Kodex Says Binance Law Enforcement Panel Access Sale is a 'Scam'

Access to Binance's law enforcement data request portal is for sale for $10,000 in crypto via BreachForums, a forum where hackers trade in data dumps, but the company that maintains the portal calls the whole thing a "scam".

Binance provides access via a third-party service called Kodex, commonly used by online financial institutions or social media platforms to validate law enforcement requests and facilitate access.

InfoStealers, a publication covering the Darknet and data breaches run by cybercrime intelligence service Hudson Rock, reported, citing their data, that three computers belonging to law enforcement officers from Taiwan, Uganda, and the Philippines were compromised in a global malware campaign in 2023, leading to stolen browser-stored credentials and unauthorized access to Binance’s login panel.

“The reported illicit sale of access to the Law Enforcement Request Portal does not represent a breach of Binance's system. Instead, it may involve compromised law enforcement accounts. With a thorough documentation process in place and constant monitoring for any compromised accounts, we remain committed to safeguarding our user data against any form of unauthorized access,” according to a Binance spokesperson.

"The Kodex team regularly monitors forums like this and others on the dark web - this is a classic example of a scammer advertising accounts that they know are inaccessible," a Kodex spokesperson said via an email interview.

In response to a request for comment from CoinDesk, Miembro, the poster advertising the sale, declined to provide details as "access is still live."

"The only thing I will comment about that is that forcing password resets on all the users or forcing 2-Step auth will not affect us," Miembro said via a Telegram interview.

This sort of attack is becoming increasingly common, and it doesn’t mean that Binance itself has been compromised. Instead, the quality of network security at law enforcement organizations worldwide is the achilles heel.

In 2022, security consultant and journalist Brian Krebs reported on this trend where criminal hackers were targeting and compromising email accounts of police departments and government agencies.

“Some hackers have figured out there is no quick and easy way for a company that receives one of these EDRs to know whether it is legitimate. Using their illicit access to police email systems, Krebs wrote. “The hackers will send a fake [Emergency Data Request] along with an attestation that innocent people will likely suffer greatly or die unless the requested data is provided immediately."

The vulnerability of EDRs to falsification by hackers, due to inadequate verification mechanisms and the vast number of police jurisdictions highlights the urgent need for a more secure and reliable process to handle these requests and mitigate the risks of fraudulent activities, Krebs writes.

In an earlier interview with CoinDesk, Jarek Jakubcek, head of Binance Law Enforcement Training, said his team often encounters fraudulent requests, such as from private investigators posing as police, including one case where a dissatisfied private investigator used a fake domain to mimic an official request for customer data from Binance.

“We are very lucky to have a team of almost 30 ex-law enforcement people because we know how law enforcement requests should look like," he said.

The Digital Authenticity for Court Orders Act seeks to prevent the illegal use of forged court orders by requiring digital signatures for court-approved surveillance, domain seizures, and content removal.

This bill has been introduced in the Senate but hasn’t moved forward since July 2021. However, this bill would only cover the U.S. and not the tens of thousands of other law enforcement agencies around the world.

UPDATE (Dec. 20 04:00 UTC): Updates with comments from Kodex and Miembro.