Author

Topic: You data is not safe on centralized exchanges (Read 395 times)

member
Activity: 97
Merit: 43
October 22, 2023, 08:14:18 PM
#53
Centralized exchanges are somehow the playground of scammers. While safety and security is their utmost concern when it comes to centralized exchanges, but in reality scammers could always take advantage using centralized exchanges by sending you random messages so they will get an access to your account.
It is discouraged to store cryptocurrency, money in centralized exchanges but I am sure with you, people will be less scammed by trading on centralized exchanges than on decentralized exchanges or Peer-to-Peer trading.

Because on centralized exchanges, you don't have pressure from your Peer-to-Peer trade partner to release your coin to finish a trade. Newbies can feel stressful with trade partner's pressure that is to force you to release your coin.

I agree that people lost big money on centralized exchanges by many exchange hacks and scam exits.

Reminder: do not keep your money in online accounts
Cryptocurrency exchange graveyard
Cryptocurrency exchange hacks
hero member
Activity: 2926
Merit: 657
No dream is too big and no dreamer is too small
This is the major problem of using a centralized exchange, because it opens room for scammers to disguise as the exchange to ask customers some personal information that they can use to have access to your funds.

I could remember that this trick is not new here in my country because this is how scammers will send you a text message or call you, that they are from your bank and that you should send them your last four digit number of your ATM card for them to verify your bank account to avoid blockage of ATM card. So many people fell for this trick, especially the ones that were not educated , and they got all the funds in their account wiped out.

This is the same method that these scammers has come with by deceiving people to verify their Binance account through the form so that they can have details which they can use to access your their Binance account.

It is better to stay away from CEX and if you can't, don't believe in whatever message or link that you get from anyone when it comes to your finance.
Centralized exchanges are somehow the playground of scammers. While safety and security is their utmost concern when it comes to centralized exchanges, but in reality scammers could always take advantage using centralized exchanges by sending you random messages so they will get an access to your account. By pretending that they were the legal team from a centralized exchange, some users opted to believe them without a doubt and give the details of their account without hesitation believing that it's part of using centralized exchanges and that they are supposed to provide the correct details for  the security of their account. While there are already few who can detect that is a scam, but still a lot of people still fall to this kind of trap not because they are not just educated but because they are just too trusting that once centralized exchange is involved, everything in it is valid and legit.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
But quite confused actually, for some beginners who learn to invest in Crypto, the first they recognize is a centralized exchange, so as to register and do KYC to be able to get the full features in the sale and purchase activity.
Do not be confused, even if you decide to use a centralized exchange, only use it whenever you want to convert crypto to fiat or vise versa, but do not use it to keep assets, your assets should be kept in your non-custodial wallet. I understand that it is very difficult for so many people to avoid using centralized exchanges for buying or selling crypto, but the best thing you can do for yourself is not to use it as a "bank", move your coins to Sparrow, Electrum or any other good non-custodial wallet.
sr. member
Activity: 1148
Merit: 409
Duelbits
Also keep in mind that what has happened in several exchanges that experience destruction, in addition to leaking data also money is also not returned by them is very detrimental, although I understand that the leakage of data could be due to hacking activities, even if it is people's behavior In companies that do it yourself, it is a very bad action.

This is quite dangerous, thank you for reminding many people here, with this there might be an indication of a big fraud if you let it, tonight I will divert my funds to the wallet that is managed by myself.
But quite confused actually, for some beginners who learn to invest in Crypto, the first they recognize is a centralized exchange, so as to register and do KYC to be able to get the full features in the sale and purchase activity.
hero member
Activity: 1190
Merit: 901
Livecasino.io
Nobody should have any trust with centralized exchanges. Treat them with extreme caution knowing that your data and assets isn't safe with them. Even these exchanges know this and issued this out in their Terms of Service. Below is a snippet of a section of the Terms of Service from OKX , a centralised exchange.

Quote
4.7 By accepting the Terms, you expressly agree to the pooling of your Digital Assets with the Digital Assets of other users. Digital assets of users are not protected by deposit protection or deposit insurance scheme. In the case of an irreconcilable shortfall, you may not receive some or any of your deposited assets or funds.

Custody risk

6.36 OKX may hold Fiat Currencies and Digital Assets with third parties. However, the Digital Assets OKX holds are not “deposits” nor are they intended to be held as any other regulated product or service under Applicable Laws.

6.37 In certain circumstances permitted by the Applicable Laws and Regulations or market practice of the relevant jurisdiction OKX may register or record a User’s Account in the name of the custodian or under OKX’s name. If the Accounts are held in the name of the custodian or OKX’s name, such assets may not be segregated from OKX’s assets and, in the event of a default by the custodian or OKX, may not be as well protected from claims of the creditors of the custodian or OKX’s creditors as would be the case if the User’s client assets had been segregated from the assets of the custodian or OKX’s assets. For Users of OKX Singapore specifically, Users’ assets are held in one or more segregated custodial accounts on trust for the benefit of the Users.

6.38 In the event of the insolvency or any other analogous proceedings of a third party holding a User’s Fiat Currencies and/or Digital Assets, OKX may only have an unsecured claim against the third party on the behalf of a User and a User may be exposed to the risk that the Fiat Currencies, Digital Assets or any other property received by OKX from the third party is insufficient to satisfy the User’s claim and the claims of all other relevant Users.

6.39 If OKX deposits a User’s Fiat Currencies and/or Digital Assets with a third party, such Fiat Currencies and/or Digital Assets may be pooled with those belonging to other Users. In such circumstances, a User’s individual client entitlements may not be separately identifiable by separate certificates, other physical documents of title or equivalent electronic records and, in the event of an irreconcilable shortfall after OKX’s insolvency, any Users whose assets have been pooled may share in that shortfall in proportion to their original assets in the pool. Any entitlements or other benefits arising in respect of pooled assets will be allocated pro rata to each User whose assets are so pooled.

6.40 Fiat Currencies and/or Digital Assets may be held by a third party appointed in good faith by OKX, or by OKX’s nominees or sub-custodians. Such third parties are not under the control of OKX, and OKX accepts no liability for any default of any nature by such third parties and, in the event of any such default, a User may suffer total or partial loss in respect of the User’s Account. The extent to which a User may recover its Fiat Currencies and/or Digital Assets in jurisdictions may be governed by specific legislation or local rules.
https://www.okx.com/help/terms-of-service


The summary of it all is that, they will do with your personal information and digital assets as they please and there is nothing that you or anyone can do about it because they have already told you so. And you have inadvertently agreed to it when you registered on their platform.
legendary
Activity: 2184
Merit: 1302
Playbet.io - Crypto Casino and Sportsbook
Exchanges are not the only place where you have shared your data. Your social media handle, website that you use for working purposes even your children's school database nothing is safe. If your identity is shaved somewhere on the internet then there will always be a chance for it to be misused.
Of course you have an ID card, your data is with your government and other institutions in your country, the government could also work with your bank to confiscate the fiat in your bank account, or get any information about you from centralized services you have used in your country. But that is the "centralized world", and i think that if you have interest in Bitcoin, you would want to want to keep that aspect of your financial life away from the government by not using crypto centralized services.
Centralized exchanges usually don't share your data with any third parties and the purpose of that data is to prevent you from any illegal activities with your account. I am not seeing anything bad about it.
They can share that data with any third party that has the legal right to request for it, whether you are wanted for any illegal activity or not.
sr. member
Activity: 593
Merit: 271
This is one of the major problems with centralized exchanges and KYC. They just won't provide enough security for customer data. And somehow, hackers always get that data. One way and another. It's nothing new. The most shocking thing is, not just data breaches sometimes exchanges themselves will sell out customers data. Not just low-time, low-value shitty exchanges, but exchanges like Coinbase, where they were caught red-handed selling customers data. Although I had to do my KYC many times due to my past gambling habit, but I am always against it.

The Coinbase Case: https://www.financemagnates.com/cryptocurrency/news/coinbase-admits-its-former-data-provider-sold-client-data/
hero member
Activity: 1190
Merit: 543
fillippone - Winner contest Pizza 2022
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

Quote
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless
It is actually true that having an account on a centralized exchange can pose some risk but because of that, it does not mean that we can create an account on centralized exchanges. Running businesses whether online or physical have their own risks so we just need to be very careful how we relate to information we get from our emails or dm.

 It is easy to get hacked through emails or personal dm than other ways. Our information can be leaked online if the exchange we are using got hacked and the team lose access to customers portfolio which is a big treat to many exchanges to be very careful how to keep their customers information. It is good when we choose the best exchange to use for crypto transactions whether trading or buying cryptocurrencies.
legendary
Activity: 1106
Merit: 1337
Lightning network is good with small amount of BTC
Centralized exchanges usually don't share your data with any third parties and the purpose of that data is to prevent you from any illegal activities with your account. I am not seeing anything bad about it.
Are you sure? Are you to director of all exchanges in the world or are you spiritual enough to know that insider work can not lead to misuse of users identity documents? What about if the data is breached and stolen by scammers? With the KYC, there are still scam on centralized exchanges if you are not careful you will be scammed there.
hero member
Activity: 1232
Merit: 516
Exchanges are not the only place where you have shared your data. Your social media handle, website that you use for working purposes even your children's school database nothing is safe. If your identity is shaved somewhere on the internet then there will always be a chance for it to be misused. Centralized exchanges usually don't share your data with any third parties and the purpose of that data is to prevent you from any illegal activities with your account. I am not seeing anything bad about it.
sr. member
Activity: 2114
Merit: 309
I don't think problem with our data secure or not on centralized exchange, current have several exchange have been scam and required with KYC procedure but our data keep secure until right now. Last collapse decentralize exchange is FTX but never heard about any document of FTX user sell on dark market, its seems all user data secure although FTX have been scam almost one year and not any problem yet with user data publishing or selling on dark market.
All exchange have been hacked their target with stealing fund of exchange and hacker not focus with user KYC data because less of values, most priority how much fund for stealing than with how many user data of user have been KYC in some decentralized exchange market.
legendary
Activity: 1554
Merit: 1139
How do hackers know who to send messages to?

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.
I have always had a hard time believing that in any hack that happens to any exchange or project out there, there isn’t an insider work. I have great doubt in thinking otherwise. There is always going to be the hand of an insider so long as I’m concerned. This makes relieving staff or cutting down staff of there job in a critical position, as by some means to stabilize operation a dangerous thing. These guys knows the loopholes in the system and can explore it.
Also, not having to give your staff proper welfare, it’s some means to tempt them.

Quote
If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.
It’s definitely one purpose by which, these bridged data’s can be used and one can not be too careful enough as some services are very much needed.
legendary
Activity: 2002
Merit: 2534
The Alliance Of Bitcointalk Translators - ENG>SPA
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.
I am shocked reading this even though I know it is something that is common. Shouldn't these crypto exchanges be at the top of their game when it comes to the data of their uses. What I'm trying to say here is that if they notice that they have had a security breach they shouldn't wait for hackers to send these scam messages to their customers rather this centralised exchanges should reach out to their customers via any means informing them of a scam or a hack and that they shouldn't respond to any email or phone call that asked them to click on a link. This may seem hard to accomplish but it will be worse if their user base starts to decline because people no longer trust them.

Different laws in different countries obligue to warn users in case of severe security breaches. It is the case of Europe, but I'm not sure about Hong Kong. Take into account that admitting being victims of breaches has a cost for the reputation of the company too, so these situations have to be hard to manage, although from our perspective as users it is clear what is supposed to be done.

Maybe there is some sort of flexibility when it comes to declare a breach severe or light, they play with.

sr. member
Activity: 728
Merit: 444
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.
I am shocked reading this even though I know it is something that is common. Shouldn't these crypto exchanges be at the top of their game when it comes to the data of their uses. What I'm trying to say here is that if they notice that they have had a security breach they shouldn't wait for hackers to send these scam messages to their customers rather this centralised exchanges should reach out to their customers via any means informing them of a scam or a hack and that they shouldn't respond to any email or phone call that asked them to click on a link or submit personal information. This may seem hard to accomplish but it will be worse if their user base starts to decline because people no longer trust them.
hero member
Activity: 798
Merit: 1045
Goodnight, ohh Leo!!! 🦅
Yeahh, that's for sure. Denying themselves the access to manipulate your informations doesn't mean they don't have full control over it... From Thier ends, they can extract your informations and sell them out for various useful or malicious reasons...
It's quite unfortunate that we can't stay away totally from centralism... We would prolly avoid alot if we could.

Sandra 🧑‍🦰
full member
Activity: 1582
Merit: 132
BK8 - Most Trusted Gambling Platform
How do hackers know who to send messages to?
Because they probably do have some centralized database of exchanges and they end up analyzing it. We sometimes find it difficult to know how hackers work from getting data, executing it, and cleaning it very quickly. that's why they are hackers. Moreover, if there are loopholes in the platform, then it will be easier for them to execute. And even though it is difficult to penetrate, we never know how often these hackers will try again and again until they can actually get in. And this doesn't only happen to Binance but also to all centralized platforms, cyber crimes are real and will always haunt us, nothing is truly 100% safe.

On the other hand, especially if hackers send messages randomly and some people who don't really understand this believe it, or even some people deliberately post the results of their investments on centralized exchanges, then this will really make it easier for hackers to work optimally. Well, actually, sometimes there is an element of negligence on our part and our own ignorance about the dangers of clicking on phishing links or believing in messages from someone we don't know. Better, just avoid and ignore it.
hero member
Activity: 1106
Merit: 912
Not Your Keys, Not Your Bitcoin
This is a serious matter, that's why its very important to get some of this guys to this forum so that they can learn and get updated just as this matter is discussed now.  Information as such quickly get verified by experienced people on the forum and that help investors to be cautious as they read through people's post and comment regarding the issue.

Another means to get rid of this scam strategy is for centralized exchanges to always keep their users aware of such actions and how to avoid it.

Even if they should come to the forum, before they get the right information, they would have lost all the things that they are assumed to be hidden have gotten to the wrong place. More than half of the population that know or use crypto today all used centralized exchanges because they learn from all the YouTubers and influencers that are always ready to give referral link to get bonuses. This are the wrong orientation new people that comes to the crypto get and the reason why hackers get more victims.

If new people that are joining crypto for the first time right refuse to use centralized exchanges, we can say that the future of crypto is in safe hands but the majority are here for the altcoins that can give that quick gain which are all situated on centralized exchanges, the data collection is not stopping anytime soon I guess.
hero member
Activity: 826
Merit: 583
This news will probably greatly impact users of the Binance centralized exchange in Hong Kong, or even other countries. however Binance is already one of the largest crypto exchanges in the world. and anyone will definitely believe in carrying out KYC there with the procedures required by the platform to carry out operations.

I don't know how the hackers carried out the fraud, but if it causes losses for Binance members, I think they have to solve this hacking problem quickly. Was it a mistake on the part of the user, or was there a system that was hacked and allowed hackers certain access to commit very obvious fraud to Binance users.
hero member
Activity: 2520
Merit: 783
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

Quote
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

But what can we do with it? Binance or any other top exchange require KYC before using their service and we cannot do anything but to provide since this is the requirement that needed to submit before we can trade our coins there. Although its really risk is there we just need to be aware that certain like what you mentioned exist and we should never trust anyone especially those people sending random links and ignore them. Also we should always verify the messages we receive especially if they ask us to click the link and sign up something like our information or anything.

Fraudster right now find multiple ways to deceive people so we just need to be careful regarding on their possible attacks done and we should always put on our minds that never try to open anything unknown to us since this will totally put our life or holdings at huge risk to get hacked by criminals.
sr. member
Activity: 1400
Merit: 268
Fully Regulated Crypto Casino

Is the message randomly sent to people?

I doubt that, On 2019, Binance reported that there are data breach on their user data, users email probably stolen and it could be sold online to scammers. This note exclusive to Binance or even crypto exchange, marketplace and other sites too. All the user could do is be more careful while receiving email that seems suspicious. And I think even those exchange knows that KYC is useless, but they still need to do that for formality to pass the government regulation and be considered as 'compliant exchange'
hero member
Activity: 1190
Merit: 543
fillippone - Winner contest Pizza 2022
Everyone spies and collects your data, starting with browsers, Google, your service provider, Facebook and WhatsApp applications, Gmail, and even your phone or Windows operating system. Therefore, be careful when using your email if you do not want to find it filled with spam.
Centralized platforms do not protect customer data, and some of them share, store, or sell it to third parties, so you should mainly use centralized platforms that do not require identity verification when you have to.
It is true that our data might not be safe on centralized exchanges but there is nothing we could do about that because we ought to have account on a centralized exchanges for us to trade and stake our coins to earn more profits. Even the so called big investors for have accounts on centralized exchanges to make trades that might not be possible on decentralized ones. The most important things we need to ensure is to keep to good safety measures by not signing up on third party exchanges which could lead to spamming of our accounts or even for it to get compromised by hackers without our knowledge.
sr. member
Activity: 336
Merit: 365
The Alliance Of Bitcointalk Translators - ENG>PID
So many people fell for this trick, especially the ones that were not educated , and they got all the funds in their account wiped out.

I think it will be ignorance that would make someone give out the digits of their debit card out to anyone. Even on registering a bank account, they will tell you strictly that the bank can never contact you, or text you privately for any personal documents. And if need be, they usually advice people to visit their local bank branch. When you come in contact with an unknown message or text requesting you provide details or click a link relating to your funds, it usually adviced to go to the original site and check if any such details are required at that time. Hackers are fond of these acts so someone who is socially active should be aware and alert just in case they come in contact.
legendary
Activity: 1596
Merit: 1288
Everyone spies and collects your data, starting with browsers, Google, your service provider, Facebook and WhatsApp applications, Gmail, and even your phone or Windows operating system. Therefore, be careful when using your email if you do not want to find it filled with spam.
Centralized platforms do not protect customer data, and some of them share, store, or sell it to third parties, so you should mainly use centralized platforms that do not require identity verification when you have to.
sr. member
Activity: 1666
Merit: 426
Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.
It's not randomly sent, there are hackers that scrape data on websites and there are people that are in-charge of getting data of large quantity of people and those people sell those data illegally to entities that are using those compromised data to do their nefarious deeds. These very things are the very reason why data are protected and why hackers sought them the most besides money and confidential files.
legendary
Activity: 1106
Merit: 1337
Lightning network is good with small amount of BTC
OP, thread's title is very misleading because "You data is not safe on centralized exchanges" has nothing to do with the given case. In article, we read that 11 users become a victim of phishing. It's their responsibility to check the url of where they enter the data. Centralized exchange is not an issue here. Even if these users ha self-custody wallets, they would still lose it because of their inattentivness.
Wrong. Go and read the news again, it is clearly stated in the news title.

If you want to argue with the news and if you you do not want to be wrong, come up with evidence that it is not through KYC submitted on the exchange by the exchange users that led to the hack. Becuase 11 people were victims does not mean they are the only one that got a phishing message. If it is only one person, I will not think it can be through KYC, but if it is getting to more people, we can think it may be caused by KYC. If you have a good answer to the OP question, that is it not KYC breach? Then give evidence that it is not.

Binance users in Hong Kong lose $450K in wave of fraud texts: HK police: https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal
legendary
Activity: 2576
Merit: 1860
Physical robberies and attacks are much more worrisome but also much less common than online theft. Apparently, the bigger problem in the crypto space today is more of the latter than the former. And this is exacerbated by the widespread growth of centralized platforms which collect personal information from its users. Although this is also largely due to regulatory policies, these platforms aren't without responsibilities.

Actually, it's a simply thing. No data collection means no data breach. Data collection means there's data to be stolen. So, I guess crypto users will have to try their best to avoid platforms which demand personal data.
full member
Activity: 1680
Merit: 169
Buzz App - Spin wheel, farm rewards
How do hackers know who to send messages to?

There is only way to not worry about centralized exchanges, data breach, and privacy breaking. The solution is never do KYC or simply avoid centralized exchanges, don't use their service, it will give you rest of mind and happiness. In short, when you see this type of news, you will walk pass like you don't know anything about it because they have nothing on you. Simply see kyc as criminal activity that people indulge in and we know when you don't do crime, you will not have any fear even if they(hackers) try to stop you.
That's right, the best way to avoid misuse of personal data is not to carry out KYC, but there are many people out there who still depend on centralized exchanges because they have great liquidity and can provide members with the funds they need quickly, I carry out KYC at The big local exchange in my country, I don't have the option to avoid KYC because my local fiat pair is only available on exchanges that require KCY, if there was an option to avoid KCY then I would choose that.
legendary
Activity: 1750
Merit: 1329
Top Crypto Casino
In my country even there's a implemented KYC with the Sim registration still their platform is not ideal to use because first the user can input a not real id for verification and still there's some messages came from different banks, casino and other platform that have event or seeking for assistance those are all ignored to my device. It's quite annoying but again there's no safe in the internet even though they agree with data privacy act still there's a chance our data might leak or they really sell it.

... now that the Philippines' health insurance corporation has been hacked and become a victim of ransomware, SMS and email of millions of people could have fallen victim to these attackers—a reservoir for bad actors to steal not only money but also PII (Personally Identifiable Information) that they can use to exploit.  Roll Eyes

Somewhat similar story: https://www.philstar.com/headlines/2023/10/10/2302640/philhealth-hacked-what-we-know

Actually there's a lot of rumor here some people say it's an inside job so they can earn a money, some of them really tell that the Philhealth was hack and at the end of this point it's a government mistake because they didn't hire a cyber security and a good defender security too to their company. We know PH government didn't focus here too much.
legendary
Activity: 3052
Merit: 1281
Get $2100 deposit bonuses & 60 FS
As long as the information is saved in a cloud storage or can be accessed online, it will never be safe from hackers.  It does not include centralized exchanges but also other centralized online services.  Even the so called DeFi are constantly hacked.  So we should always think that there is no 100% security when it can be accessed online.

It is also possible that there is an under-the-table negotiation where centralized services hold data of people and offer them to newly established companies for prospecting.
sr. member
Activity: 756
Merit: 356
This doesn't only happen with centralized exchanges, but all centralized institutions are liable to data breach.
There was a time this was a common way to scam people or their funds from their bank accounts in my country.
It's either people in the bank sell customers data to scammers or they're the scammers themselves.
It could also be that hackers have found a way in their system so they can get customers information.

You could open an account and within a week of opening the account you're receiving calls and emails from the said bank asking for login details and card details, only it is not the bank calling.
People are smarter these days to realize that it's a scam but people still fall for it a lot.
sr. member
Activity: 658
Merit: 441
Quote
Binance recently announced our partnership with Refinitiv, a know-your-customer (KYC) services provider company affiliated with Thomson Reuters. This partnership, through which Binance will utilize Refinitiv's automated KYC application on the world's leading cryptocurrency trading platform
According to this information, Binance has a KYC partner and the data breach could have come from Refinitiv or from Binance exchange. Where ever the breach might have come from, users still have a big role to play in safeguarding themselves. I want to believe not everyone who got the text message from the hacker fell for the click bait, so it's an issue of unawareness from the victims because this could have been avoided. It is still their responsibility to keep themselves well informed on cybersecurity and learn better ways to protect themselves.
member
Activity: 388
Merit: 30
Reward: 10M Sheen (Approx. 5000 BNB) Bounty
This is a serious matter, that's why its very important to get some of this guys to this forum so that they can learn and get updated just as this matter is discussed now.  Information as such quickly get verified by experienced people on the forum and that help investors to be cautious as they read through people's post and comment regarding the issue.

Another means to get rid of this scam strategy is for centralized exchanges to always keep their users aware of such actions and how to avoid it.

legendary
Activity: 3052
Merit: 1281
Get $2100 deposit bonuses & 60 FS
I don't trust unexpected text messages, especially with links. In any case, I visit the website to confirm if it is legitimate. It seems that hackers are behind this due to a data breach. Our identity is no longer safe in centralized exchanges once they are accessed by criminals. We know that KYC is a regulatory requirement in the financial industry designed to verify the identity of customers to prevent money laundering and fraud. However, when you do comply, your identity becomes vulnerable to risks, and the level of anonymity in transactions decreases. No matter how secure a platform may be, it's pointless if it's not responsible.

We should be cautious and do not click any link given to us without verifying the validity of the link.  Often times malware is loaded on that link ready to inject our device system once we clicked it.

KYC is useless because it doesn't actually prevent criminals from using centralized exchanges. Criminals can simply provide fake or stolen personal information during the KYC process. This means that KYC doesn't make centralized exchanges any safer for their customers.

They can fake the ID but the exchanges have a filter to prevent that, and that is having a selfie while holding the ID submitted and a bond of paper with a writing of the exchange domain, and date.  Though I agree that KYC does not make centralized exchanges any safer, it does verify if the person is really the owner of the ID submitted to the centralized exchange..
hero member
Activity: 2464
Merit: 594
I don't trust unexpected text messages, especially with links. In any case, I visit the website to confirm if it is legitimate. It seems that hackers are behind this due to a data breach. Our identity is no longer safe in centralized exchanges once they are accessed by criminals. We know that KYC is a regulatory requirement in the financial industry designed to verify the identity of customers to prevent money laundering and fraud. However, when you do comply, your identity becomes vulnerable to risks, and the level of anonymity in transactions decreases. No matter how secure a platform may be, it's pointless if it's not responsible.

KYC is useless because it doesn't actually prevent criminals from using centralized exchanges. Criminals can simply provide fake or stolen personal information during the KYC process. This means that KYC doesn't make centralized exchanges any safer for their customers.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
How do hackers know who to send messages to?


Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

This is what I can think of why hackers know where to send message. It's either data breach, insider and maybe from phishing although I don't think they will get many data from phishing. This should be the reason why KYC is not good and there could be a consequence that a person may face such like identity theft. It's better if we use decentralized exchanges where as we all know it doesn't require KYC before you can use it or a feature that an exchange have.
sr. member
Activity: 728
Merit: 421
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

Quote
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

From the onset people have been warned about centralized exchange not to be safe for holding of large amount of funds or assets as the case may be. This information is not hidden anymore that one can not see it or use their common sense to know that centralized exchange is not safe. I believe that "there can never be a smoke without fire" so data leakage can not be a surprise to me because there is definitely an inside work to have aided in the hack to accessing customers information. This is why we are advised to know this "not your keys, not your coin" slogan.
hero member
Activity: 1834
Merit: 879
Rollbit.com ⚔️Crypto Futures
Things I tell family and friends, if you haven't entered or played any lottery and you receive a message or call saying you have won X amount yet you did not play/buy a lottery ticket then you automatically know it's a scam!!! Same principle can be applied here, you have passed KYC and documents aren't expiring soon why would an exchange request you to go through the process again without any heads up before expiry... sometimes it takes your sixth sense to see through such scams.

By the way ,with below standards of safeguarding user data why do exchanges feel compelled to carry KYC checks on clients when they themselves can't guarantee security??

sr. member
Activity: 2520
Merit: 280
Hire Bitcointalk Camp. Manager @ r7promotions.com
Physical attacks are less possible scenarios from the data breach but what they most likely will do is to attack them via phishing links and hopefully, they expect the prey to fall into the trap so it will be easy money for them.

This generation should know the importance of keeping their data to be safe in general not limited to exchanges alone, most data breaches happen on random websites where we used to submit our details for no reason at all and then it can be easily hacked then it will be sold then it can be used for illicit activities. Don't expose your status 24/7 but people are used to social media life and things are out of hand already.
hero member
Activity: 1428
Merit: 513
Payment Gateway Allows Recurring Payments
I am not based in Hong Kong but such attacks should be avoided easily if Binance comes up with something unique for the communication purpose. Which is already there, but those who are new to the crypto field and fall prey to such phishing links might not think of it. Because last time I checked, such phishing attempts also occurred in the Electrum desktop wallet. Where user activates it after many months and on the app he is asked to update the wallet in a built-in app pop-up notification.

Well, those who were active in the market did know that this pop-up notification was a phishing scam but that user was not active in the community and clicked on the link and updated the electrum wallet of those scammers and when entered the seed phrase lost all of his money.

The best way to confirm the signature but if the same system of confirmation of messages, sent by the Binance or any centralized exchange would be provided then it will be easier for the newbies.

By the way thanks for informing me about it.
hero member
Activity: 602
Merit: 442
A Proud Father of Twin Girls 👧 👧
This is the only reason why I don’t trust KYC and I think there should be a serious screening before employing anyone to work in firms that require clients to submit KYC and this is because it is becoming very risky submitting KYC to online platforms and I’m sure to an extent, binance might be losing customers at least in Hong Kong.
Personally I have been a person who doesn’t have any issues with submitting KYC especially if I trust a platform and binance despite being a centralized exchange has been one of my favorite and I trust them but this news is already getting me scared and I hope they strengthen their security.
hero member
Activity: 2352
Merit: 905
Metawin.com - Truly the best casino ever
OP, thread's title is very misleading because "You data is not safe on centralized exchanges" has nothing to do with the given case. In article, we read that 11 users become a victim of phishing. It's their responsibility to check the url of where they enter the data. Centralized exchange is not an issue here. Even if these users ha self-custody wallets, they would still lose it because of their inattentivness.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
There is only way to not worry about centralized exchanges, data breach, and privacy breaking. The solution is never do KYC or simply avoid centralized exchanges, don't use their service, it will give you rest of mind and happiness. In short, when you see this type of news, you will walk pass like you don't know anything about it because they have nothing on you. Simply see kyc as criminal activity that people indulge in and we know when you don't do crime, you will not have any fear even if they(hackers) try to stop you.
Note that even decentralized exchanges are not actually decentralized and they can collect user data like centralized exchanges too. They only don't require users to do KYC but using decentralized exchanges and some of their services like staking, farming to earn is not safe. Their decentralized exchanges can stop operation anytime and if you lock your coins in their staking pools, you can lose your coins anytime.

Privacy is not completely secured on decentralized exchanges and you have to use them with caution too.

On centralized exchanges, KYC is not only to prevent and control criminal activities, money laundering. KYC serves many purposes for centralized exchanges and governments.
sr. member
Activity: 490
Merit: 325
How do hackers know who to send messages to?

There is only way to not worry about centralized exchanges, data breach, and privacy breaking. The solution is never do KYC or simply avoid centralized exchanges, don't use their service, it will give you rest of mind and happiness. In short, when you see this type of news, you will walk pass like you don't know anything about it because they have nothing on you. Simply see kyc as criminal activity that people indulge in and we know when you don't do crime, you will not have any fear even if they(hackers) try to stop you.
hero member
Activity: 574
Merit: 554
Leading Crypto Sports Betting & Casino Platform
If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless
This is an important danger of using centralized platforms that should be considered. Any KYC requirement that requires information like phone numbers, residential addresses, social media handles, and other personal data is highly dangerous. With these data, criminals can physically track their targets with less restrictions. These days many people live their lives on social media. They cheaply give out their locations on the internet which will give these criminals access to them. The recent murder of a well-known rapper in South Africa was facilitated because he gave out his location on social media. Having a special email, phone number or social media media account for registration in these centralized platforms will reduce some of the risk of using them. 
hero member
Activity: 812
Merit: 560
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

Quote
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless

Maybe newbies may be the ones to easily fall a victim of this kind of attack because when something is coming from Binance or any reputable exchage, one should be able to descern if they are actually from a verified source or not through the content on what they are sending, also, for every user of any of centralized exchanges, there's no privacy and security at it's highest order on such user that guaranteed the safety of one's asset, if you're using an exchange then know it that everything you do there is at your own risk, they can experience any challenges that will directly affect you as well being their user, what they give is not wallet but accounts, all user wallet keys are in their possession, remember not your keys not your coins.
sr. member
Activity: 854
Merit: 424
Playbet.io - Crypto Casino and Sportsbook
How do hackers know who to send messages to?
If such things sent to your email, you must check whether your email was pwned.
https://haveibeenpwned.com/

Quote
Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.
If it is from internal staffs, they will be caught by the exchange soon. It's your responsibility to wait for confirmation from the exchange about that message as well as how they handle their internal problems.
sr. member
Activity: 1316
Merit: 422
Catalog Websites
Insider involvement is very likely in cases of this type of fraud because they only target Binance Hong Kong users, these types of messages are not sent randomly, they already hold user data leaked by insiders. The contents of the message they sent made the victims who were always active on Binance and stored assets there feel afraid, without thinking twice they immediately clicked on the link as directed in the message.
It is very easy for hackers to get user data, they can work with insiders to get user data who store assets on the exchange. Avoid storing assets on the Exchange, there is no guarantee that your assets will be safe there.
hero member
Activity: 2604
Merit: 816
🐺Spinarium.com🐺 - iGaming casino
Hackers will use a lot to trick their targets, which has been proven by several cases we have heard about. The hackers sent random text messages to many people and just waited for someone to fall into their trap. We have to be careful and confirm the information we receive, and the important thing is that we don't panic if we get a message like that.

If we panic, we won't be able to think clearly and will fall into their trap easily because they can also play with their target's psychology. They will very convincingly influence their targets to follow what they want. The hackers already had the target's data but sent the messages randomly.

So the sale of customer data does exist, and hackers can get it easily. We may also have experienced getting an offer from someone we don't know, but he already knows our name and address. That's because the data we provide to banking or insurance agencies share the data with each other.
hero member
Activity: 938
Merit: 605
Leading Crypto Sports Betting & Casino Platform
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.
Centralized exchanges we know are not safe and the bitter truth is that we can't completely avoid them. Although In this scenario Its not just enclosed in how unsafe having our data's on  centralized exchanges or any other kyc required entity, It also has a lot to do with knowledge.  Anyone using binance and is well informed about how binance operates in terms of notifying or reaching out to their customers will  not have problem identifying that binance don't notify their customers on any important issues as such through text messages and will move straightaway to login into their account to check for such notification if it's there or better still contact the customer service.
There are many advance fashions of scammers that is why whatever crypto exchangers we are using we ought to study and research to learn about their operations as having prep knowledge of that can easily save us from falling to a scam coming through that angle.

For the fact that we can't completely guarantee of not using centralized entities which means these are the kind of risks we'll likely be experiencing using them  we also have to equip ourselves in knowledge against these expected scams. For without knowledge it's easy for anyone to fall to their antics.
sr. member
Activity: 476
Merit: 385
Baba God Noni
This is the major problem of using a centralized exchange, because it opens room for scammers to disguise as the exchange to ask customers some personal information that they can use to have access to your funds.

I could remember that this trick is not new here in my country because this is how scammers will send you a text message or call you, that they are from your bank and that you should send them your last four digit number of your ATM card for them to verify your bank account to avoid blockage of ATM card. So many people fell for this trick, especially the ones that were not educated , and they got all the funds in their account wiped out.

This is the same method that these scammers has come with by deceiving people to verify their Binance account through the form so that they can have details which they can use to access your their Binance account.

It is better to stay away from CEX and if you can't, don't believe in whatever message or link that you get from anyone when it comes to your finance.
hero member
Activity: 630
Merit: 510
Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

This does not have to be the only cases. One of the loopholes that hackers use and that companies use to evade responsibility is sharing data with third parties is sharing data with third parties, whether those parties are legal or for commercial purposes, and therefore there are several copies of your data in several Parties. Some of these parties abide by the laws and maintain the confidentiality of the data and delete it after a while, but there is always a third party that is vulnerable to hackers or to leaking and selling the data. even the current laws that protect customer data will fail with such data sharing.

You should use better email filters, check any link before clicking on it, and make sure it is not a phishing link.
legendary
Activity: 1904
Merit: 1563
Right now, whoever the company who texted me, especially if it is finance related mobile applications, I make sure to ignore or much better delete them.

And now that the Philippines' health insurance corporation has been hacked and become a victim of ransomware, SMS and email of millions of people could have fallen victim to these attackers—a reservoir for bad actors to steal not only money but also PII (Personally Identifiable Information) that they can use to exploit.  Roll Eyes

Somewhat similar story: https://www.philstar.com/headlines/2023/10/10/2302640/philhealth-hacked-what-we-know
legendary
Activity: 1106
Merit: 1337
Lightning network is good with small amount of BTC
How do hackers know who to send messages to?

Quote
Hong Kong police warned users of the scam in an Oct. 9 post to its Facebook page dubbed “CyberDefender.”

“Recently, fraudsters posing as Binance sent text messages claiming that users must click the link in the message to verify their identity details before a deadline, otherwise their account would be deactivated.”

Is the message randomly sent to people? I think the hackers target Hong Kong Binance users and that can only be from data breach or insider work.

Quote
According to the post, the phishing scheme has seen 11 Hong Kong-based Binance customers report combined losses of more than $446,000 (3.5 million Hong Kong dollars) in the last two weeks.

If it is someone like me, this is easily avoidable, but what if it gets to the hacker's selling peoples data to thieves and which can lead to physical robbery and attack.

https://cointelegraph.com/news/hong-kong-binance-users-phishing-scam-jpex-crypto-scandal


Why KYC is extremely dangerous – and useless
Jump to: