A user with the nickname Miembro posted a message on Breach Forums on Dec. 14, offering to sell access to Binance's law enforcement request panel for the price of $10,000 in #Bitcoins or #Monero.
The post states that the access provides "private access used only by law enforcement," with the ability to make an unlimited number of requests that must be answered within three to seven days.
According to the announcement, requests can be sent through the web portal or #Telegram with simple sentences that do not include a salutation.
According to Hudson Rock research, Binance uses a third-party service called Kodex to screen law enforcement requests.
The account is accessed using compromised credentials that are believed to belong to law enforcement officials. Three computers that were infected with malware and then fell into the hands of hackers caused the compromised credentials.
Hacker Sells Access to Binance’s Law Enforcement Portal, Cryptocurrency Holders at Risk.
— Hudson Rock (@RockHudsonRock) December 19, 2023
Details inside: https://t.co/f4avLWOVvK pic.twitter.com/urIJB5hXBH
The credentials pertained to law enforcement officers of #Taiwan Criminal Investigation Bureau, #Uganda Police and the #Philippine National Police Cybercrime Unit.
The report notes that it is still unknown whether the ad was actually genuine or a simple scam. However, with the information provided about compromised law enforcement credentials, there is a possibility that access to Binance's request panel could indeed be hacked and sold on the black market.
Binance, one of the largest cryptocurrency exchanges in the world, receives numerous inquiries from law enforcement agencies every year regarding investigations and requests for cooperation.
If this announcement is true, selling such access could have serious consequences for Binance users, as attackers could gain access to their personal data and funds.
#Binance should immediately verify this information and take measures to ensure the safety of its users. Users are also advised to be cautious and take precautions such as using two-factor authentication and monitoring their accounts on the exchange.
