Binance CEO Changpeng “CZ” Zhao sounded the alarm on a massive data leak of one billion Chinese residents that went up for sale on the dark web.
Twenty-three terabytes of data containing names, addresses, birthplaces, national IDs, phone numbers, and criminal case information was reportedly stolen from a police station database in Shanghai, China. The hacker offered the information on a dark web forum for ten bitcoins.
CZ took to Twitter on July 3 to announce that Binance threat intelligence had discovered resident records for sale on the dark web, without mentioning the country. He attributed the data breach to a bug in a government agency’s software using an “Elasticsearch” algorithm.
Elasticsearch is used to quickly search through massive data sets and return answers in milliseconds. In a corporate or government entity, data from social media posts to emails to company spreadsheets may all end up in an Elasticsearch data bucket. While this makes for easy access to a wealth of enterprise information, it becomes equally a tantalizing prospect for cyber bandits.
Information on the forum where the data was posted suggests that the attack targeted an instance of Elasticsearch on the cloud platform of a subsidiary of Alibaba used by the Shanghai police.
CZ explained that the compromised data had implications for Binance users since the data in question could be used to take over accounts. The cryptocurrency exchange has since taken steps to harden its user verification processes. CZ added that Binance uses internal and outsourced threat detection.
Cybersecurity experts concerned with the size and sensitivity of data
News of the hack sent jitters throughout the Chinese security industry, triggering speculation on how it could have happened. Shanghai police have not made public any official statement. Cybersecurity professionals that have weighed in are concerned due to the hack’s size and the sensitivity of the exposed information, including criminal activity details.
According to the Wall Street Journal, some reporters downloaded the list and called phone numbers to check the validity of the information. Five parties verified criminal information only the police could access, while four confirmed their identity before hanging up.
The threat landscape in crypto
While hacks of DeFi protocols involve the theft of funds, such as the breaches that saw funds stolen from Axie Infinity’s Ronin bridge and Harmony’s Horizon bridge, data leaks are more likely to threaten customers of centralized crypto exchanges. Exchanges are required to collect Know-Your-Customer information from new clients to combat money laundering and terrorism financing, which could be exposed on the dark web in the event of a security breach.
In the case of this attack, an Australian security consultant said that it was possible that the hacker was exaggerating the scale of the attack.
According to a 2021 report by Crystal Blockchain, U.S.-based crypto companies had the highest number of attacks between 2011 and 2021, while attacks on Chinese companies accounted for most of the lost funds. Hackers tried to steal funds from exchanges with minimal KYC requirements, such as a phone number and email.
BeInCrypto has reached out to company or individual involved in the story to get an official statement about the recent developments, but it has yet to hear back.