The hacker allegedly offers $5,000 (total) or $300 per emergency data request (EDR) from KodexGlobal to access and request private user data.
A hacker claims to be selling access to a law enforcement request portal that can be abused to harvest sensitive user data from major tech and crypto firms like Binance, Coinbase, Chainlink, and others.
According to a report from Hudson Rock, the threat actor is offering to sell access to “KodexGlobal,” a law enforcement request account that can provide fraudulent subpoena access and request private user data in the guise of a law enforcement procedure. The hacker allegedly offers $5,000 (total) or $300 per emergency data request (EDR).
The KodexGlobal platform operates as an interface for law enforcement agencies and regulators, providing an ostensibly secure space for such procedures. Suppose access to such a platform is sold to a buyer from the dark web. In that case, personal user data from a company can be obtained illegally despite the ruse of a legal framework behind the request.
If abused, this could lead to identity theft, extortion, and financial fraud targeting crypto users, as well as users from other platforms such as LinkedIn, Tinder, Discord, and others.
Hudson Rock, the cybercrime intelligence firm that also investigated the recent MailerLite hack, which led to over $500,000 in funds drained from crypto wallets, said they identified “over 50 different sets of credentials” from KodexGlobal.
Hudson Rock also reported in December 2023 that a similar offering for access to Binance’s law enforcement portal was being sold through KodexGlobal. This was before a recent GitHub code leak involving Binance in which the exchange said that the risks from the leak were “negligible” and didn’t pose a substantial threat to its platform-level security and usability.
Commenting on the recent report about KodexGlobal access being sold off to the dark web, a Binance spokesperson said that Hudson Rock’s findings “do not represent a breach” of Binance’s internal systems. Coinbase and Chainlink have not issued official statements to address the issue.