Binance uses a third-party service called Kodex to verify law enforcement requests. A poster on Breach Forums advertises access to this panel for $10,000 in crypto. Access to this panel appears to be provided through compromised email accounts belonging to law enforcement agencies. Experts state that there is a common security vulnerability in these systems.
Hacker sells access to Binance panel for $10,000!
A malicious actor has put up for sale access to the Law Enforcement Request Portal, which provides legal access to Binance account data. It demands the equivalent of $10,000 in Bitcoin (BTC) or Monero (XMR) in exchange for access. Binance provides access through a third-party service called Kodex. Codex is often used by online financial institutions or social media platforms to verify and provide access to law enforcement requests.
InfoStealers, a publication that covers the darknet and data breaches, reported that three computers belonging to law enforcement agencies from Taiwan, Uganda, and the Philippines were compromised in a global malware campaign in 2023, resulting in browser-stored credentials being stolen. Additionally, InfoStealers noted that this data allowed unauthorized access to the Binance login panel. A spokesperson made the following statement regarding the issue:
Reporting that access to the Law Enforcement Request Portal has been illegally sold does not constitute a breach of Binance’s system. Instead, compromised law enforcement accounts may be involved. We are committed to protecting our user data against any unauthorized access by implementing a comprehensive documentation process and constantly monitoring compromised accounts.
The poster promoting the data did not respond to a request for comment on their account on Breach Forums.
Third party vulnerability
cryptokoin.comAs you follow from , these types of attacks are becoming increasingly common. This does not mean that the Binance exchange itself caused this danger. Instead, the quality of network security in law enforcement agencies around the world is its Achilles heel. In 2022, security consultant and journalist Brian Krebs reported on this trend. Accordingly, criminal hackers are targeting email accounts of police departments and government agencies. In this context, Krebs included the following points in his report:
Some hackers realized that there was no quick and easy way for a company that received one of these EDRs to know whether it was legitimate or not. They used their illegal access to police email systems. Hackers will send a fake Emergency Data Request along with a confirmation stating that innocent people will suffer or die if the requested data is not provided immediately.
To be informed about the latest developments, follow us twitter‘in, Facebookin and InstagramFollow on and Telegram And YouTube Join our channel!