Major cryptocurrency firm Binance announced that it will offer a free, lifetime VIP membership account to all its affected users following the leak of its customer’s Know Your Customer (KYC) data, the company broke the news on its latest update entitled “Update & Action Response: Third-Party Vendor KYC Matter.”
“We are compensating affected users with a lifetime Binance VIP membership, including preferential trading fees, support, and more services.”
The blog post further revealed that the company is “actively contacting all potential victims with… guidance on privacy protection and restitution” and recommends “affected users to apply for new identification documents in their respective region.”
The trading platform also provided more details of the ongoing investigations, which affected around 60,000 users. Results from the latest probe revealed that some of the released images overlap with those that were processed by a third-party vendor that was processing its KYC verifications around hack time. Binance confirmed the vendor was contracted from early December 2017 to February 2018.
Binance team also said that multiple images were photoshopped and were not the exact match of the KYC images in its database. It said that the photos that processed from its KYC contain a digital watermark that was “notably absent from all of the leak images.”
According to the firm’s own research, the inclusion of edited images is consistent with its own findings, suggesting that KYC information has been changed or use to set up fraudulent Binance accounts. The company also believes that more KYC data are available, but they are yet to be verified by its own sources.
However, Binance reassured that safeguarding its users and its systems are its “utmost priority.”
“We have robust measures in place to safeguard our customers’ assets and information, including an updated KYC verification system and AI-based facial verification function introduced in 2018, as well as the storage and indexing of KYC data with sophisticated data security technology upgraded in 2019,” the company said, reassuring that it will continue to improve its services amid a fast-changing industry.
Early this month, Binance said it has found inconsistencies between the data that are being distributed in the Telegram group and the data in its system. It further revealed that an unidentified individual tried to extort 300 BTC from it in exchange for 10,000 photos that bear similarity to Binance KYC data.
Just recently, Binance Jersey’s Twitter account and its Internet domain name (binance.je) have been hacked by an anonymous Twitter user called @LightningNetwo9. But instead of using the successful hack to scam users, the hacker asked Binance CEO Changpeng Zhao to directly contact him.
Binance was able to retrieve its domain name within a few minutes, but the Twitter handle took some hours. In addition, the exchange will issue a security bug bounty to the white hacker.
Comment 15