Binance made headlines earlier this month after its users’ personal information was allegedly spread in a Telegram chat, but sources have told The Block that the problems facing the world’s largest cryptocurrency exchange might also hang over other crypto firms.
Readers of The Block might recall the reported Binance data leak in which users’ IDs, and selfies of them holding their IDs, were posted in a Telegram group chat. At the time, Binance said there was no evidence to believe that these images were obtained from the exchange. Still, as CoinDesk reported, the Telegram group was just the tip of the iceberg, as negotiations between the alleged hacker and Binance lasted over a month but eventually broke down.
Huobi, another crypto exchange with Chinese roots, appears to be in a similar boat as Binance. The exchange’s name constantly surfaces on the dark web markets, where self-proclaimed hackers are selling user information that allegedly belongs to Huobi’s customers.
All roads lead to the Dark Web
On Chinese dark-web markets, folks can buy alleged Huobi user data for as little as $0.30.
This data mainly includes phone numbers and text messages users receive when they withdrawal from the exchange.
One seller, who claimed to be a hacker, promised that these phone numbers are “absolutely real” and can yield a high pick-up rate, suggesting that potential scammers can expect responses when reaching out to these numbers. The hacker even added that these phone numbers’ “convert rate is decent for conducting a pyramid scheme.”
This particular seller, along with some others, also appears to have user data from other less known exchanges such as BIKI, Hetbi, and ZDCoin.
When reached for comment, Huobi head of marketing Ross Zhang told The Block that at least one of the advertisements are not, in fact, selling user data from Huobi. The exchange ran the information on sale against its own database and found “only a negligible portion of the phone numbers are associated with Huobi accounts.”
“We suspect that the hacker is using Huobi’s name as a gimmick for their own business interests,” said Zhang.
A different issue than Binance
To be sure, the data that these alleged hackers leaked on the dark web is not exactly comparable to Binance’s KYC data. In the Binance case, photos of users holding IDs were published. This information is required for KYC check when new users register accounts, and it is usually exclusive to exchanges.
However, the phone numbers that are allegedly associated with Huobi users might be gathered from means other than hacking the Huobi platform directly. A Huobi spokesperson said that these phone numbers might be hijacked by a third-party messaging service provider, which explains why some data contains content of verification messages sent by Huobi to users.
“We understand that due to the recent leak from a major exchange, there are growing concerns regarding the leak of users’ KYC data which contains essential and highly confidential user information. However, this issue is different,” said the spokesperson.
“This issue is different”: Huobi responds to user phone number leak following Binance KYC hack written by Celia Wan @ https://www.theblockcrypto.com/2019/08/15/this-issue-is-different-huobi-responds-to-user-phone-number-leak-following-binance-kyc-hack/?utm_source=rss&utm_medium=rss&utm_campaign=default August 16, 2019 Celia Wan