Binance’s stock like token (BNB) began falling somewhat yesterday on rumors the identification documents of thousands of exchange users had been hacked.
Binance itself denied it, stating their identification documents are watermarked, that all this is old news anyway, but they were happy to give a reward of 25 BTC, worth a quarter of a million dollars, to whoever could provide information about the alleged hacker.
Pictures of individuals posting with their Binance account number and official identification started circulating, with BNB’s price starting to fall a bit from circa $28 to $27 or so. Now it’s risen some 10%.
It isn’t quite clear however what exactly happened. Binance implied it could have been hacked from a “third-party vendor for KYC verification” sometime in February last year.
Yet Binance did not have KYC in February 2018 as far as we are aware. That’s partly why they got in trouble with the Japanese FSA.
It’s not clear whether they have KYC even now for the exchange part of their business. The only KYC we know of for Binance is for their Launchpad, the ICO/IEO platform.
That launchpad had the first token sale on January 28th this year for the Bittorent token. That’s apparently when suggestions of a KYC hack first began:
The KYC process would have presumably begun quite a bit before the token sale and as Binance itself said, they had a third party handle it to begin with.
They do not name this third party, but as far as the BNB token is concerned, it’s up 10% today to $31.
Binance itself does buy BNB as Binance holders kind of have the “right” to a share of Binance’s profits which is given by buying and burning BNB.
We’re not aware of much detail by Binance of when exactly they buy these tokens or what process they use to ensure there is no slippage, but the token is now not far off from becoming the fifth most valuable coin out of all cryptos.
This green while much else is red or near 0% looks quite interesting because Binance didn’t really fall by much on August 6th.
The exchange moreover was hacked out of $40 million just this May with the hackers finally succeeding after many failed attempts.
The exchange was able to cover it out of a self-insurance fund, but as a top exchange it does look like it has become a target for hackers.
Part of that might be because they parade their holdings all the time, moving one million eth, for example, in October and then again maybe a bit too often for eth as well as bitcoin.
For Coinbase instead, which has never been hacked, you can’t even find their cold wallet addresses.
We can at best guess that they have them in many 5k addresses, but Coinbase’s strategy appears to be to put layers upon layers so that it just becomes too difficult.
Or, stated somewhat succinctly, they take security far too seriously.
That has worked for them perhaps in part because if there are easier pickings, why go for harder ones.
Crypto security however is very difficult, but at least in the case of Coinbase and so far, it’s not impossible.
Finally, this KYC hack might have been more ideologically driven than just for profit, although presumably the latter would have made the former easier.
Regardless of the reason, it does show that our d*** pics, or the female equivalent, are flying everywhere on the internet as shown in this case and many other breaches within this space and outside it.
That’s perhaps a good reason to look again at this AML and KYC and see whether there’s a way to establish identity without having to give very sensitive information which can lead to very significant consequences.