There’s a rumour about a hack concerning the Binance KYC procedure. Recently, in fact, photographs have been circulating that seem to refer to the user information entered during the KYC procedure.
The photographs published by the hacker who claims to have stolen them from Binance clearly show the handwritten pieces of paper used during the registration process, with the Binance name clearly visible.
Today, however, the exchange denied that the origin of those photographs is their website. In other words, according to Binance, those photographs have a different origin.
In fact, the company claims that all KYC data is stored and protected with access authorisation controls and strict security controls, and all data is encrypted according to industry standards, i.e. the Advanced Encryption Standard (AES) specifications.
In addition, Binance adds that they have evidence that those images do not come from their exchange accounts.
When the website acquires images that users are required to provide during the KYC procedure, their system automatically incorporates a hidden digital watermark that is stored within the file before archiving it.
These digital watermarks are only perceptible under certain conditions and with special technology. Furthermore, according to Binance, they can be detected even if the images are modified.
Such a watermark would not be present on the photographs published by the hacker, so these would not come from the exchange’s archives.
In other words, although it may seem that those photographs refer precisely to the Binance KYC procedure, the author of the hack would not have taken them from the exchange website, meaning that the photographs would be fakes.
In fact, it is also possible to make another hypothesis, namely that these photographs may have been taken directly from the devices of the users who actually took them.
Often, in fact, the weak link in online security is the users themselves and it is not unlikely that those photos were taken from the users’ devices and not from Binance’s servers.
The absence of watermarking would suggest that the files have not been uploaded to Binance’s servers and marked with a digital watermark but the photographs have been taken by the users themselves and stored on their devices.
To date, in fact, there has not been any successful hacker attack on the Binance servers.