Binance addresses controversial crypto exchange user KYC data story

Earlier this week, Coin Rivet and several other websites reported that a darknet vendor, posting on the darknet forum ‘Dread’ under the ‘ExploitDot’ moniker, was attempting to sell 100,000 know-your-customer (KYC) documents, supposedly stolen from exchanges including Binance, Bitfinex, Bittrex, and Poloniex.

Binance was quick to dismiss the story as “irresponsible industry journalism”.

And it now claims to have evidence proving that the leaked KYC photos are not from its accounts. In a statement issued to Coin Rivet, it says: “As we have often stated, security is our top priority. With this in mind, we have various measures in place to ensure safe-keeping of our customers’ information.”

“Binance KYC data, including all dimensions of identity attributes, are stored and indexed with fine-grained permission controls and further protected by stringent security audits. With respect to the news of “leaked KYC photos” making its rounds on social media, we have confirmation that the images are not from Binance accounts,” it adds.

During the KYC process, all image data collected from customers is embedded with a hidden digital watermark. These are only perceptible under specific conditions, enabling Binance to embed information on each person that has initiated image-related operations, as well as the source of the photo and relevant audit details. These watermarks can be detected even if the images have been modified.

“After careful assessment, we have concluded that the images in question do not contain our watermark, indicating that these images are not from verified Binance accounts. In addition to the aforementioned technology, in the best interest of protecting our customers, we also ensure that all sensitive user information, such as image data, is encrypted in accordance with industry standards (AES). As a result, customers are also well-protected at an infrastructure level,” Binance says.

“If any further allegations regarding leaks of sensitive information should arise, we will remain diligent in promptly reviewing and assessing the validity of such claims,” it concludes.

We’d say, let’s all move on now, but something tells us this story still has legs.