The security of crypto exchanges is a significant issue, and a scandal has rocked a few exchanges regarding user data leaks. User data is supposedly leaking from these exchanges and being sold on the dark web to scammers who will try to defraud people who are clients of these exchanges.
A few weeks back, user information allegedly obtained through a data leak on Binance was reportedly being spread on Telegram. This information included user phone numbers and other information about their business on the exchange.
Following this matter, another exchange has allegedly suffered a similar information leak. Hackers on the dark web claim that they are selling user data which belongs to Huobi’s clients. This information is identical to that which allegedly leaked from Binance’s KYC, and this has raised concern in the crypto community.
Information for sale
The user data which has allegedly been obtained from Huobi is being sold on the Chinese dark web. For as little as 30 cents (USD), a scammer can buy a user’s phone number and other communications the customer has with Huobi regarding their transactions.
Although the authenticity of the user data has not been confirmed, one of the sellers who claim to be a hacker promised those who want to buy the data that the phone numbers are real. The seller adds that scammers can get a high pick up rate if they purchase and use these phone numbers.
The hacker also claims to have user data from other smaller exchanges such as Hetbi, ZDCoin, and BIKI. The hacker advertises this information by also saying that potential scammers could get a decent conversion rate for pyramid schemes if they buy the data on the hacker’s hands.
Huobi denies information leak
Huobi has come out and denied that they suffered a data breach of any sort. Ross Zhang, head of marketing at Huobi, says the information being sold by the hackers was not obtained from Huobi and that the exchange found out that an insignificant portion of the phone numbers being sold can be associated with Huobi.
He added that the hacker is likely using Huobi’s name to attract more customers for the data they purport to have.
Explaining how the hackers might have information about the contents of messages sent to clients by Huobi, the exchange’s spokesperson said that the hackers might have accessed a thirty party messaging service and not the exchange itself.
The exchange maintains that its clients have nothing to worry about because this is not a KYC data breach. They said that they are aware of the concerns their clients have because of a leak on another one exchange, but Huobi has not been breached.
It is vital that exchanges maintain high security over their clients’ user data because privacy is of the utmost importance when engaging with cryptocurrency. These alleged data breaches, true or not, will affect the trust clients have in crypto exchanges and this will be detrimental to the industry as a whole. However, the hacker obtained this user data, the issue needs to be resolved swiftly.