Restoring the Binance user information leak incident: hackers attacking hackers?

According to Coindesk news today, the person who announced Binance KYC on social networks yesterday claimed that he did so in order to "attract Binance's attention to the real mastermind behind the scenes." He is a "white hat hacker." Since 7,000 bitcoins were stolen from the Binance exchange in May, he has been tracking the funds and found that Binance insiders were involved in the theft.

Event review: 7,000 bitcoins stolen, customer information leaked

On May 8, 2019, 7,000 bitcoins were stolen from Binance exchange by hackers. Two days later, Binance responded that it would make major adjustments to the API, 2FA (Google Two-factor Authentication), and withdrawal verification processes, and also gave away 1,000 YubiKeys to users as compensation through an event.

According to an article published by Coindesk today, after Binance was stolen, Coindesk contacted a hacker named "Bnatov Platon" and has been communicating since July.

The article states that Platon said he has been tracking the stolen funds. He found that the hacker who stole the Binance Bitcoin first remotely accessed the user's account through an API made public by a Binance insider. The hacker then stored the user's API key, as well as private information such as email addresses, passports, and driver's licenses, and placed them in a folder.

Platon said that the customer information stolen by hackers involved customers who opened Binance accounts in 2018-2019.

Then, Platon said that the hacker wrote a program that operated in the following way: first buy a token called 'BlockMason Credit Protocol' and then convert these tokens into Bitcoin.

Platon also has a copy of these files, which he stole from the hacker. The program written by the hacker allows the hacker to withdraw 0.002 bitcoins at a time. Through tracking, it was found that the hacker had laundered 2,000 bitcoins through Bitmex, Yobit, and Huobi, exchanging $1 million worth of bitcoins every day.

Viktor Shpak, CTO of blockchain development company VisibleMagic, also said: "It is very likely that an insider created a processing program to access the user's API, which hackers can use to access user data and then build a toolkit for processing."

In fact, Platon did confirm this. In addition, Platon also found that the stolen bitcoins were stored by hackers in a Blockchain wallet, and the operator of this wallet was the exchange PIT, which was only launched on July 31.

Event tracking: Failed to ask Binance for 300 bitcoins, disclosed information

The Coindesk article shows that Platon contacted Binance's CGO Ted Lin after discovering the whereabouts of the hackers who stole Binance's Bitcoin.

He said:

“Personally, I want Binance to be the first exchange in the world to catch the hacker, which will be extremely beneficial to Binance’s reputation. I told Ted Lin that I got insider information, including the person’s details, details of his communication with the outside world, and even a photo of the person. I also told him that I had detailed information about the hacker, including server information, their identities, their phone numbers, etc.”

Platon then hopes to provide this valuable information to Binance, which will then offer him a bonus. According to a public statement released by Binance yesterday, Platon asked Binance to pay 300 bitcoins (approximately $30 million) as a reward for providing this information.

At first, Ted Lin also expressed his willingness to use a bonus in exchange for this information. But later, Ted Lin said, "Considering the losses you have caused (disclosing some information to the media), the reward we pay for the information you provide will be greatly reduced."

The picture shows a screenshot of the conversation between the two people revealed in the coindesk article

Platon said that after about a month of negotiations, "Binance didn't pay a penny." Platon then threatened Binance to disclose customer information.

According to the coindesk article, this threat became a reality on August 5, when he uploaded a file containing KYC information of 166 people and dumped a file with 500 photos to a file sharing website under the pseudonym "guardian M".

Then yesterday morning, Platon caused an uproar by sending hundreds of photos of individuals holding their ID cards to a Telegram group.

Real motive: “Warning people trading on Binance”

Platon tweeted his real motivation for disclosing customer information:

“I want to warn people who are trading on Binance.”

He also explained that he was not doing it for the money:

"If I needed money, I would not make the information public, but would sell it underground."

The picture shows a screenshot of Platon's tweet

In an interview with reporters, he also said that he was not interested in financial rewards:

“When I needed money, I only had to hack into a hacker’s account and could easily withdraw more than 600 or 700 bitcoins.”

However, from the conversation between Platon and Ted Lin revealed in the coindesk article, it can be seen that the meaning of "not for money" is completely opposite to what he expressed before.

The picture shows a screenshot of the conversation between the two people revealed in the coindesk article

Platon also responded to questions about his exchange of information for 300 bitcoins, but he did not respond directly, but said:

“10,000 pictures for 300 bitcoins? Binance should take a closer look at how many (users’) pictures are uploaded to the internet.”

Source/31QU compiled from the Internet

Text/Xiao Ke