See More

Binance CEO Raises Alarm on Chinese Data Breach

2 mins
Updated by Kyle Baird
Join our Trading Community on Telegram

In Brief

  • Binance CEO 'CZ' alerted his Twitter followers of a data breach exposing sensitive data of Chinese citizens yesterday.
  • The attack compromised one billion residents' records, including detailed criminal reports.
  • Cybersecurity experts are concerned about the scale of the attack.
  • promo

Binance CEO Changpeng “CZ” Zhao sounded the alarm on a massive data leak of one billion Chinese residents that went up for sale on the dark web.

Twenty-three terabytes of data containing names, addresses, birthplaces, national IDs, phone numbers, and criminal case information was reportedly stolen from a police station database in Shanghai, China. The hacker offered the information on a dark web forum for ten bitcoins.

CZ took to Twitter on July 3 to announce that Binance threat intelligence had discovered resident records for sale on the dark web, without mentioning the country. He attributed the data breach to a bug in a government agency’s software using an “Elasticsearch” algorithm.

Elasticsearch is used to quickly search through massive data sets and return answers in milliseconds. In a corporate or government entity, data from social media posts to emails to company spreadsheets may all end up in an Elasticsearch data bucket. While this makes for easy access to a wealth of enterprise information, it becomes equally a tantalizing prospect for cyber bandits.

Information on the forum where the data was posted suggests that the attack targeted an instance of Elasticsearch on the cloud platform of a subsidiary of Alibaba used by the Shanghai police.

CZ explained that the compromised data had implications for Binance users since the data in question could be used to take over accounts. The cryptocurrency exchange has since taken steps to harden its user verification processes. CZ added that Binance uses internal and outsourced threat detection.

Cybersecurity experts concerned with the size and sensitivity of data

News of the hack sent jitters throughout the Chinese security industry, triggering speculation on how it could have happened. Shanghai police have not made public any official statement. Cybersecurity professionals that have weighed in are concerned due to the hack’s size and the sensitivity of the exposed information, including criminal activity details.

According to the Wall Street Journal, some reporters downloaded the list and called phone numbers to check the validity of the information. Five parties verified criminal information only the police could access, while four confirmed their identity before hanging up.

The threat landscape in crypto

While hacks of DeFi protocols involve the theft of funds, such as the breaches that saw funds stolen from Axie Infinity’s Ronin bridge and Harmony’s Horizon bridge, data leaks are more likely to threaten customers of centralized crypto exchanges. Exchanges are required to collect Know-Your-Customer information from new clients to combat money laundering and terrorism financing, which could be exposed on the dark web in the event of a security breach.

In the case of this attack, an Australian security consultant said that it was possible that the hacker was exaggerating the scale of the attack.

According to a 2021 report by Crystal Blockchain, U.S.-based crypto companies had the highest number of attacks between 2011 and 2021, while attacks on Chinese companies accounted for most of the lost funds. Hackers tried to steal funds from exchanges with minimal KYC requirements, such as a phone number and email.

Top crypto platforms in the US | April 2024
Coinbase Coinbase Explore →
AlgosOne AlgosOne Explore →
Chain GPT Chain GPT Explore →
iTrustCapital iTrustCapital Explore →

Trusted

Disclaimer

In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and ConditionsPrivacy Policy, and Disclaimers have been updated.

David-Thomas.jpg
David Thomas
David Thomas graduated from the University of Kwa-Zulu Natal in Durban, South Africa, with an Honors degree in electronic engineering. He worked as an engineer for eight years, developing software for industrial processes at South African automation specialist Autotronix (Pty) Ltd., mining control systems for AngloGold Ashanti, and consumer products at Inhep Digital Security, a domestic security company wholly owned by Swedish conglomerate Assa Abloy. He has experience writing software in C,...
READ FULL BIO
Sponsored
Sponsored