Cryptocurrency exchange platform Binance.com has allegedly had its entire support chat database leaked via a bug bounty leak. A user that goes by the name of ‘sellerby’ put up 1.7m Binance support chat records for sale on RaidForums, a popular hacker forum commonly used to sell stolen data. However, the data provided by ‘sellerby’ data was never stolen from Binance, and the user is now suspended in the forum.
The database consists of identifiable information and was posted on June 30th, 2021. The security team at PrivacySharks saw a preview of the data for sale, which contained individuals’ first and last names, email addresses, and phone numbers. The silver lining is that no usernames or passwords were exposed in the leak.
We immediately reached out to Binance.com for clarification on whether the leak was real or not and received this statement from a Binance spokesperson:
“Our security team has investigated the matter and concluded that the data shared is unrelated to Binance. To-date, no suspicious activity has been detected.
It is important to note that we value our users’ security first and foremost. We safeguard our entire platform by using the latest technology and educating the public around online safety through our Binance Academy.”
We also jumped on a call with the Binance PR team to discuss the issue further. The team categorically stated that the data is unrelated to their platform and their security team detected no malicious activity. So, it begs the question: where is the data from? And secondly, why would the hacker allege it was from a Binance bug bounty leak?
What does the data leak contain?
Our security team got in contact with the seller on Telegram to find out more about the supposed Binance data for sale. After viewing a sample of the data in question, we can reveal that it contains the following information:
- First and last names
- Email addresses
- Phone numbers
- Chat entries
Although the sample we obtained only included data from Turkish individuals, ‘sellerby’ stated that the entire database was made up of international users’ data.
At first glance, one may assume the data is from Binance; however, upon deeper inspection, we noticed several things that support Binance’s claims that this data leak has nothing to do with them:
- Firstly, company names are included in the leaked database. Although Binance does request this information from users setting up corporate accounts, this is not something that Binance, or any other crypto exchange, asks general users for.
- The inclusion of the IsCASL field, as seen in the screenshot above, is a direct reference to Canadian Anti-Spam Legislation, which leads us to believe that this could be an email marketing or telemarketing data set.
Although most signs currently indicate that this is not leaked data from Binance support chat records, some of the Turkish entries translate into questions such as “Where is my money?” in English. This is strange since these are plausible questions that could have been taken from a crypto platform live chat thread.
The data is currently being sold for $400, and the hacker is requesting payments in Bitcoin, Ethereum, Dogecoin, or any other major cryptocurrency via Binance. (The irony is not lost on us that a hacker claiming to be selling Binance.com leaked records is requesting a crypto payment via the very same platform.)
When we spoke to the seller on June 30th, he claimed to have already sold the data set to three other individuals a few hours after the sale posting was published. We have included screenshots of the conversation below.
How was the leaked data obtained?
The original sale posting claimed that the data was leaked “during support team conversations on Binance.com.” When talking to the seller about the data, a member of the PrivacySharks security team asked for more details on how they had come to acquire it.
The hacker alleged that the data had been swiped via a bug bounty leak. Bug bounties involve users detecting and reporting software bugs to developers for a reward, and many large companies operate bug bounty programs.
However, Binance.com has negated these claims, insisting that their security team did a full sweep of its database and no security breaches were detected.
Why did the hacker allege the data was from Binance.com?
Since it seems unlikely that the leaked data is, in fact, from Binance.com, we wanted to explore why ‘sellerby,’ and many other users on hacker forums, are selling data that may not be from where they claim it is.
An obvious assumption is that stolen data from Binance.com has a lot more selling potential than telemarketing records. Cryptocurrency is currently experiencing a period of extreme popularity, which means that exchange platforms like Binance have access to the data of thousands of users.
By exposing the data of supposed crypto users, many hackers could use this data to potentially find users’ crypto wallets and access large amounts of currency. This makes leaked Binance data extremely valuable to hackers.
Of course, this isn’t to say that the data in question has no value to hackers. From what we’ve seen, it reveals a lot of sensitive information about real people, which hackers could use to carry out brute force attacks, phishing scams, and ransomware attacks.
Is Binance a secure crypto exchange?
Data leaks like this one always throw into question the safety of online platforms like Binance.com. Since the platform deals with many cryptocurrency exchanges, there is the potential for targeted attacks from hackers wanting access to users’ credentials and, ultimately, crypto coins.
So, could a breach like this ever occur on Binance? The short answer is yes. Breaches like this can occur at any time, on any network or platform, regardless of the security measures in place. However, Binance is known for taking extra precautions when it comes to protecting its users.
Firstly, it offers two-factor authentication on all accounts, meaning that users can give themselves an extra layer of protection when it comes to any account log-ins.
More impressive are Binance’s in-house AI solutions, which are trained to detect suspicious movements made on the platform. This means that unusual behavior on user accounts will be swiftly investigated and dealt with should it prove to be malicious.
Thanks to Binance’s advanced AI technology, it was recently involved in bringing down a cybercriminal money-laundering ring. Working alongside international law enforcement operatives, Binance helped identify and arrest the criminal group behind many ransomware attacks. With that being said, we’re pretty confident in Binance’s ability to detect and thwart security breaches on its network.
Ways to protect your data
Although you may not think that having your name, email address, and phone number leaked is a big deal, this information can help a hacker learn a lot about you. Hackers can find out your age, job, and even what bank you use with just an email address.
To remain safe online, you can do a few things. Firstly, use a burner email address (or phone number) when creating a new online account. By using a disposable email address, you can distance yourself from other active accounts you have.
If your details have been exposed, then be wary when it comes to spam emails, texts, and phone calls. Many users who find themselves involved in data leaks can become the target of phishing scams or worse.