As first reported by CCN, someone going by the name of “ExploitDOT” is allegedly selling 100,000 personal documents that were used to comply with the know-your-customer (KYC) regulations on various cryptocurrency exchanges.
He posted the sale on a sub-community (DNMAds) of Dread, which is a hidden Reddit-like community that operates on darknets . The platform is said to “provide a platform for open community discussion without as much censorship and limitations.”
ExploitDOT was allegedly a vendor on AlphaBay, a darknet marketplace with over 400,000 users that police shut down after a law enforcement action in July 2017.
He also claims that he was a vendor on Tor Carding Forum (TCF), which was one of the earliest and largest darknet forums focused on the trade of stolen credit card details, identity theft, and currency counterfeiting. Ironically TCF closed in 2014 following a hack.
It’s not clear which KYC provider got hacked or even whether the hack actually took place. What has been claimed is that the documents were ‘dumped’ in 2018 when an unnamed third party KYC solution provider which was providing services to crypto exchanges and ICOs suffered a security breach.
ExploitDOT claims that the documents include sensitive information and high quality photos with EXIF including geographic information “for every country” about users that KYC’d on Binance, Bitfinex, Poloniex and Bittrex.
Binance denies the KYC documents are leaked from them
Binance has said:
“We’re aware of this allegation and have investigated the photos in question, but there is no evidence that the leak is from Binance. We have even seen photoshopped versions of the photos. Security is our highest priority and we do our utmost to ensure data breaches do not happen on our platform.”
The data dump, which is being sold in bulk, includes selfies, scans of identity documents and proof of address of each person. Following the report by CCN, ExploitDOT posted again on Dread and asked whether he should:
“try to start a crowdfunding to delete all the hacked documents” because “if you ever sent a KYC, chances are there [are] also your documents in my dump.”
ExploitDOT wrote that he wants to crowdfund an amount that:
“helps [him to] work on [his] legit business with [his] ideas that could change the world.”
ExploitDOT went on to mention that the exchanges in question are “completely denying” that information was breached, although:
“there is clearly docs with ‘Binance’, ‘Poloniex’ and such written on the paper.”
“the exchanges are completely denying the documents were took from them, whereas there is clearly docs with ‘Binance’, ‘Poloniex’ and such written on the paper.”