An unnamed person is reportedly demanding 300 bitcoin (worth around $3.5 million) from Malta-based exchange Binance, implying that it will continue to release 10,000 photos that relate to alleged stolen know-your-customer (KYC) data in January if it fails to comply.
In a statement today, Binance said it’s investigating the case for “legitimacy and relevancy,” but noted that there are “inconsistencies” with the published data, compared to the information in their system.
“At the present time, no evidence has been supplied that indicates any KYC images have been obtained from Binance, as these images do not contain the digital watermark imprinted by our system,” the Binance security team note.
In January, Decrypt reported the so-called data haul hack. The story reported that the hacker, known as ExploitDOT, had posted a message, which included twenty-six links to groups of photos that had allegedly been stolen from exchanges such as Binance and Kraken.
While the platforms were able to offer proof to show their systems were not broken, it was suggested that the data may have been obtained through phishing attacks, or a third-party KYC breach. At the time, Kraken CEO Jesse Powell suggested the photos may have been obtained by other means, little by little, and over time.
Binance said that the images released today appear to be dated from February, when the exchange had contracted with a third-party vendor for KYC verification to deal with the high volume of requests at that time.
“When asked to prove the source of the data, the individual demanded 300 BTC and refused to supply irrefutable evidence of their findings,” Binance said in its statement.
Binance is offering a reward of 25 bitcoin for information leading to the arrest of the hacker or hackers, “dependent on the relevance of the data supplied.” If bitcoin keeps heading up—it’s surged more than 85% during the past year—the reward could soon become big enough for the bad guys to turn themselves in to collect it.