A Breach Forums user, operating under the alias “Miembro,” has recently advertised access to Binance’s law enforcement request panel for the sum of $10,000, payable in either Bitcoin or Monero. The post, dated December 14, outlines that the offered access is labeled as “private access only used by Law Enforcement,” with the assurance of unlimited requests to be addressed within a timeframe of three to seven days.
Potential buyers were instructed to make inquiries through the website portal or via Tox or Telegram, with a specific request for straightforward offers and discouragement of casual greetings such as “hi” or “hey.”
Upon investigation by researchers at Hudson Rock, it was revealed that Binance employs a third-party service called Kodex to validate law enforcement requests. The compromised credentials used to access the account are reportedly linked to law enforcement officials and were acquired through the compromise of three computers infected by malware. These compromised credentials allegedly belong to law enforcement officers from the Taiwanese Criminal Investigation Bureau, the Uganda Police Force, and the Anti-Cybercrime Group of the Philippine National Police (PNP).
While the report does not conclusively confirm whether the access was genuinely obtained through the compromised credentials, the user, in a subsequent post, asserted that they had successfully tested the access, stating that it “works fine” and that the Endpoint Detection and Response (EDR) system is effective with various identifiers such as email addresses, phone numbers, document numbers, transaction IDs (TXID), and wallets.
Meanwhile, Binance is grappling with potential regulatory challenges, facing an imminent ban from the Securities and Exchange Commission in the Philippines for allegedly operating as an unregistered exchange. In the United States, former Binance CEO Changpeng “CZ” Zhao has been ordered by a court to pay $150 million for violating the Commodity Exchange Act and Commodity Futures Trading Commission regulations, with the exchange itself ordered to pay $2.7 billion to resolve the CFTC enforcement action.
