Crypto Exchanges

Binance Offers $5 million Bug Bounty After Leak

Binance Data Hack
Rate our article

Binance, the world’s leading cryptocurrency exchange, has been pushed into the spotlight once again over claims about the security and lack of privacy of its users’ data.  One of the leading names in the cryptocurrency exchange market, Binance, has strongly denied claims of a data and code breach. These allegations came to light following reports that a GitHub repository was found to hold what was described as a “highly sensitive cache of code,” including internal passwords and technical details linked to the Binance platform.

Key Insights

  • Binance is accused of a data and code breach involving internal passwords and technical details on GitHub.
  • 404 Media reported that information was publicly accessible for a significant time.
  • Binance issued a copyright takedown notice to GitHub following the report.
  • Binance’s spokesperson stated that the alleged sensitive information does not match their operational systems’ data.
  • A user “otteroooo” claimed to have found Binance customer KYC data, including names, countries, and phone numbers, on hacker forums and GitHub.
  • According to Binance’s internal investigation, there was no evidence of a KYC database breach or any other data breach.
  • Binance announced new measures to tighten its token listing process and a bounty program offering up to $5 million for information on corrupt employees.

How The Events Unfolded

Binance responded quickly by issuing a copyright takedown notice to GitHub. This action came after it was reported that a database on GitHub contained unauthorized postings of Binance’s internal code, which included passwords and technical specifications. Binance’s legal team move swiftly and aimed to lower the risk by arguing that the unauthorized sharing of its intellectual property could not only damage the firm financially but also sow confusion among its clientele.

Binance was approached by 404 Media for comments. A spokesperson for the company confirmed that they were aware of claims by an individual alleging to hold sensitive Binance information. The security team at Binance swiftly evaluated these claims and determined that the information in question held no resemblance to the data used in Binance’s current operational systems. Offering reassurance and peace of mind to their users. The spokesperson underlined the security of user data and personal information on Binance, indicating the platform’s commitment to maintaining a secure trading environment amidst potential threats.

Reports emerged, suggesting that a large amount of customer KYC (Know Your Customer) information had leaked across a vertaiy of platforms, including hacker forums on the dark web and GitHub. The alarm was raised by a user known as “otteroooo”,  who is well-regarded in the crypto community for highlighting possible security issues. 

This user shared screenshots that allegedly displayed Binance customer data, including names, countries, and phone numbers, sparking widespread concern.

In response to these claims, Binance underwent a thorough investigation into its internal systems. Binance’s support team stated that their review found no evidence of any form of breach of their KYC databases or any other form of data breach. 

Despite the claims online, Binance has reassured its clients that their accounts remain secure and intact, covered by several layers of security measures, which include biometrics, authenticators, and multi-factor authentication (MFA), to safeguard verification materials.

Similar Events in 2019. 

Binance’s CEO Changpeng Zhao, who described this event as a  “large scale security breach,” was discovered on May 7, 2019. According to Zhao, the attackers were able to collect a wide range of sensitive information and personal details, which included user API keys, two-factor authentication codes, and potentially more, which enabled them to get away with unauthorized withdrawals from Bianace.

The news of the breach was initially hinted at by Zhao through a tweet about “some unscheduled server maintenance,” assuring users that their “funds are #safe.” After the formal disclosure of the security breach, he promised that a more detailed update would follow. Zhao also noted that Binance was still in the process of identifying all affected accounts but clarified that the breach had only impacted Binance’s hot wallet, which holds about 2% of the exchange’s total bitcoin reserves. He attempted to reassure users by stating, “All of our other wallets are secure and unharmed.”

Zhao commended the hackers’ patience and strategic planning, acknowledging that they executed their actions through multiple seemingly independent accounts at an opportune time. The transaction was structured in such a way that it bypassed Binance’s existing security measures. Zhao expressed regret over the inability to block the withdrawal before its execution, highlighting the intensity of the attack and the challenges faced by exchanges in ensuring the security of digital assets.

Reportes showed that the 2019 incident involved threats of public distribution of more than 10,000 photos resembling Binance KYC data unless a ransom of 300 BTC was paid, which Binance swiftly declined.

The dark web’s reputation for hosting illegal sales of stolen data adds difficulties to verifying the authenticity of these claims, highlighting the challenges faced by organizations protecting against and responding to cyber threats.

Attempts To Repair The Vulnerabilities

Binance has also announced new measures to tighten its token listing process. Rumours within the crypto community suggested possible insider information affecting token prices, leading Binance co-founder Yi He to reveal a complete “fix up” of the process. 

This includes a bounty program offering up to $5 million for information on possible corrupt employees, stricter controls on staff involved in token listings, and upgraded security measures to put a stop to information leaks.

Yi He’s announcement shows Binance’s determination to maintain fairness and transparency in its operations, also addressing both external and internal threats to its ecosystem. Binances efforts to strengthen its security measures and enhance its structures aim to preserve user trust and uphold its reputation as a leading platform in the cryptocurrency market.

The exchange also emphasized its ongoing commitment to examining credible hacking tips and security issues brought to its attention, ensuring that user protection remains a top priority. Binance’s statement shows its ongoing approach in dealing with potential security threats and the importance of community engagement in identifying and addressing vulnerabilities.