Cryptocurrencies like Bitcoin were created as an alternative to traditional financial systems. However, hackers have stolen more than $1.5 billion from the leading digital coin exchanges in the last decade. As such, the continued vulnerability of decentralized digital asset networks has cast severe doubt on their long-term stability.
Recently, a hacker recently tried to extort $3.4 million from Binance, the world’s leading cryptocurrency exchange. The platform denied the cyber-criminal’s demand and is now offering a $273,000 bounty for information related to the blackmailer’s identity. Though the extortion attempt failed, the circumstances surrounding the plot are deeply concerning.
The Blackmailer’s Demands
An unidentified group contacted Binance demanding 300 bitcoins ($3.4 million). The cyber-criminals threatened to release the platform’s “know your customer (KYC)” data if the service denied their request. To verify users before granting access to its service, Binance requires its customers to submit a photo of their passport or official identification along with a picture of the user holding their ID.
The extortionists claimed to have 10,000 KYC files stolen from Binance’s database. The group also set up an anonymous Telegram account to share proof that they have the confidential user data. Yahoo Finance UK reviewed the blackmailer’s 400 leaked images and noted that they included ID photos from American, French, Japanese, Turkish, Russian, and South Korean citizens.
Last week, Binance issued an official statement addressing the situation. The company confirmed that an unknown party did demand 300 bitcoins in exchange for not releasing their internal data. However, the platform also said that the material leaked by the hackers came from a February 2018 breach of a third-party firm that handled their KYC files.
Binance went on to say that it contacted law enforcement after refusing the extortionists’ request. The firm also offered a 25 bitcoins (approximately $273,000) reward for information regarding the blackmailer’s identity.
The Missing Money is Still Missing
Though it’s reassuring that Binance doesn’t negotiate with extortionists, the platform’s lack of security is concerning. Even if hackers didn’t compromise its internal systems to access the KYC data, the theft shows that there are significant vulnerabilities in its digital infrastructure.
In May, a group of hackers stole 7,074 bitcoins, then worth $42 million, from Binance in an elaborate cyber-attack. Notably, the criminals behind the hack utilized a multipronged strategy that didn’t trip the platform’s cybersecurity protocols. The firm did eventually track down the thieves’ digital wallets but couldn’t recover the stolen funds. Last month, the hackers moved $8 million in bitcoins from their wallets to another exchange, possibly to turn it into cash.
In the aftermath of the attack, Binance announced that it would cover the funds stolen from its clients’ accounts. Company CEO Changpeng Zhao also briefly suggested the idea of rolling back the Bitcoin ledger to recover the lost cryptocurrency. Ultimately though, the executive decided against disrupting the blockchain system of the world’s biggest digital coin.
However, if Binance is the victim of another cyber-attack, the firm might again consider taking drastic action. Especially if it doesn’t have enough money to cover a Mt. Gox-style nine-digit hack. As such, consumers might be better served by putting their money in a less oblique but more stable fiat currency backed exchange.
After all, right now, even the world’s biggest cryptocurrency exchanges seem unnervingly insecure.