Binance, one of the world’s largest crypto exchanges, has denied any data breach after a report claimed that some of its internal passwords and code had been leaked on GitHub for months. The exchange additionally dismisses accusations regarding the sale of its users’ KYC data on the dark web, asserting a lack of evidence of any leaks originating from its systems.
On January 31, a report from 404 Media highlighted the discovery of a public GitHub repository containing a “highly sensitive cache of code,” internal passwords, and other technical details associated with Binance. The report raised concerns about the potential accessibility of this data by hackers or malicious individuals, presenting a significant threat to both the exchange and its users.
The exchange quickly took action and filed a copyright takedown request to GitHub, claiming that the data had been posted without its authorization and using its IP address. The exchange said that the data was not only illegal, but also potentially harmful and confusing to its users.
A spokesperson from Binance informed 404 Media that the exchange was cognizant of an individual asserting possession of sensitive information. However, the security team thoroughly examined the data and determined that it did not align with any current assets in production at Binance.
Binance Responds To Dark Web Sale Of KYC Data
The GitHub leak was not the only challenge that Binance faced over the weekend. On Feb. 3, an X user named “otteroooo” posted on a dark web forum that he had Binance users’ KYC data for sale, allegedly obtained from the GitHub repository. The user claimed that he had photos, IDs, and other personal information of Binance users, and offered to sell them for a price.
However, Binance’s customer support X account responded to the post on January 5th, saying that the exchange’s security team had investigated the matter and confirmed that there was no such leak from Binance systems. The account also assured users that their accounts were secure and protected by various defenses, such as MFA, biometrics, and authenticators.
As always, we appreciate anyone sharing potential bugs and security issues with us so we can investigate and, where necessary, take action to protect users. the account added.
Binance has been a target of several data breach attempts in the past, most notably in 2019, when a hacker claimed to have stolen 10,000 KYC photos from the exchange and demanded a ransom of 300 bitcoins. The exchange denied that the photos came from its database and offered a reward of 25 bitcoins for any information that could lead to the arrest of the hacker.
Related Reading | Weekly Highlights: Bitcoin & Ethereum Hold Strong, Altcoins Surges