Hackers Laundered $9 Million Through Binance, Fisco Alleges in Lawsuit

Key highlights:

• Japanese cryptocurrency exchange operator Fisco is suing Binance
• Fisco is alleging that Binance's "lax policies" allowed cybercriminals who hacked the Zaif exchange in 2018 to launder more than $9 million worth of crypto
• Fisco says that Binance did not take appropriate action to freeze the hackers' accounts

Fisco sues Binance for not stopping hackers from laundering stolen crypto

Japanese cryptocurrency exchange operator Fisco is taking Binance to court in the United States. Fisco is alleging that Binance’s “lax policies” allowed cybercriminals to use Binance to cash out their ill-gotten gains. 

In its complaint, Fisco cites the 2018 hack of the Japan-based Zaif cryptocurrency exchange, which was taken over by Fisco following the attack. The takeover was a way for Zaif to avoid bankruptcy due to the losses incurred in the attack. 

In total, Zaif lost around $63 million worth of cryptocurrency in the hack, and Fisco alleges that the attackers laundered more than $9 million worth of the stolen cryptocurrency through Binance. Fisco is demanding that Binance covers the loss.

A section from Fisco’s complaint reads:

“Blockchain analytics confirms that, from that address, the thieves who hacked Zaif eventually laundered 1,451.7 bitcoin through Binance. A significant portion was sent to address 1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s, which belonged to Binance. The laundered bitcoin was valued at approximately $9.4 million at the time it was laundered through Binance.”

"Shockingly lax" KYC and AML protocols

In the complaint, Fisco says that the hackers went with Binance as their exchange of choice due to its “shockingly lax” know your customer and anti-money laundering protocols. The complaint continues: 

“Unlike legitimate virtual currency exchanges, Binance did not require these users to validate their identity information by providing official identification documents, given that Binance did not require an identity at all. Accounts were therefore easily opened anonymously, including by users in the United States within California.”

Binance has a policy of not requiring customers to verify their identity as long as they are not withdrawing more than 2 Bitcoin per day. Binance has maintained the policy despite many competitors introducing stricter identity verification requirements for their customers.

Fisco’s complaint also states that the Zaif exchange contacted Binance shortly after the security breach and requested a freeze on the accounts and transactions related to the stolen Bitcoin. According to the complaint, Binance failed to take action in response to Zaif’s requests.