Binance has firmly denied allegations of a data breach, stating that its security team has concluded there was no leak from the crypto exchange’s systems, despite claims that users’ KYC data was being sold on the dark web.
The controversy arose after reports surfaced suggesting that some of Binance’s internal passwords had been exposed on GitHub for an extended period. On January 31, a publication named 404 Media asserted that a “highly sensitive cache of code,” along with internal passwords and other technical information, had been accessible on a public GitHub repository.
Following the publication of these claims, Binance took swift action, submitting a copyright takedown request to GitHub to remove the data. In its request, Binance emphasized that the internal code was posted on GitHub without authorization, posing a significant risk to the firm and potentially causing financial harm and confusion to its users.
Responding to the accusations, a representative from Binance conveyed to 404 Media that although the exchange acknowledged an individual’s claim of possessing sensitive data, the security team meticulously evaluated the information. They concluded that it bore no resemblance to any existing content in production at Binance. The spokesperson provided reassurance to users, emphasizing that their data and assets are secure on the platform.
Subsequently, a user on X, identified as “otteroooo,” raised concerns that Binance users’ KYC data had surfaced for sale on a dark web marketplace, suggesting a link to the alleged GitHub leak. However, Binance’s customer support X account promptly addressed these claims, affirming that the crypto exchange’s security team had thoroughly evaluated the situation and concluded that “there is no such leak from Binance systems.” They reiterated the assurance that “user accounts remain safe” on the platform.