An unknown bad actor is currently offering access to Binance’s platform for serving law enforcement officers’ requests.
Earlier this week, a BreachForums user by the name of Miembro announced the sale of access to a Binance data request portal, built and maintained to accommodate police officers and government officials worldwide in their attempts to track down cybercriminals.
The sale has since been paused, owing to a blunder involving a crypto mixer being used by a buyer to send funds to the seller turned out to be an invalid address.
Access to De-Anonymized Data
However, the sale will allegedly resume in about a week, once the mixer returns the funds.
Until then, the amount of data made available to bad actors is unclear. If the seller is to be believed – and his past ratings indicate he is a reputable one, as far as that term applies here – the emails, phone numbers, wallet IDs, and transaction IDs of users can be inspected by using the access provided by the perpetrator.
The above information goes for an asking price of only $10k.
How Was Access Acquired?
At the moment, no details are available regarding the exact source of the data breach. Security researchers at Hudson Rock, however, have provided a plausible hypothesis.
Allegedly, Binance allows law enforcement officers to access its database via Kodex Global. According to Hudson Rock, the points of entry appear to be three computers infected by malware that allowed a bad actor to steal Kodex login credentials.
“The three logins shown in the image with access to Binance’s login panel appear to belong to compromised law enforcement officers in the Criminal Investigation Bureau (CIB) in Taiwan, the Uganda Police Force (UPF), and the Anti-Cybercrime Group (ACG) of the Philippine National Police (PNP).”
The cybersecurity researchers have since contacted Binance about their theory. So far, no public response has been provided by the exchange.
Although the access provided probably does not enable direct manipulation of Binance accounts, the leak still allows for sensitive accounts to be probed for information, de-anonymizing users and exposing them to targeted harassment, phishing attempts, and more.
A similar incident took place in 2020 when Ledger client data was stolen. Users of the hardware wallet were later bombarded with threats attempting to goad them into sending hackers their crypto to be left alone. It is unclear if any of those threats were carried out.
For now, the team at Hudson Rock recommends all users enable 2FA, update their passwords, and remain alert.