Did Binance get hacked? Exchange denies breach

Are 13 million Binance traders at risk of having their personal information sold on the dark web, or is it just a hoax? This is the question security officials have been debating, with the exchange denying the breach.

Elsewhere, the United States securities watchdog has settled charges against TrueCoin LLC, the issuer of TrueUSD, a $500 million stablecoin that’s listed on over 100 exchanges, including Binance and Coinbase (NASDAQ: COIN).

Did Binance get hacked?

The alleged Binance hack was first referenced by a user of a dark web forum who claimed to possess the personal data of 12.8 million traders. The user, named ‘FireBear,’ claimed the data included users’ names, birthdays, phone numbers, addresses and email addresses.

The user, allied to the cybercriminal group ‘Greavys,’ is reportedly willing to sell the data via Telegram, a platform whose enhanced privacy has endeared it to dark web fans, but has also landed founder Pavel Durov behind bars.

Cybersecurity experts have linked Greavys to other known cybercriminals like ‘Wiz’ and ‘Box.’ This group was behind a $243 million heist in August, where they contacted a Genesis creditor, posing as Gemini representatives. They led the victim to believe his account was compromised and guided him through a reset of the two-factor authentication.

Binance has, however, dismissed the claims in a statement to media outlets.

“This is false. Our security team has looked into the claims and we can confirm that this is not a Binance data leak,” a spokesperson said.

Security experts have called on Binance users to remain vigilant whether or not the breach happened. Digital asset scammers tend to capitalize on this uncertainty by employing their social engineering techniques and wiping victims’ wallets clean, stated Oz Tamir, a security expert at Blockaid, a Web3 security firm.

“Even if this specific breach turns out to be fake, it’s important for users to stay vigilant. Scammers may use personal information to impersonate Binance or other trusted entities in an attempt to trick users into giving up control of their accounts,” he told one outlet.

SEC settles with $500 million stablecoin TrueUSD

In regulatory developments, the U.S. Securities and Exchange Commission (SEC) has settled with the companies behind TrueUSD, a $500 million stablecoin, for all-too-familiar charges.

The SEC alleged that TrueCoin LLC and TrustToken Inc. defrauded investors by falsely claiming that TrueUSD (TUSD) was fully backed by U.S. dollars in reserve.

Filed in the Northern District of California, the SEC’s complaint alleged that “a substantial portion of the assets purportedly backing TUSD had been invested in a speculative and risky offshore investment fund to earn additional returns for the defendants.”

However, the founders continued to tout the stablecoin as stable. In 2022, the offshore commodities they had invested in presented redemption challenges, and yet, the issuer continued to tout the one-for-one backing. As of a month ago, 99% of TUSD’s backing was purportedly invested in the speculative fund.

The charges are a little too familiar. Stablecoin issuers have been found to have lied about the backing of their tokens, and while sometimes they do it to make a little more profit, at other times, the motive is much more sinister.

Take Tether’s USDT, the leading stablecoin with 70% market share: the company was found to have ‘loaned’ Bitfinex, its sister company, nearly $1 billion after the exchange lost its customers’ funds to dubious shadow bankers. This financial maleficence was only punished by an $18.5 million fine by authorities and a stern “don’t do it again.” Years later, when the FTX umbrella of companies engaged in similar practices, the result was the collapse of a long line of multi-billion dollar firms and the imprisonment of founder Sam Bankman-Fried. Tether, on the other hand, is still thriving, allegedly generating over $5 billion in net profits in the first half of 2024.

For TUSD, the punishment is a $700,000 fine without the admission of guilt, which the SEC still touted as a victory.

“This case is a prime example of why registration matters, as investors in these products continue to be deprived of the key information needed to make fully informed decisions,” the agency’s Crypto Assets & Cyber Unit chief Jorge Tenreiro said.

Today, TUSD is a pale shadow of its former self at a $494 million market cap (although this is the seventh highest in the market). In its prime late last year, it boasted over $3.5 billion in market cap and was listed in over 100 major exchanges, with its millions of users blissfully unaware that the issuers were gambling with their funds.

Watch: Utilizing blockchain tech for data integrity