Binance denies the leak of user data

Yesterday, news spread about a possible leak affecting Binance.

In un mercato finanziario, i termini “bull” e “bear” sono comunemente usati per descrivere le tendenze del mercato. Un mercato “bull” è caratterizzato da un aumento dei prezzi delle azioni, mentre un mercato “bear” è caratterizzato da una diminuzione dei prezzi delle azioni.

Today the denial came from the exchange.

Binance: the news of the leak of sensitive data

According to the news reported by the Daily Dark Web, it was hypothesized that user data from Binance had leaked on a forum in the dark web.

The article also showed a screenshot of the breachforums forum, specifically a post by the user FireBear in which it was stated that the displayed data was a sample from a leak affecting Binance that occurred in August.

The user also claimed that 12.8 million records had been stolen, containing information on names, emails, phone numbers, address, and date of birth of as many users of the exchange.

Obviously FireBear also specified that such data was for sale, also indicating which Telegram contact to write to for the purchase.

The denial

Today a representative of Binance officially stated:

“This news is false. Our security team has examined those claims and we can confirm that it is not a data leak from Binance”.

The denial therefore is categorical, although it does not deny in itself the fact that there may be 12.8 million user data records for sale.

On the other hand, even in FireBear’s post on breachforums, the statement that that data actually comes from Binance is in no way confirmed or verifiable.

The hypothesis therefore is that, if those data are truly for sale, they are not data that refer to Binance users, also because there seems to be no proof to demonstrate it.

Is it a scam?

The dark web is full of scammers and scam attempts.

Although it is not precisely known who FireBear is, it certainly should not be considered a reliable source.

Therefore, the fact that you claim that those data come directly from Binance, in the absence of concrete evidence to support it, should be considered an unconfirmed, unverified, and perhaps indeed false statement.

Moreover, the user FireBear on breachforums appears to have posted only 15 times, so it is not easy to examine their activity to determine if they are credible or not.

In these cases, it is often just attempts to earn a lot from the sale of data whose origin, however, is uncertain. Since the post by FireBear is in all respects a propaganda post that serves to convince as many people as possible to buy his data, it should not be considered a truthful post by default.

In other words, FireBear has a personal and commercial interest in convincing people to buy that data, and since it is an anonymous user, it does not risk much if it were discovered that it is lying by saying that they come from Binance.

The security of Binance

In recent years, and especially after the departure of Changpeng CZ Zhao, Binance has tried to reposition itself in the crypto market as a safe, regulatory-compliant, and institutional-level exchange.

In the event that he had indeed been a victim of data theft, news like this could call into question this new reputation painstakingly built in recent times.

However, there are no confirmed reports of thefts against the exchange since this turn of events, therefore it seems more likely that Binance’s denial is truthful, rather than a leak actually occurring in August.

Obviously, however, the exchange also has an interest in claiming that FireBear is lying, so to get less biased information, an impartial and expert source would be needed to examine the matter to understand if the truth lies more with Binance or FireBear.

The problem of fake news

Unfortunately, in the crypto field, there are often many false news stories.

To tell the truth, this also happens in all other sectors, but in the crypto one, there are really many circulating.

The real big problem, from this point of view, lies in the sources.

When it comes to on-chain information on public and decentralized blockchains, anyone can go and verify for themselves, at the root, without intermediaries and therefore without having to rely on third-party sources.

But when it comes to information like this, which cannot be verified on-chain in any way, what matters most is not the information itself, since it is often extremely difficult to understand whether it is true or false by simply examining it, but the source.

In this specific case, neither of the two sources is impartial, so it is particularly difficult to decide which of the two should be considered reliable.

Nevertheless, an anonymous profile that publishes a propaganda post cannot in any way be considered a reliable source, while a global-level exchange, and now institutional, like Binance can be considered at least an authoritative source, although in this specific case not necessarily reliable since it is not impartial.

In other words, in the absence of confirmations and verifications deemed reliable, the news should not be considered true, even if it may appear plausible.