned above wasn’t the offender of the hack but he was engaged in an hacking an exchange ‘’insider’’ by heist.

An unknown third party company seized their data that’s why Binance made an agreement to conduct its Know-your-customer since 2018. They were ‘’white hat hacker’’ confirmed by Platon. He asked for 300 bitcoin with a view to expand on the data he held. Binance is now on uncertainty and fear. An statement said that Binance is threatened by an unidentified individual demanding 300 BTC in exchange for warding off 10,000 photos that convey similarity to Binance KYC data which are being invested.

Revolving Money

The claim of Binance is that they said baleful actors seized customer’s APIs, two-factor codes and other information. Platon thinks that an insider helped hackers do that. Codes of accessing accounts and API keys were listed in text files, which carries information of email addresses and account passwords,  by hackers and that’s why hackers became capable of accessing accounts remotely.

Hackers wrote a envenomed script using this personal information which helped them withdraw .002 BTC and a buy order was taken for the BlockMason Credit Protocol by the code which converted to bitcoin. The code also can perform many functions too. These stolen coins were under an wallet of Blockchain. Using Bitmex, Yobit, KuCoin, hackers plundered 2,000 bitcoins and were looking to convert as much as $1 million in bitcoin per day.

Platon said about 636 files out of stolen 60000 customer accounts but it is yet unknown that what is the extent of vulnerability of information hacking. To get rid of the situation the exchanged suspended deposits and withdrawls just to save users. They said the incident won’t affect customers as the stolen bitcoin came from their corporate accounts. This is highly likely to be an API key attack. API allows a hacker to do anything from buy cryptocurrency on a victim’s behalf to moving cryptocurrency to an outside wallet.

Motivation of Platon

If Binance can capture the hackers then it will be first time for any exchange to do so and Platon strongly wants to do that. To bring hackers to justice Platon made a conversation with CGO, namely Ted Lin, of Binance to take multi-formed action. He provided them with all information of insider and outsider.

The CGO was agreeing to pay for information that can help in arresting the hackers, insiders and recovery of funds. At the same time Platon was scolded by Lin for FUD campaign. Platon said when he requires money, he can hack out hacker’s account balance and could retrieve up to 600 or 700 coins easily. But he didn’t want to tip the hackers off.

Colloquy Fall Down

In July white hat hackers were requesting $300 bitcoin paying in 50 installments for information on concurrent exchange rate but all on a sudden the negotiation got broken down. During the conversation Binanace didn’t pay a single penny.

After that Platon threatened the exchange to dump the information he had, the conversation got arisen but into a hostage negotiation. Then he deplored that the decision of conversing with them was fully wrong as they are not the right people. But this threat came into reality when a man under pseudonym ‘’Guardian M’’ uploaded a document dump containing 500 photos for 166 people’s KYC to an open file sharing site. A second dump again posted with hundreds with images of people’s IDs to a Telegram group. Platon thinks they are doing right indeed. He is sharing these to caution people who are dealing with Binance and he also added he would sell it underground if he needed money.

Leave a Reply

Your email address will not be published. Required fields are marked *