Hackers selling access to Taiwan's Criminal Investigation Bureau for Binance? Claim to have cracked Binance and law enforcement agency's access for $10,000.
A user named "Miembro" on the hacker forum BreachForums claims to have access to a dedicated request page on Binance set up specifically for law enforcement agencies.
This access privilege is being sold for as high as $10,000, payable in Bitcoin (BTC) or Monero. The post was made on December 14th, stating that this access allows for unlimited law enforcement requests and guarantees a response within three to seven days.
Table of Contents
Binance's Collaboration Mechanism with Law Enforcement Agencies Compromised?
Cybersecurity firm Hudson Rock's researchers have discovered that Binance utilizes a third-party service called Kodex to verify requests from law enforcement agencies.
Access Rights of Taiwan Criminal Investigation Bureau and Others Allegedly Stolen?
However, the access rights provided by the hackers were allegedly obtained through stolen credentials, believed to be associated with law enforcement officials and linked to computers infected with malicious software. These credentials are claimed to have originated from the Taiwan Criminal Investigation Bureau, the Ugandan Police Force, and the Philippine National Police Anti-Cybercrime Group.
Hudson Rock has notified Binance of the issue.
Potential Data Breaches Leading to Privacy Concerns
It is currently uncertain whether these access rights were indeed acquired through the stolen credentials, but the user claimed in subsequent posts that the testing of the access rights was successful and "working well." The user emphasized that the Electronic Data Retrieval (EDR) system can handle various types of data, including emails, phone numbers, document numbers, and even transaction IDs or wallet information.
Beyond Typical Cybersecurity Issues
Cybersecurity firm Hudson Rock stated that the risks associated with this vulnerability go beyond traditional internet threats and data privacy concerns. For cryptocurrency holders, the potential impact is severe and includes:
- Wallet addresses and transaction records: The exposure of wallet addresses or transaction histories could compromise the anonymity of cryptocurrency transactions, potentially leading to attacks or fraud based on individuals' transaction patterns or financial history.
- Identity theft and extortion: The exploitation of personal data exposed through this misconduct could facilitate identity theft, with malicious actors potentially extorting cryptocurrency owners using their sensitive information for malicious purposes.
- Financial loss: Unauthorized manipulation or disruption of accounts on platforms like Binance's law enforcement portal could result in significant financial losses for cryptocurrency holders.