Who is selling the information of cryptocurrency users? What is the leaked information used for?

While people enjoy the convenience of the Internet, their privacy data is also one step closer to being exposed.

Recently, many people in the cryptocurrency circle have fallen into the trouble of "information leakage".

In the past month, many cryptocurrency investors have received a type of phone call: the other party claims to be a customer service representative of Huobi (or Binance, OKex, Golden Finance, Bitmain, CoinWorld, etc.), claiming that the platform is holding an event and that there are professional analysts leading orders in the group, and they will add WeChat to pull you into the group.

Most of these phone numbers start with 146, 165, or 170. Not only do the other party know that you are a cryptocurrency user, some can even reveal your name directly! Once you really join the group, they will either ask you to buy some worthless coins or sell you stocks. In short, they will find ways to trick you into spending money.

In fact, Huobi, Binance and other exchanges have issued statements that those who called were all fake customer service. Therefore, information including your phone number, name and even ID card is likely to be sold. As for how the information was leaked and sold, it is still a mystery.

Privacy leaks in the cryptocurrency world have become the norm

Yesterday afternoon, a user named Guardian M posted a series of high-definition photos of people holding ID cards in the Telegram group. These pictures were taken for Binance KYC certification in February 2018. User information is spread across China, the United States, Japan, South Korea and other places. There are already 480 uncensored photos in the Telegram group that everyone can see.

Some domestic users even found their own information in the leaked photos . For a time, Binance was pushed to the forefront. The news that "Binance KYC information was leaked" spread across major communities and social media, causing panic in the entire cryptocurrency circle.

In fact, this batch of information was "leaked" as early as the beginning of this year. In its latest statement, Binance pointed out that it had recently been threatened and asked to exchange 300 bitcoins for the 10,000 KYC information it claimed to have, but Binance did not agree.

Apparently, the user named "Guardian M" chose to retaliate maliciously because he did not receive the extortion money. After this incident, the user cancelled his account and disbanded the Telegram group with more than 10,000 people watching.

After performing this "prank", the criminal has already escaped, but after experiencing this scare, people in the cryptocurrency circle have to worry about the KYC certification information they have done. No one knows whether their information is circulating in the black market.

Earlier, in May last year, a large number of cryptocurrency users who had registered on a certain exchange received multiple text messages saying "HLC Halal Chain has signed a cooperation agreement with XX". At the end of the text message, it was revealed that "the price will rise recently" to lure users to buy the coin.

Regardless of whether the message was sent by the project party or not, it is undeniable that the mobile phone information of cryptocurrency users has been leaked and "precision marketing" has been carried out.

Combined with the recent privacy leaks, we can see a fact clearly: some of the ID card information used for KYC and the mobile phone numbers used to register for exchanges have been leaked, and some are at extremely high risk of being leaked. They have long been clearly marked with prices and secretly traded by various criminals.

How was this information leaked?

In the Internet age, privacy leaks are nothing new.

Generally speaking, there are four ways of information leakage: hacker theft, corporate thieves, users registering on irregular websites, and user mobile phone software causing information leakage.

1. Hackers steal

Many large companies have been attacked by hackers. Facebook once had its 30 million user information leaked by hackers, consumer information from Uniqlo's shopping website was also stolen by hackers, and user information from domestic Station A and Mobike was also stolen by hackers. These information were sold in a high-profile manner in Telegram groups and the dark web.

The cryptocurrency market is a favorite cash machine for hackers. They not only steal data, but also take away tens of thousands of assets, often causing the cryptocurrency market to plummet. In recent years, countless exchanges, large and small, have been attacked by hackers, and the risk of user privacy leakage is self-evident.

2. Registering on an irregular website

Whether you are surfing the Internet or shopping, you will be asked to "fill in personal information" and "register an account" everywhere. After receiving personal information, some small companies or small websites often have "wrong ideas" and sell the information to P2P financial management, insurance, and real estate companies at a high price. Since there are too many places where users leave information, they have no idea which company leaked the information.

Looking at the cryptocurrency circle, the situation is the same. Users will inevitably register on some unknown project websites or some fake exchanges because of some "airdrop temptations" . These companies, which are already outside the law, have low illegal costs and sense of morality, and are more likely to do some rampant things like selling information.

3. Internal thieves

When an information leak occurs, many people will immediately point the finger at the corporate entity, believing that it is an unscrupulous company that actively leaks user information. But in fact, for some companies that really want to do something, their goal is to make money, and "selling information" can directly block this path. The larger the company, the less likely it is to do this kind of loss-making business.

But no matter how self-respecting a company is, it cannot stop internal thieves, and many privacy leaks in the world are caused by "insiders".

4. Mobile software leaks

At the beginning of this year, a hacker stated on the dark web that he had obtained the information of 100,000 cryptocurrency users , and posted photos of some users holding their ID cards in the post, some of which were KYC information of users of Binance, Kraken, and Bitfinex.

When users suspected that their data was leaked by these exchanges, Binance told the media:

“Binance’s internal information is all watermarked, but the pictures on the Internet do not have Binance’s specific watermarks, so we are sure that these materials are not from Binance’s internal information. ”

Kraken’s boss also said that the exchange did not leak information, noting:

" The photos are likely to have been leaked on the user's phone , for example, through phishing of accounts on iCloud/GSuite, software that can sync photos on the phone."

In fact, some mobile phone software can often obtain permissions to read a large number of photos, mobile phone numbers, and text messages without the user's knowledge. The photos of Jennifer, the heroine of "The Hunger Games", stored in iCloud have been leaked.

Everyone's mobile phone software carries a large amount of users' taxi information, shopping information, and location information. Over the years, incidents of privacy leaks by these apps have been common.

How to save the privacy of naked people?

Even more unsettling than data breaches is the fact that you have no idea what your personal information is being used for besides being sold second-hand or third-hand. What else would someone who buys your identity do with it other than sell it to a cold caller?

1. Used to register various accounts

There are black industries online that sell accounts in bulk. A WeChat account registered with real name can be sold for 60 yuan, and a real-name Alipay account can be bought for 20 yuan.

The most common use of personal information is to "take advantage of others" . Registering a P2P financial app with real identity information can earn you 50 yuan in rewards. Many Internet companies also have this kind of "counter-subsidy" registration activities.

2. Used to apply for online loans

When online loan platforms were popular, some online loan companies did not have strict risk control and often made illegal loans. Criminals could apply for online loans by using your information for authentication. If they had your ID card, bank card, bank card password, and phone card , they could directly take away tens of thousands of yuan in loans.

In addition to these, personal identity information may also be used for money laundering, registering as a legal person of a shell company, targeted online fraud, etc. In short, the more detailed the information, the more places it can be used.

On a Bitcoin forum, a user posted a question: "Are you worried about KYC certification?" The post attracted hundreds of replies, and most people answered: "I am worried that my information will be leaked, but I can't change anything. I have to fill it out when registering for an exchange."

In the face of the law, in order to avoid suspicion of money laundering, most exchanges will require KYC certification. "Uploading information" is probably something that most people in the cryptocurrency circle cannot escape.

So how can people in the cryptocurrency industry reduce the risk of privacy leaks? Here is a feasible idea:

Don’t register on some fake exchanges or websites of unknown origin. If these websites fail, your information will become the only valuable thing.

Get an extra mobile phone card and bind Alipay, bank card and digital currency accounts separately;

Avoid using the same password for all accounts. Try to use different passwords for different accounts.

Do not click on links in emails easily to avoid being phished;

Apply for a bank card specifically for the inflow and outflow of funds for cryptocurrency trading;

Try not to save your personal ID card or handheld ID card information on your mobile phone or computer.

Author: Mashaka

Source: Blockwave