Binance CEO Raises Alarm on Chinese Data Breach

Share Article
In Brief
  • Binance CEO 'CZ' alerted his Twitter followers of a data breach exposing sensitive data of Chinese citizens yesterday.

  • The attack compromised one billion residents' records, including detailed criminal reports.

  • Cybersecurity experts are concerned about the scale of the attack.

  • promo

    Top Crypto Exchanges Without KYC Read Now

The Trust Project is an international consortium of news organizations building standards of transparency.

Binance CEO Changpeng “CZ” Zhao sounded the alarm on a massive data leak of one billion Chinese residents that went up for sale on the dark web.

Twenty-three terabytes of data containing names, addresses, birthplaces, national IDs, phone numbers, and criminal case information was reportedly stolen from a police station database in Shanghai, China. The hacker offered the information on a dark web forum for ten bitcoins.

CZ took to Twitter on July 3 to announce that Binance threat intelligence had discovered resident records for sale on the dark web, without mentioning the country. He attributed the data breach to a bug in a government agency’s software using an “Elasticsearch” algorithm.

Elasticsearch is used to quickly search through massive data sets and return answers in milliseconds. In a corporate or government entity, data from social media posts to emails to company spreadsheets may all end up in an Elasticsearch data bucket. While this makes for easy access to a wealth of enterprise information, it becomes equally a tantalizing prospect for cyber bandits.

Information on the forum where the data was posted suggests that the attack targeted an instance of Elasticsearch on the cloud platform of a subsidiary of Alibaba used by the Shanghai police.

CZ explained that the compromised data had implications for Binance users since the data in question could be used to take over accounts. The cryptocurrency exchange has since taken steps to harden its user verification processes. CZ added that Binance uses internal and outsourced threat detection.

Cybersecurity experts concerned with the size and sensitivity of data

News of the hack sent jitters throughout the Chinese security industry, triggering speculation on how it could have happened. Shanghai police have not made public any official statement. Cybersecurity professionals that have weighed in are concerned due to the hack’s size and the sensitivity of the exposed information, including criminal activity details.

According to the Wall Street Journal, some reporters downloaded the list and called phone numbers to check the validity of the information. Five parties verified criminal information only the police could access, while four confirmed their identity before hanging up.

The threat landscape in crypto

While hacks of DeFi protocols involve the theft of funds, such as the breaches that saw funds stolen from Axie Infinity’s Ronin bridge and Harmony’s Horizon bridge, data leaks are more likely to threaten customers of centralized crypto exchanges. Exchanges are required to collect Know-Your-Customer information from new clients to combat money laundering and terrorism financing, which could be exposed on the dark web in the event of a security breach.

In the case of this attack, an Australian security consultant said that it was possible that the hacker was exaggerating the scale of the attack.

According to a 2021 report by Crystal Blockchain, U.S.-based crypto companies had the highest number of attacks between 2011 and 2021, while attacks on Chinese companies accounted for most of the lost funds. Hackers tried to steal funds from exchanges with minimal KYC requirements, such as a phone number and email.

Disclaimer

All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.
Share Article

David is an electronic engineer with nine years of experience. He joined BeInCrypto to combine his passion for writing and his interest in fast-moving industries, cultivated from his university days. He hopes to make crypto easy to understand.

Follow Author