An Extortion Gone Bad: Inside Binance’s Negotiations With Its ‘KYC Hacker’

 

The Takeaway

• Prior to publishing details about real Binance customers online Wednesday, a hacker operating under the pseudonym “Bnatov Platon” had a month-long conversation with CoinDesk reporters.
• In the talks, Platon revealed how he allegedly hacked individuals behind an earlier hack in which 7,000 bitcoin was stolen from the world’s largest exchange.
• Platon claimed his aims were altruistic, and that he simply wanted to bring the hackers’ identities to justice. However, it appears he also effectively asked for money in exchange for promises he would not release Binance’s customer data.
• Platon and Binance would hold numerous talks, and reportedly struck a deal that was later aborted. CoinDesk has obtained full transcripts of these conversations.

---

In what appears to be an elaborate game of hackers hacking hackers, an individual operating under the pseudonym “Bnatov Platon” has provided CoinDesk with extensive information about their attempts to obtain millions of dollars in exchange for declining to release information about customers of one of the world’s largest cryptocurrency exchanges, Binance.
Information about the hack, gathered over a month-long interaction with the hacker, was pushed into the public eye today when Platon began posting what he alleged were images and information about real Binance customers, first on an open website and then on Telegram.
The idea customer information might not be safe on the world’s largest exchange was enough to immediately spark the attention of the industry, with major news websites and Twitter influencers swiftly broadcasting the news.
Yet, the full story was – and remains – more complicated than it first appeared.
First, it has deep roots, extending back to an incident in May when an outside group broke into Binance user accounts and stole 7,000 bitcoin. At the time, Binance was, as always, public about its problems, describing it as part of a “large-scale security breach” in which “hackers were able to obtain a large number of user API keys, 2FA codes and potentially other info.”
Unmentioned, however, was that identifying user information may have been leaked.
It’s during this event that Platon alleges the information they have obtained about Binance customers was produced, although in a twist, he says he was not the perpetrator of the hack, but that he hacked an exchange “insider” involved in the heist.
In another turn, Binance alleges the customer data was obtained from an unnamed third-party company it has contracted to conduct its know-your-customer (KYC) since February 2018.
Further, CoinDesk has confirmed at least two of the hundreds of profiles leaked belong to real customers who provided identifying information to the exchange. One of the images we analyzed seemed to have been doctored but the person whose identity appeared in the picture confirmed she had created a Binance account around the time of the leaks.
In conversations with CoinDesk, Platon has claimed they are a “white hat hacker” and, in a few comments, suggested they were asking Binance for a bug bounty for exposing the information. Negotiations broke down, however, and Platon and Binance representatives reported that he asked for 300 bitcoin in order to further expand on the data he held.
In a statement, Binance responded to the “fear, uncertainty, and doubt” cast by the news:
“We would like to inform you that an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data. We are still investigating this case for legitimacy and relevancy.”
We have contacted Binance for further comment.
Platon claims they have 60,000 pieces of KYC information in his collection.
What follows is what we know about the negotiations and their aftermath.

Moving Money

 

Click here for complete news