Hacker claims to have way to ‘subpoena’ Discord, Binance, Coinbase user info

Source: Cointelegraph

An online hacker claims they have access to a law enforcement request account, “KodexGlobal,” allowing buyers to subpoena user information from Coinbase, Binance, Chainlink and other firms. 

According to a blog updated on Feb. 4, cybercrime solutions provider Hudson Rock reported the hacker is selling access to the law enforcement request system account on BreachForums for $5,000 or $300 per emergency data request (EDR).

Services that the hacker claims to be able to make EDRs for include LinkedIn, Discord, Tinder, Binance, Coinbase, Chainlink, SendGrid, and many others. Speaking to Cointelegraph, a Binance spokesperson clarified that the blog’s findings do not represent a breach of Binance’s system. While suspecting involve compromised law enforcement accounts, the Binance spokesperson said:

With a thorough documentation process in place and constant monitoring for any compromised accounts, we remain committed to safeguarding our user data against any form of unauthorized access.

KodexGlobal is a platform used for secure communications between law enforcement agencies and regulators. Hackers with access to the platform could request personal data about a company’s users by falsely claiming legal reasons for the request.

Screenshot from post on hacker forum. Source: Hudson Rock

The abuse of the system could lead to identity theft, extortion and financial loss for users, especially those holding crypto assets, it noted.

Cointelegraph reached out to KodexGlobal for comment.

According to Hudson Rock, the hacker “very likely” gained access to law enforcement systems by exploiting credentials obtained from Infostealer Infections. These are often gained by compromised computers owned by law enforcement officers.

“Today, Hudson Rock researchers identified over 50 different sets of credentials for Google’s law enforcement system from various Infostealer infections,” said Hudson Rock.

In December 2023, the firm reported that a hacker was attempting to sell access to Binance’s law enforcement portal through KodexGlobal. 

It posted a screenshot showing three computers reportedly infected by global malware-spreading campaigns in 2023, resulting in compromised credentials.

The three logins shown in the image with access to Binance’s login panel appeared to belong to compromised law enforcement officers in Taiwan, Uganda and the Philippines. However, it did not confirm any Binance system breaches, user data or crypto thefts.

At the time, KodexGlobal dismissed it as a “scam,” though Binance reportedly confirmed they were aware of “such access,” according to the firm.

In a separate incident, Binance recently refuted a report claiming a “highly sensitive” cache of internal passwords and code had been exposed on GitHub for months.

On Feb. 5, the firm denied that there was any such leak from Binance and that user accounts remain safe.