A report from CCN (Jan 20) has brought to light the possibility that a hacker is selling the know-your-customer (KYC) data and documents from the users of several major crypto exchanges over the dark web.

The hacker, going by the nickname “ExploitDOT”, has been offering KYC data, including passports, ID cards, and drivers’ licenses, for sale since July 2018 at $10 for 100 documents or more. There are even discounts for bulk purchases – up to $1 per 1,000 documents for an order of over 25,000.

The hacker’s ad claims that the data belongs to users of major crypto exchanges such as Binance, Bitfinex, Bittrex, and Poloniex.

CCN said it has independently verified the ad, which is still online. It also had help from an unnamed security expert, who said the hacker had given him samples that looked genuine when he posed as a buyer. The hacker also claimed he possessed data for users in every country that crypto exchanges served.

CCN reported that a Binance spokesperson supposedly told the security expert that there were “some inconsistencies” in the samples, and that Binance has its own “theories in regards to how this information may have been obtained”. The spokesperson did not elaborate, but added there had been no signs of unauthorized access to their system.

Just last week, New Zealand exchange Cryptopia fell victim to hacking, resulting in “significant” but as yet unspecified losses.