According to a hacker's allegation, customers, including cryptocurrency exchanges Binance and Coinbase, employ a law enforcement system.

Law Enforcement

However, nobody seems to be in agreement as to whether or not to take the hacker's threat seriously: the corporation that is purportedly infiltrated, the security firm that reported it, and the cryptocurrency exchanges that are at danger.

The allegations were made public by cybercrime intelligence company Hudson Rock on its InfoStealers blog. It was noted that a threat actor going by the moniker "Tamagami" claimed to have gained access to Kodex and other law enforcement systems. That is the technology that Chainlink, Coinbase, and Binance employ to process subpoena requests.

In addition to offering to sell individual subpoena requests for $300, the hacker was willing to sell account access for $5,000. If the hacker's allegations are true, then the person who purchased the stolen login credentials could be able to use them to pretend to be a law enforcement official and demand a plethora of private information pertaining to users of cryptocurrency exchanges.

Even while it's "hard to validate Tamagami's claims," Hudson Rock CTO Alon Gal told Decrypt that the group had also claimed to have gained access to Google and Meta's law enforcement systems and had produced "what appears to be genuine images from the platforms." On the cybercrime forum, he continued, the person had around 250 reputation points, "indicating that users vouch for their legitimacy."

Gal pointed out that hackers claiming to sell access to law enforcement systems is a known threat vector rather than an isolated incident. Hudson Rock further stated that they had discovered more than 50 distinct sets of credentials for Google's law enforcement system from a range of Infostealer infections.

They went on, "We remain committed to protecting our user data against any form of unauthorized access, and we have put in place a thorough documentation process and constant monitoring for any compromised accounts."

In a statement sent to Decrypt via email, a Kodex representative refuted the allegations, stating that "people are mistaking access to the Kodex platform as access to its functionality" and that the screenshots promoted on hacker forums and Telegram channels "only show incomplete processes—no evidence that a request was actually sent or that any data was recovered."

The spokeswoman went on to say that the company works under the premise that access to a law enforcement email address alone does not suffice for verification, and that the company keeps an eye out for unusual activities on account behavior.

In an email, the representative stated, "Many flags were tripped in our system to suspend the account before any requests were sent." Every account linked to a reported email domain is stopped until Kodex's team verifies it. They stated, "This account was never authorized and additional layers of verification are applied to Emergency Data Requests (EDRs)."