Six months ago, a hacker going by the name ExploitDOT made claims that they had a trove of 100,000 KYC (Know Your Customer) files from multiple crypto-exchanges including Binance. ExploitDOT claimed that each ID that he sold would contain the user’s photo, a front and back copy of their ID, and a secondary document scan that would offer proof of residence, but no login credentials for any of the compromised websites. Over the past several days, a number of media outlets have picked up the story after a tech blogger began to post a number of claims and assumptions about the hacker and the breach. One of those claims was that the breaches never happened because no further posts about sales were ever made. There were also claims that the hacker had been in communication with Binance investigators who have said that no breach took place. Following this article, ExploitDOT felt compelled to make a statement on the same darknet forum where his initial post was made. ExploitDOt’s response was very passionate and addressed a number of the claims from the tech blogger’s article. He claims that he was never actually in communication with anyone from Binance, but he has always been very open to communicating with them. Following this post, the hacker has made his intentions clear that he will be changing his communications medium as well as his online moniker to hide from the spotlight that has been cast on him–out of fear that law enforcement will begin to move in on him and to avoid the high volume of messages he is receiving from users who are not looking to be legitimate customers.
Analyst Notes
When criminal hackers are pushed into the spotlight like this, it can cause them to change patterns making it much harder to keep tabs on them and assess what they are planning to do. Even if they are found again, unless they are able to be tied to a previous moniker with high confidence, it will allow them to openly discuss plans while people watch with skepticism as they are seen as a new actor instead of a seasoned hacker.
