On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.

According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.

The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service.

A post on darknet market "Dread" advertising the hacked KYC documents' sale

A cybersecurity expert who contacted CCN and chose to remain anonymous has detailed that after contacting the individual posing as a buyer, he was able to get three free samples out of him as proof that the leaked documents are legitimate.

As proof, the cybersecurity expert got pictures of individuals holding up a piece of paper with the word “Binance” and the date the picture was taken at. In these pictures, their faces are visible, as well as their identity cards or drivers’ licenses.

CCN had access to these images, which appear to be legitimate. Although the sample was small, the vendor selling the hacked data claims it has documents from people in every country cryptocurrency exchanges serve.

An exchange the security expert allegedly had with Binance via email, which couldn’t be independently verified, seems to show the latter found “some inconsistencies” between the data it was presented with and the “samples provided” – presumably the KYC images.

The exchange’s spokesperson allegedly further noted they have their “theories in regards to how this information may have been obtained,” detailing that no signs of unauthorized access to their system had been found. CCN has reached out to Binance to clarify the situation but hasn’t heard back at the present time.

Binance is notably an exchange praised in the cryptocurrency community for its security practices. Recently, It foiled the plans of the Cryptopia hacker by freezing the stolen cryptocurrency, and last year thwarted a large-scale attack that saw Syscoin (SYS) surge on its platform.

Whether the leaked documents are connected to the recent ‘Collection #1’ 87 GB database leak, which includes over 700 million email addresses and 21 million passwords, isn’t clear.

This post credited to CCN. Image source: CCN

As a cryptocurrency holder, you might think your funds are basically safe on an exchange as long as you’ve set up two-factor authentication (2FA). How could anyone access the ever-changing, unique randomized codes being sent to your personal cellphone?

According to a post on Reddit, hackers are taking advantage of the KYC (Know Your Customer) procedure that many centralized exchanges now require. The process consists of identity verification techniques, usually including some combination of passport photos, ID photos, utility bills and selfies with the customer holding any one of these documents.

The uploaded documents, such as passports, can become valuable on the dark web. According to darkreading.com, the typical cost of an illegal passport scan is $14.71, while the price jumps up to $61.27 when proof of ID (selfie, utility bill, etc.) is included.

Paul Bischoff, editor of Comparitech, says,

“The reason for this is because multiple forms of ID are usually required to pass proof-of-address and proof-of-identification checks on websites. These checks are often part of the account recovery process in which a user has somehow lost access to their account and must prove who they are to regain access.”

According to Reddit user Gamm86, a hacker can circumvent the 2FA by posing as a user who lost their 2FA access (which can happen to anyone who loses a phone). The crypto exchange will then ask for proof of identity from the user, which the hacker can access via the dark web. Once a hacker sends in the requested documents, the exchange either resets or removes the 2FA codes. The hacker can then gain access and effectively drain a crypto account.

There’s also the possibility that a user’s information and paperwork could be leaked from a fraudulent ICO airdrop that requires KYC documents. Given how easy it is to spin up a fake website promoting a cryptocurrency or an ICO – as illustrated by the “HoweyCoins” website created by the US Securities and Exchange Commission to educate the public about fake offerings – investors need to be vigilant and always perform due diligence before making any investments.

Use extreme caution when giving out any of your personal information or uploading any documents, and be sure to use different passwords for all of your financial accounts.

As the Reddit post also recommends, using cold wallets whenever possible can reduce exposure to the internet and bad actors.

This post credited to Daily HODL Image source: Daily HODL