A user identified as "Miembro" posted on a breach forum on December 14, advertising access to the Binance Law Enforcement Request Panel for sale at $10,000 in Bitcoin or Monero. This access, labeled as "private access for law enforcement use only," guarantees unlimited responses to requests within three to seven days, as stated in the post.
According to findings by researchers from Hudson Rock, Binance utilizes a third-party service named Kodex to verify law enforcement requests. The breach seems to have occurred through compromised credentials allegedly belonging to law enforcement officials. The compromised credentials, originating from three computers infected with malware, were reportedly linked to law enforcement officers from entities such as Taiwan's Criminal Investigation Bureau, the Ugandan Police Force, and the Philippine National Police (PNP) Anti-Cybercrime Group.
While it remains uncertain if the access was indeed obtained through compromised login details, the user claimed in a subsequent post to have successfully tested the access, affirming that it was "working fine." The user suggested that the accessed system, the Electronic Document Repository (EDR), operates with various data like emails, phone numbers, document IDs, transaction IDs (TXIDs), and wallets.
Meanwhile, Binance faces a potential ban from the Philippine Securities and Exchange Commission for its failure to register the exchange. In another development, on December 18, a U.S. court ruled that former Binance CEO Changpeng Zhao must pay $150 million for violating the Commodity Exchange Act and the Commodity Futures Trading Commission (CFTC) regulations. Additionally, the exchange itself has been ordered to settle with the CFTC for $2.7 billion as part of enforcement actions.
