A vendor from the darknet site Dread recently confirmed he is selling KYC (know-your-customer) user data from largest cryptocurrency exchanges directly on the dark web.
In mid-2018, the hacker-who goes by the username "ExploitDOT"-put up an ad on the dark web where he was seemingly selling confidential reports from users participating in top exchanges such as Poloniex, Bittrex and Bitfinex.
To verify the ad, CCN was able to get in touch with an anonymous cybersecurity expert, who tipped them off and was willing to share some insights.
The efforts resulted in receiving proof of the hacker's allegations.
The hacker's advertisement remains on Dread. In subsequent posts, ExploitDOT says he's still offering the data for sale.
Advertisement Offering Stolen KYC Data
ExploitDOT's ad was published back in July 2018 on Dread.
In the ad, ExploitDOT introduced himself as a former vendor on "Alpha" (presumably the now-defunct darknet market AlphaBay) and claimed to have hacked various top cryptocurrency exchanges to gain access to their know-your-customer data.
Among documents the user claimed to have, there were users' identity cards, information regarding users' location, drivers' licenses, selfies and many more.
The KYC data that most of the cryptocurrency exchanges require from their users is an essential part of the whole user verification process.
Such data usually includes address information, photographs and other information considered sensitive.
Apparently, the hacked classified data is on a sale beginning from $10 for every 100 reports or more. Discounts are also possible for the buyers who purchase in bulk.
This includes paying only $1 for 1,000 documents in an order of more than 25,000 ordered information.
The advertisement caught the attention of a cybersecurity expert who later decided to reach out to CCN. Due to this reason, CCN is the first source that provided coverage of the ad.
The Proof That Verified the Claims
A cybersecurity expert, who chose to stay anonymous, posed himself as a buyer and was able to get a maximum of three sample files out of the Dread vendor.
Later, this cybersecurity expert tipped off CNN about the dark web ad.
The expert provided proof, which included photos of different individuals, each of them holding up a paper.
On that piece of paper, every individual has the word "Binance" written, accompanied with the date of when the photo was exactly taken.
In these photos, identifiable documents such as drivers' licenses and identity cards are visible.
Their faces are reportedly not blurred but rather left out completely clear, which made it easier to confirm the reports are legitimate.
Even though the vendor provided a small fragment of samples, he claims to have confidential data about various users of cryptocurrency exchanges around the world.
The Response
Supposedly, the anonymous cybersecurity expert also had an exchange with Binance via email.
According to what was purportedly later found, there were some inconsistencies between the KYC data Binance archived and the data presented in the photos.
The focus was put on the claim that the photos were considered to be edited.
Further, the spokesperson of the cryptocurrency exchange reportedly noted that there is not unlawful access spotted in their system.
The email exchange between the cybersecurity expert and Binance was unavailable for independent verification.
