Malta-based cryptocurrency exchange Binance has become a victim of a ransom demand from a scammer who claimed to have hacked the KYC (Know Your Customer) data of thousands of its customers.
The unknown attacker threatened the world's largest cryptocurrency exchange by volume to release KYC information of 10,000 users if the company did not pay 300 Bitcoins—that's equivalent to almost $3.5 million at today's exchange value.
Although the authenticity of the hack is not confirmed yet, several photos of individuals holding their identity cards, such as passports and voter IDs, have been circulating across different online channels.
In response to the incident, Binance just released an official statement today confirming that "an unidentified individual has threatened and harassed us, demanding 300 BTC in exchange for withholding 10,000 photos that bear similarity to Binance KYC data."
Binance said the company is still investigating the legitimacy of those images and has refused to pay the ransom and, as a result, the unidentified individual behind the demand began distributing the data online and to media outlets.
However, according to Binance, images posted to the attacker's Telegram group lacks the digital watermark the exchange uses for its internal information, adding doubts about its authenticity.
Binance also adds that its initial review of the leaked images shows they're all appeared to be dated from February of 2018 when the exchange "contracted a third-party vendor for KYC verification in order to handle the high volume of requests at that time."
"Currently, we are investigating with the third-party vendor for more information. We are continuing to investigate and will keep you informed," the company adds.
"The relevant law enforcement agencies have been contacted, and we will be working closely with them to pursue this person."
Additionally, the exchange is also offering a reward of 25 bitcoins—worth over $290,000—to anyone who provides information related to the identity of the blackmailer.
Binance CEO Changpeng Zhao has also issued a statement on Twitter urging users not to fall for the "KYC leak" FUD (fear, uncertainty, doubt), saying that the company is currently looking into the matter and will update its users shortly.