A user named “Miembro” has surfaced on Breach Forums, advertising access to Binance‘s law enforcement request panel for $10,000 in Bitcoin or Monero. This access, claimed to be exclusive to law enforcement, is suspected to originate from compromised email accounts of law enforcement officials.
Security breach details
The compromised credentials reportedly stem from a global malware campaign in 2023, targeting computers belonging to law enforcement officers in Taiwan, Uganda, and the Philippines. These compromised accounts have allegedly facilitated unauthorized access to Binance’s login panel through a third-party service named Kodex, commonly used to validate law enforcement requests.
Binance has denied any breach in its system. A spokesperson clarified that the reported sale of access to the Law Enforcement Request Portal does not indicate a compromise of Binance’s infrastructure. Instead, it highlights vulnerabilities in law enforcement organizations globally, emphasizing the need for improved network security.
This incident underscores a growing trend where hackers target and compromise email accounts of law enforcement agencies. The vulnerability of Emergency Data Requests (EDRs) to falsification due to inadequate verification mechanisms poses a significant challenge. Security consultant Brian Krebs previously highlighted this issue, emphasizing the urgent need for a more secure process to handle these requests.
While it remains unclear whether access was genuinely achieved through the compromised credentials, “Miembro” claims to have successfully tested the access, asserting that it “works fine.” The user offers unlimited requests to be answered within three to seven days through compromised credentials belonging to law enforcement officials from different countries.
Regulatory challenges for Binance
Amid this security concern, Binance faces regulatory challenges globally. In the Philippines, the Securities and Exchange Commission (SEC) is considering a ban on Binance for operating as an unregistered exchange. Additionally, a recent United States court order has mandated former Binance CEO Changpeng “CZ” Zhao to pay $150 million for violating the Commodity Exchange Act and CFTC regulations, with the exchange itself facing a substantial penalty.
Overall, the illicit sale of access to Binance’s Law Enforcement Request Panel raises critical security questions surrounding the blockchain giant. As the blockchain industry grapples with cybersecurity threats, the incident underscores the need for comprehensive measures to secure law enforcement accounts and fortify the authentication process for data access requests.