We are an exchange ourselves, and we think exchanges shall never collect KYC info from customers because, hey guys, let's face the uncomfortable reality:
We, as small-to-medium size businesses ( let's admit it guys, even the largest exchanges shall be considered mid-size business by real world standard), are not as sound as government agencies in terms of cyber security and the short history of crypto we have lived through has already proven this point hundreds of times. And, if a hack does occur, we don't have the kind of resources nor the legal authority to track down and arrest hackers and retrieve the lost KYC info.
Collecting KYC info jeopardizes our customers' privacy, and also infringes the original spirits of cryptocurrency. That's why we as a team decide we will never make KYC requirements. Period.
Sadly, some government agencies are making these inconsiderate requests that equally jeopardize their citizens' privacy.
Topic: Binance KYC leak hack or not? (Read 462 times)
Why the hell would anyone want to be VIP member of the site that can't handle it's regular members securely?!?! 
Binance tries to settle it in a smoothly cunning way. Although they are already offering VIP membership to the thousands of victims, which to me is already a subtle way of accepting the responsibility over what happened, they are still short of explicitly admitting that there was indeed a successful KYC hack on their system. CZ has initially labelled it as "FUD" and then they are now releasing a statement that no single leaked image bears the concealed digital watermark which Binance's KYC images have.
I think the hackers are not white hackers. They are not there to help Binance boost their security system. Neither are they simply trying to test the protection that Binance has. They are obviously black hat hackers, extorting money from their victims, in the case of Binance 300 BTC.
But seriously a lifetime VIP? is it really a good compensation over security? They really are not and it seems that the frontline is only involving one person which is consistently posting new Leaked data that he have.
It seems that they are not planning to settle it out until Binance will give them what they want (I am however very skeptical about it)
Binance is getting too big for its own good. Now with their margin and lending products they are making themselves even big of a target and on top of that they are not even catering to their most well paying customers. Us Americans. So if you ask me if the KYC leak was a hack or not? I don't know. But I sure as hell would not like to be one of the victims resulting from such a leak.
How do you think Binance suppose to play with the hacker? Is it right that Binance will just pay the hacker? I think that would not solve the problem, though this is just a piece of information and no money involve, Binance reputation are well affected here, those who sees there names displayed will surely not gonna use the service again.
True, it is a tricky issue and there is no prescribed way to deal with this type of situation. Every situation is unique and demands different.
This reminds me of the data leak from the largest telco in India some years ago - https://www.livemint.com/Industry/ucK2SJDM4Ws8k36ovZVj6H/Reliance-Jio-customer-data-allegedly-compromised-report.html
They didn't play ball, so the hacker just sold it on the dark web. A small bump in the road for Jio who's reputation for being unscrupulous faaar exceeds any comparatively miniscule reputational damage done by this leak. Today, they have put most other telco's in India out of business.
Not sure if this twitter handle was posted before, but you can follow the hacker here: https://twitter.com/BnatovP
That guy seems to be gaining followers, maybe I'll start following him also to see if my name is leaked in his tweet, but the way info is posted, it seems like he has more data to show publicly. From what I've read, seems like the hacker was semi-reasonable, yet binance wasn't willing to play ball.
How do you think Binance suppose to play with the hacker? Is it right that Binance will just pay the hacker? I think that would not solve the problem, though this is just a piece of information and no money involve, Binance reputation are well affected here, those who sees there names displayed will surely not gonna use the service again.
Not sure if this twitter handle was posted before, but you can follow the hacker here: https://twitter.com/BnatovP
From what I've read, seems like the hacker was semi-reasonable, yet binance wasn't willing to play ball.
From what I've read, seems like the hacker was semi-reasonable, yet binance wasn't willing to play ball.
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
It seems that binance is trying to compensate the leak hack victims by giving them a lifetime VIP membership in their platform rather than paying the so called white hackers. I think they should focus on fixing this asap rather than to find someone to blame.
I personally don't think that it is not enough because it will still be binance that can benefit from the said conversion.
I personally think that they are not blaming the third party for no solid evidences. Based on their investigation the said publicized photos has no watermarks that will indicate its reliability.
Here is an official binance statement for full info.
https://www.binance.com/en/blog/371631019142385664/Update--Action-Response-ThirdParty-Vendor-KYC-Matter
Binance tries to settle it in a smoothly cunning way. Although they are already offering VIP membership to the thousands of victims, which to me is already a subtle way of accepting the responsibility over what happened, they are still short of explicitly admitting that there was indeed a successful KYC hack on their system. CZ has initially labelled it as "FUD" and then they are now releasing a statement that no single leaked image bears the concealed digital watermark which Binance's KYC images have.
I think the hackers are not white hackers. They are not there to help Binance boost their security system. Neither are they simply trying to test the protection that Binance has. They are obviously black hat hackers, extorting money from their victims, in the case of Binance 300 BTC.
Which means there's indeed a hack happened.Thank you for the link provided because ive been following this earlier but in the end i do forgot to get the updates
about this kyc hack.Binance did really did make a good job on handling thing but somehow this situation already put up some stain into its reputation.
We can really conclude that theres nothing on this world can be considered as safe and as said earlier there would be always a loophole.
Binance has already admitted that those photos were collected for the verification of Binance accounts. According to their statement, they used a third party for a period of time which could be responsible to the leaks as binance stamps all it's verification documents. But it's still hard to believe this alibi as they denied the claims at first and now are offering life time VIP membership to the victims.
In other words, Binance is not facing this squarely. Their approach is a combination of a little circumventing the clients, a little of shirking full responsibility and somehow admitting it at the same time, and a little of damage control. They are like saying "yes, it is our fault" and also "but not really" at the same time. But their strategy appears working pretty well. There is no significant backlash of supporters. They have maintained much of their nice image as far as my observation is concerned. They were able to retain much of their solid clients most probably.
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
It seems that binance is trying to compensate the leak hack victims by giving them a lifetime VIP membership in their platform rather than paying the so called white hackers. I think they should focus on fixing this asap rather than to find someone to blame.
I personally don't think that it is not enough because it will still be binance that can benefit from the said conversion.
I personally think that they are not blaming the third party for no solid evidences. Based on their investigation the said publicized photos has no watermarks that will indicate its reliability.
Here is an official binance statement for full info.
https://www.binance.com/en/blog/371631019142385664/Update--Action-Response-ThirdParty-Vendor-KYC-Matter
Binance tries to settle it in a smoothly cunning way. Although they are already offering VIP membership to the thousands of victims, which to me is already a subtle way of accepting the responsibility over what happened, they are still short of explicitly admitting that there was indeed a successful KYC hack on their system. CZ has initially labelled it as "FUD" and then they are now releasing a statement that no single leaked image bears the concealed digital watermark which Binance's KYC images have.
I think the hackers are not white hackers. They are not there to help Binance boost their security system. Neither are they simply trying to test the protection that Binance has. They are obviously black hat hackers, extorting money from their victims, in the case of Binance 300 BTC.
Which means there's indeed a hack happened.Thank you for the link provided because ive been following this earlier but in the end i do forgot to get the updates
about this kyc hack.Binance did really did make a good job on handling thing but somehow this situation already put up some stain into its reputation.
We can really conclude that theres nothing on this world can be considered as safe and as said earlier there would be always a loophole.
Binance has already admitted that those photos were collected for the verification of Binance accounts. According to their statement, they used a third party for a period of time which could be responsible to the leaks as binance stamps all it's verification documents. But it's still hard to believe this alibi as they denied the claims at first and now are offering life time VIP membership to the victims.
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
It seems that binance is trying to compensate the leak hack victims by giving them a lifetime VIP membership in their platform rather than paying the so called white hackers. I think they should focus on fixing this asap rather than to find someone to blame.
I personally don't think that it is not enough because it will still be binance that can benefit from the said conversion.
I personally think that they are not blaming the third party for no solid evidences. Based on their investigation the said publicized photos has no watermarks that will indicate its reliability.
Here is an official binance statement for full info.
https://www.binance.com/en/blog/371631019142385664/Update--Action-Response-ThirdParty-Vendor-KYC-Matter
Binance tries to settle it in a smoothly cunning way. Although they are already offering VIP membership to the thousands of victims, which to me is already a subtle way of accepting the responsibility over what happened, they are still short of explicitly admitting that there was indeed a successful KYC hack on their system. CZ has initially labelled it as "FUD" and then they are now releasing a statement that no single leaked image bears the concealed digital watermark which Binance's KYC images have.
I think the hackers are not white hackers. They are not there to help Binance boost their security system. Neither are they simply trying to test the protection that Binance has. They are obviously black hat hackers, extorting money from their victims, in the case of Binance 300 BTC.
Which means there's indeed a hack happened.Thank you for the link provided because ive been following this earlier but in the end i do forgot to get the updates
about this kyc hack.Binance did really did make a good job on handling thing but somehow this situation already put up some stain into its reputation.
We can really conclude that theres nothing on this world can be considered as safe and as said earlier there would be always a loophole.
We have news regarding Binance exchange and leaked KYC
https://thehackernews.com/2019/08/binance-kyc-data-leak.html
Binance responded:
https://www.binance.com/en/blog/365766157488967680/Statement-on-False-KYC-Leak
Hackers wanted 300 BTC from Binance
What do you think?
I personally do not trust any exchange including Binance,
and I do not like KYC, for this reason among others....
https://thehackernews.com/2019/08/binance-kyc-data-leak.html
Binance responded:
https://www.binance.com/en/blog/365766157488967680/Statement-on-False-KYC-Leak
Hackers wanted 300 BTC from Binance
What do you think?
I personally do not trust any exchange including Binance,
and I do not like KYC, for this reason among others....
I am not sure about that because I don't follow the news, but I am sure that binance will handle it with care and they will solve the problem. I think that the leak is happening on every website, but if the site really cares with their members, they will protect the data, and they will secure their website from the hacker. Let binance do whatever they think it's necessary, and if we don't want to complete KYC, then we don't have to do that, and if you don't trust the exchanges, you need to find out the other way to buy and sell the crypto coins.
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
It seems that binance is trying to compensate the leak hack victims by giving them a lifetime VIP membership in their platform rather than paying the so called white hackers. I think they should focus on fixing this asap rather than to find someone to blame.
I personally don't think that it is not enough because it will still be binance that can benefit from the said conversion.
I personally think that they are not blaming the third party for no solid evidences. Based on their investigation the said publicized photos has no watermarks that will indicate its reliability.
Here is an official binance statement for full info.
https://www.binance.com/en/blog/371631019142385664/Update--Action-Response-ThirdParty-Vendor-KYC-Matter
Binance tries to settle it in a smoothly cunning way. Although they are already offering VIP membership to the thousands of victims, which to me is already a subtle way of accepting the responsibility over what happened, they are still short of explicitly admitting that there was indeed a successful KYC hack on their system. CZ has initially labelled it as "FUD" and then they are now releasing a statement that no single leaked image bears the concealed digital watermark which Binance's KYC images have.
I think the hackers are not white hackers. They are not there to help Binance boost their security system. Neither are they simply trying to test the protection that Binance has. They are obviously black hat hackers, extorting money from their victims, in the case of Binance 300 BTC.
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
It seems that binance is trying to compensate the leak hack victims by giving them a lifetime VIP membership in their platform rather than paying the so called white hackers. I think they should focus on fixing this asap rather than to find someone to blame.
I personally don't think that it is not enough because it will still be binance that can benefit from the said conversion.
I personally think that they are not blaming the third party for no solid evidences. Based on their investigation the said publicized photos has no watermarks that will indicate its reliability.
Here is an official binance statement for full info.
https://www.binance.com/en/blog/371631019142385664/Update--Action-Response-ThirdParty-Vendor-KYC-Matter
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
I think they should focus on fixing this asap rather than to find someone to blame.
I think that will also help the helper know the loopholes and try to attack the exchange themselves once they are in need of money again in future because they are securing it and they will know the gaps that they can use to hack these databases again and in future, ask again for some ransom. While we cannot trust even developers of projects to come and join our project to help us out in security issues, it is not a better option to go outside unless you trust them more than your current team.
There will always be loopholes but if someone is trying to reach you out about it and help you to fix such issues and avoid breaches then I think paying them out for such is not so bad since it will fix that issue and avoid it from happening again later on.
I think they should focus on fixing this asap rather than to find someone to blame.
I think they should focus on fixing this asap rather than to find someone to blame.
More update:
https://www.coindesk.com/a-bitcoin-extortion-gone-wrong-inside-binances-negotiations-with-its-kyc-hacker
I don't know who to believe if its Binance or Bnatov who's telling the truth.https://www.coindesk.com/a-bitcoin-extortion-gone-wrong-inside-binances-negotiations-with-its-kyc-hacker
While Binance puts the blame to a third party company. I will learn and know more about this hot issue.
Binance can fabricate a story of their own, it's their business at risk here so they'll have to come up with a good explanation that will make traders not to panic and withdraw their funds. Until I hear some report coming from an independent investigator that has a good reputation, I would not believe any story that would come out.
People come to crypto due it's free from KYC few years ago but now it seems things has changed , everything need KYC and we know it's sucks for privacy reasons.
Agreed. Hackers are gonna hack, and they're getting better at doing it.
Hackers will try their best to hack anything but what about having a trigger warning when something is fishy, just look at their withdrawals 7000BTC being withdrawn at once to multiple accounts a all are huge amounts and their so called security system implemented did not identify something fishy is going on.Look at their official statement, this is the binance official statement about the hack
Poloniex was bought by Circle and turns into a heavily centralized exchange thats why users left out this exchange in air and rankings goes down
It was not because of the take over, their issues started in late 2016 and early 2017 and none of the coins i deposited was credited and it took three weeks to get a resolution and i am sure many people had that difficulty and i stopped using them after those delays and their worst customer support to get a resolution. 
What do you think?
I personally do not trust any exchange including Binance,
and I do not like KYC, for this reason among others....
Eh, it could have happened to any exchange. Hell, even big corporations like Target have gotten hacked and have had their customers' information leaked all over the place. As far as trusting Binance, I'd say they're one of the more trustworthy exchanges out there, regardless of them getting hacked. Yes, it would be nice if they'd beef up their security so such a thing wouldn't happen....but we all know it does happen and will continue to happen.I personally do not trust any exchange including Binance,
and I do not like KYC, for this reason among others....
I'm not a fan of KYC either, but if an exchange wants to be legitimate they have to conform their practices to government regulations. I don't think any exchange wants to require KYC procedures. They have to if they want to be able to offer fiat services to their customers. Can't blame Binance for that.
I don't think this is all their fault, no doubt they have tried to make their exchange as secure as possible, and they have probably spent millions on security, tests, etc.
Agreed. Hackers are gonna hack, and they're getting better at doing it. Although it didn't come to my mind that all these incidents are partly inside jobs, I wonder why Binance appears so exposed to these security attacks. A giant exchange with a 24-hour volume reaching almost a billion USD getting successful successive security attacks? Where did the income go? Are they not investing a significant portion of their income for security protection? They can pay a lot of shills to provide hype to their brand but they cannot shell out money for their own protection?
This is the problem with majority of the big exchanges, they spend their effort and resource for more advertisement and branding but they will not take good care of their security, when ever there is a hack the owner comes up with his regular tweets that it is safe and nothing to worry, people will move out and find new platforms if they do not care about customers and their privacy and security, Poloniex was once a big exchange and a couple of years back they started having all the issues of coins getting delayed even after depositing and it takes three weeks to get a response from the customer support and they lost many customers and that will happen to Binance too.Providing your personal info is always a risk as they are stored somewhere and are within reach of some people.
Every of major exchanges are combating probable hacks everyday and noone can be future proof for every attacks. It's about mitigating the effect and being ready for the future.
Hacking is always a competition between black hat and white hat developers. And there's never a definite winner.
Although it didn't come to my mind that all these incidents are partly inside jobs, I wonder why Binance appears so exposed to these security attacks. A giant exchange with a 24-hour volume reaching almost a billion USD getting successful successive security attacks? Where did the income go? Are they not investing a significant portion of their income for security protection? They can pay a lot of shills to provide hype to their brand but they cannot shell out money for their own protection?
This is the problem with majority of the big exchanges, they spend their effort and resource for more advertisement and branding but they will not take good care of their security, when ever there is a hack the owner comes up with his regular tweets that it is safe and nothing to worry, people will move out and find new platforms if they do not care about customers and their privacy and security, Poloniex was once a big exchange and a couple of years back they started having all the issues of coins getting delayed even after depositing and it takes three weeks to get a response from the customer support and they lost many customers and that will happen to Binance too.Jump to: