On August 13 when the Binance KYC “FUD” gradually left the spotlight, a Telegram user going by “Guardian J” pushed the world’s largest cryptocurrency exchange into the public eye once again, by publishing Binance know-your-customer (KYC) data in a Telegram group.

Like what Guardian M did a week ago, Guardian J released images of individuals holding their IDs and a piece of paper written with the words “Binance, Feb.26, 2018”, but they were in a small number and had less impact this time. The two hackers appear to hold different batches of the exchange’s KYC data, as all the released images from leaker M were dated “Feb.24, 2018”.

While all the images released by the two hackers thus far were dated back to February, it seemingly supports Binance’s claim that the data might be leaked by a third-party service provider managing the company’s KYC info at the time.

According to the conversation between the hacker under the pseudonym John Amat and a Binance staff which has been recently obtained by local crypto media Deepchain Finance, the hacker warned that the exchange would be continue hacked if they don’t catch those “insiders”, and showed off his holdings of Binance KYC data; after supplying evidence of the data in his hand, the hacker then asked for 300 BTC in exchange for info about the helpers inside the exchange and the hackers making away with the exchange’s 7,000 BTC in May. The negotiations, however, seemed to break down somewhere.

Screenshots of the conversion between the hacker John Amat and Binance staff Symbiotic

The screenshots revealed that their negotiations took place during July 10-July 20. This was ahead of Guardian M broadcasting KYC data via Telegram and Coindesk disclosing the talks between hacker “Bnatov Platon” and Binance. That is to say, Binance has early been informed of its KYC info leak and the existence of “insiders” who are helping in the 7,000 BTC hack.

Both the leak were directly related to the exchange’s 7,000 bitcoin breach. Earlier in May, the exchange reported a 7,000 BTC loss resulted from a security breach. According to hacker Platon, the insider within the exchange helped make a number of APIs public that allowed the hackers to directly access client accounts and their funds remotely.

Timeline of the incidents after the 7,000 BTC hacking

The authenticity of those screenshots has yet to be confirmed, Binance CMO He Yi replied when reached for comment, and claimed that “Binance is willing to pay bounty to anyone who can provide useful information for the exchange security, (but) the hacker in the extortion process did not provide helpful information”. She added that Binance has an ongoing security screening mechanism, including but not limited to dismissing employees who conduct improper trading.