Hackers Sell Access to Binance Customer Information for $10,000

A hacker is peddling access to Binance’s law enforcement request software for $10,000 following an apparent breach of law enforcement cybersecurity. They sell the software for $10,000 in Bitcoin or Monero on Breach Forums.

It appears the hacker gained access through compromised email credentials of police officers in Uganda, the Philippines, and Taiwan. Although Binance itself has not been compromised, the hack highlights must fix cybersecurity to protect the information they are given.

Binance Software Hacked at Law Enforcement

Researchers at Hudson Rock, a cybercrime intelligence company, found that malware that infected computers compromised browser credentials. Infected computers belonged to law enforcement from the Taiwan Criminal Investigation Bureau, the Uganda Police Force, and the Anti-Cybercrime Group of the Philippine National Police. The stolen credentials seem to have enabled access to Binance’s law enforcement portal on kodexglobal.com.

The hacker confirmed on Breach Forums that the compromised tool can access emails, phone numbers, transaction IDs, and wallets. However, the attack does not represent a breach of Binance itself.

Binance Settles $2.7 Billion Fine

The attack comes as a US court asks Binance to pay a $2.7 billion fine to settle money laundering charges. Binance must pay $1.35 billion of illegal transaction fees and a penalty similar to that of the US Commodity Futures Trading Commission.

The exchange didn’t report more than 100,000 suspicious transactions involving US-designated terrorist groups. Its former CEO, Changpeng Zhao, must pay $150 million.

The recent attack reveals how exchanges must view security as a continuum that extends to third-party vendors, especially when laws demand they comply with know-your-customer and anti-money laundering laws. The storage of credentials creates a single point of failure that can allow people to lose crypto assets or pseudonymity in blockchain transactions.