Earlier this week, a BreachForums user by the name of Miembro announced the sale of access to a Binance data request portal, built and maintained to accommodate police officers and government officials worldwide in their attempts to track down cybercriminals.

The sale has since been paused, owing to a blunder involving a crypto mixer being used by a buyer to send funds to the seller turned out to be an invalid address.

Access to De-Anonymized Data

However, the sale will allegedly resume in about a week, once the mixer returns the funds.

Until then, the amount of data made available to bad actors is unclear. If the seller is to be believed – and his past ratings indicate he is a reputable one, as far as that term applies here – the emails, phone numbers, wallet IDs, and transaction IDs of users can be inspected by using the access provided by the perpetrator.

The above information goes for an asking price of only $10k.

How Was Access Acquired?

At the moment, no details are available regarding the exact source of the data breach. Security researchers at Hudson Rock, however, have provided a plausible hypothesis.

Hacker Sells Access to Binance’s Law Enforcement Portal, Cryptocurrency Holders at Risk.

Details inside: https://t.co/f4avLWOVvK pic.twitter.com/urIJB5hXBH

— Hudson Rock (@RockHudsonRock) December 19, 2023

Allegedly, Binance allows law enforcement officers to access its database via Kodex Global. According to Hudson Rock, the points of entry appear to be three computers infected by malware that allowed a bad actor to steal Kodex login credentials.

“The three logins shown in the image with access to Binance’s login panel appear to