Bitcoin Forum

Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web?

https://www.ccn.com/hacked-customer-data-from-world-leading-cryptocurrency-exchanges-for-sale-on-the-dark-web/

"On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.

According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.

The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service."

https://i.imgur.com/LRuZBw7.png

A few days ago, this also made news :

https://www.techspot.com/news/78317-leaked-database-exposes-87gb-emails-passwords.html

it's something scary, now KYC can also be hacked, I really don't think the darkweb site is really dangerous

That's the weakness of KYC and we had a taste of it when facebook got hacked and another one when this forum's database got stolen. I miss the times when we could trade freely without having to deal with KYC on sites like bittrex and poloniex, but things change. Unfortunately, in most cases they change for the worse.
I used to be and still am against KYC and government agencies trying to oversee crypto trading, but reading the posts of some forum members here makes me thing that I'm in the minority. 

Just one of the many reasons why I don't do KYC verifications. I don't expect people to learn anything from this though because It seem like people don't care about their privacy as long as they don't have to put extra efforts to use the forums or P2P platfroms to trade instead.

VPN + download Google Auth for PC = No more KYC  :D
I tried as a test 1 year ago and I successfully bypass all KYC verifications, I forgot on which one of exchanges... it was one of the most popular.

I have always had my skepticism on the security of one's personal data information when undergoing know your customer the internet is no longer safe and hackers are on the move if there can be another means of proving identity it would really save this menace

This is a lesson for us all.
As soon as we part with our personal information on the web we are
trusting lthers to put sufficient security measures in place to mind it
for us. If those security measures are not good enough there is nothing
we can do, its too late.

This is another big challenge in the crypto space that need urgent attention. If nothing is this will scared many newbie and institutional investors away from the crypto industry. Many of the kyc that is been use now are from fail ico project.after returning funds to ico investors they use the kyc for criminal activities that even pay them more than the ico project since they know many people don't participate in ico any more.regulation of ico will solve this issue

I'm of a similar mindset. I did do KYC at one exchange -- Coinbase. That's because sometimes I need to buy or liquidate fast, for amounts larger than I'm comfortable with doing P2P, especially considering the fraud risks. I think they're one of the most likely to properly comply with data protection laws. I definitely wouldn't multiply my identity theft risk by doing KYC anywhere else, though.

this really scary but i can tell there no credential with the vendor .. its also a other way to scam other who wanted  people information .. when i contact them for credit card information .. they will take your money and give you fake info ...  if they have binanace info they will rather login people account to steal their asset rather than selling information to people ...  so i will call this scam !!!  

What kind of KYC procedure does that service/site have if it only needs google auth and VPN.

That's why KYC is bullsh*t from projects who want to run their ICO. ICO and mostly the scam once required KYC, then sold it to some people who needs personal info since data == money. I only do KYC to services I needed the most and a reputed service especially to convert crypto to fiat, but taking kyc to ICO or bounties or any shady exchange? Thanks but no thanks.

And this reddit user/hacker trying to sell them at very cheap price means that more people will get access of that info and possible, it will be leaked even in google. And after several time, this people who doesn't care their privacy will see their names used to scam someone in the internet because of identity theft.

This should be a concern for exchange managers. A big mistake, until something like that happened. Do not let it happen again in the future, because it will reduce public trust. Even more so, it can help people rethink to enter the world of crypto

This is serious and a very big challenge for the security of customers account and identity, those big exchange should be careful and customers who pass through they kyc process should watch out cause they data is now open for sale and any one can get across to you information.

I have often expressed this concern with bounty and signature campaign managers who expose the email addresses of their participants too. At a time I had to take it up seriously with one of the top managers here before he then had to hide that column. Sometimes, we are helpless in a situation like that. Imagine bounty managers even introducing KYC to an ongoing bounty midway into the project. We often see this with bounties managed by inexperienced managers, anyway.

User data should be treated with utmost importance and should be highly improbable to give away in such manner,i blame most of this exchanges and projects which treat such information with laxity and pay less attention to user identity and anonymity.
Most times I begin to feel this entire KYC process could be of more harm than good to the entire community

It's a possibility yes.
There is no confirmation that this database actually exists. Some exchanges like Binance or Poloniex are mentioned so if this is all true, we have much bigger concerns here, like losing our funds.

Wow. This is why I am always skeptical when performing this KYC thing. Imagine the number of identity theft and fraud that might be performed using unsuspecting victims data.. Please what can be done to curb this menace?

Everything can be stolen. The best way to prevent data leaks is to use user data for verification and destroy it right after. This means that you will hold the user's name and email, but the rest like ID scans, photos, addresses and other information will never be stolen.

I'd prefer if there was no KYC at all. When you're buying food in a store nobody wants your name but to exchange some cryptocurrencies you need to show your ID. It's stupid!

And this is exactly the reason why I refuse to use any exchange that forces me to upload personal identification documents.
I've mentioned this many times in previous posts, but most people just don't seem to care.

In a way I'm kinda glad that this happened, just because now I can actually prove my point the next time this comes up.

I only buy Bitcoin through a Dutch exchange that works with IBAN (Bitonic), they only do SMS verification and your account is verified by purchasing Bitcoin via IBAN transfer.
I have a burner sim card, so that isn't a problem for me. I also don't mind using IBAN, since the transfers are secure.

To all people who just send their passports and pictures to exchanges without thinking about it:
Have fun dealing with identity theft in the future!

Just because someone says that they have a stolen database, doesn't mean that it's true, quite often scammers are selling fake databases, you could probably find thousands of offers like that on darknet markets.

But you are right, because this scenario is possible, KYC should be avoided as much as possible. Exchanges are going to take a huge hit when atomic swaps will become more common.

This!

That's why I really don't proceed if there's more of the requirement with KYC (ID's,selfies,etc). I think someone who's been following and doing bounties that keeps on doing KYC will start to think if his info is on the good hands.

Honestly, that's indicative of the original problem: Users need to take more care regarding who they share personal information with. Bounty participants shouldn't be sharing their real personal email addresses with managers, who are just anonymous people on the internet -- and they certainly shouldn't be sharing their KYC documents with them either.

The same goes for dodgy exchanges, and there are an abundance of those. Even if an exchange isn't intent on selling your documents, they may be overly lax about protecting your data. Even if they are extremely careful and take the necessary precautions, your info could still be compromised by a determined attacker. For that reason, it's important to minimize the number of exchanges you KYC with.

Thats why I hate the KYC, would only do KYC for a legit exchanger now.

Yes, I was very worried when the Bounty campaign required KYC to qualify for the prize, but I was anxious at this stage, because when bad people found it, it would automatically damage my database. So I think we should be more careful in making KYC for the campaign.

This is one of the reasons I always reject the kyc idea, and now the information was leaked and no one going to responsible at all, it is very dangerous to submit kyc at the site that we don't know and once it leak it will be difficult to take care of this situation, because we don't even know whose data were being stolen

This is one of the Main reasons we did not proceed with an ICO: https://bitcointalk.org/index.php?topic=5052530.msg47003491#msg47003491 (https://bitcointalk.org/index.php?topic=5052530.msg47003491#msg47003491)

We simply found no way to reliably store user's personal information, so we decided to outsource this scope. However, outsourcing only shifts the workload but not the legal responsibility. We would still be liable for the failing of the KYC/AML service provider, and we didn't find anyone that stood out with their safety and security. Everyone we approached was focused on telling us how quickly and cost effectively they can "tick the KYC/AML box" for us. The problem is that we are not after just ticking a box, we work in concrete and we want solid foundations and clear understanding of the withstand capacity of the service providers' systems, which turned out to be all in the wind. 

On top of that, we would still need to store your information to pay you back the capital and share of profit, and for accounting with the tax office, not just for KYC/AML reasons.

We're all for as much regulation as possible, as long as it is accompanied by clear methods of implementation and delineation of responsibilities.

Our view is that KYC/AML should only be carried out by a government agency.

We're still watching this space.

QFT, and lets not forget.


https://www.washingtonpost.com/business/technology/equifax-hack-hits-credit-histories-of-up-to-143-million-americans/2017/09/07/a4ae6f82-941a-11e7-b9bc-b2f7903bab0d_story.html

Before distributing your data around, the right is at least check out if the location where you will leave the data has some credibility. It is the most sensible to do.

This is why i hate kyc's especially when new projects with unknown devs are launching it that needed your personal information i dont know why they necessarily need it for but for god sake who knows what they're doing to our private data. They could sell it in darkwebs or even use it for their own gains like target marketing, identity theft and hacking other associated accounts.

I hope this raises a concern toward our own privacy because the majority does not really care about their own privacy. It is not worth to do KYC verification for cryptocurrencies things, It is a decline in cryptocurrencies ecosystem since cryptocurrency are mean to be decentralized, open, borderless, and trustless. Surely it is a setback for cryptocurrencies community when the majority of it does not utilize the benefit of the underlying cryptocurrencies technologies.

That was to be expected. Now our personal data will grow in value, since the number of KYC checks is only increasing and this will generate demand for our data, because they are ideally suited to provide similar KYC checks in other places. That is why I was always against these KYC checks against bounty hunters, because they are illegal against them at all. It’s just the ICO teams' amateur performance. By the way, because they themselves do not know what to do next with our data, where and for how long they should be stored. But this is nothing. The problem will begin when the police call on us in connection with our involvement in the crimes committed and we have to prove that we just underwent a KYC check somehow, or maybe more than once and were scattered with our data and copies of our documents.

The bad thing about KYC. But we cant do nothing about it. The only thing we can do is either to abide or not to use the service. But without the service how are we going to profit?

The fact is that nowhere can we be sure that our data will remain safe. Especially when it comes to ICO. Now transfer our data to the ICO teams anyway that transfer them directly to the criminals. And now they often get our data, and even so they try not to pay us the earned tokens. This is generally a nightmare.
Because of all these problems, many people quit their job at the ICO bounty. Now, even to our wallets, we rarely get tokens, all on their sites or new exchanges.

Becoming a concern when all our personal data is traded for certain purposes and this is a real crime. KYC is one of the efforts to prevent money laundering but there is still a bad side where our personal data protection is still weak, allowing some parties to abuse. See some the case is to be more careful again, if you are an investor in an ICO project, then consider again how they  protect our privacy.

Creepy and it happened. :'(
In the beginning I also didn't want to involve personal identities, but with KYC applied to every big exchange and because I also have an interest in an exchange, then I was forced to send KYC which continued to become like I don't care because the current standard is verify KYC. This problem has indeed been feared from the beginning, but we cannot do anything because we also need an exchange for crypto trading and also convert it to fiat.

This is why I don't do KYC at all on any exchange. Even if it asks for my First and Last name I don't do it.
To the people saying they will only do KYC with trusted exchanges now, just look at the article.

Bittrex, Poloniex, BitFinex, are all widely used by people and all users had to do KYC to even trade on the exchange.
Even Poloniex removed legacy accounts ( I have one ) but it has a 0$ limit now due to KYC.
Like @repear7 said, even though it is used for a good cause, there is always a big downside with it being your protecion of privacy.

same here i dont also do kyc , not because im afraid that i can potentially hack but because i dont have a passport and im also too lazy to do these kind of stuffs even if i have the requird i.d so i wont do it at all  . many generic exchanges out there that offers the same service but they dont ask for the kyc or other o.a verifications  .

kyc's  arent only sold on the darkweeb but it has been also sold all aroound the web .  there are also sites that offers kyc for you  .

This is very worrying about the sales of KYC data in Darkweb if it is leaked, of course this is very damage to the people who have made KYC. I will not do this anymore, it has scared us what if our data is used for bad things?

I just read this from Instagram and it turns out that someone has posted it on bitcointalk. I am a member of poloniex, bittrex and binance too. Long before the market was crowded like now, I had done KYC and was fully aware and suspected that this would happen. So when this really happens I cannot regret or blame the market.
I am indeed disappointed, but this is the reality that exists today, not only in the crypto world, data sales also occur in the world of banking and insurance. KYC is part of regulations made by the government, Market follows existing regulations, the choice to do KYC is in our hands.

All those KYC papers are most likely from some of all the free ETH based airdrop coins, people have submitted KYC to get, most of those scam airdrops didn’t even happened, but suspect people have guarded ten of thousand of KYC from airdrop bounty hunters.
I guess some people have re used the same picture the used when they got approved at their exchanges. And those few pictures are now being used to sell the KYC database as an exchange hack.

These are all exchanges I would never trust with my data. I pulled all my funds out of Poloniex as soon as they announced mandatory KYC. I'd be especially wary of Bitfinex -- they operate out of the British Virgin Islands and they prohibit US customers, so there's not much legal pressure on them to protect your data.

When you look at the way Coinbase and Gemini approach legal compliance and security, I have considerably more faith in them. They could have their databases hacked too, but I think the chances are much lower.

If you need to do KYC to cash in or out, choose one reputable place like that and stick with it. The more places you verify with, the higher the chances of identity theft.

It just prove no matter how security experts are doing to their platforms, its still has no match to the skills of someone who also have an updated penetration skills.


I can not agree to this though. The more you use this kind of programs the more its going to be easy for you to be hacked. You put your passwords in mind, you will never be hacked.

There are many KYC methods. With documents, phone, real personal data verification etc.
The problem was in the past because it was to easy to create one account, fill it with "some" personal information and thats it. Now if they think they added google auth they will stop criminals to create fake accounts, well google auth can be downloaded and run under VPN so problem solved. Documents? Really? I BET if you look on dark web you will find many guys that are selling documents or custom documents to buy. This KYC thing is just another arrogant attempt to invade your personal privacy.

this is damn scary! this is why we should jump into any ICO like crazy compromising our privacy just to make a few bucks.

yes when i do kome KYC i think twice about it, is this my data in the good hand, or maybe they sell our data to another people to makes scam and bad things, so we should careful when we send our data into another people

For now, I try to join those ICO signature campaigns that do not require KYC verification. In addition to a certain risk of our data falling into the hands of criminals, we still spend a lot of time on these KYC checks, and sometimes they fool us all the same and our work is wasted. Now is a very difficult period and to participate in the ICO, and trade on the stock exchange.

Bad things happen and KYC databases are not the only source of your personal data. People leave their information on different places on the Internet and often they are really even not aware of it. It's good to be very careful and not give your personal information to everyone but sometimes you can't avoid that in order to get some product or services. I guess we all have to accept certain risk but it's really scary when you think on how many ways hackers can abuse your data.

Only if we transfer our confidential data to the appropriate state bodies, can we still have some confidence that the various criminals will not have it. Giving our data on the stock exchanges is very risky, and if we give them to the ICO teams when conducting a KYC check, it is generally equivalent to handing them over to scammers. Yes, with KYC checking something needs to be done and especially in ICO.

I think its possible that if anyone hacked exchanger they can collect your personal data. Nowadays you cannot trade unlimited without KYC verification so many people given KYC or personal document and identify on this exchanger. Yes, you can find some exchanger that they can open trade but not for a long time without KYC because of if you do not give KYC your account will be disabled or unable to withdraw asset or face any problem.So people face both side of the problem for KYC .

Now this is something I don't want to see even if I didn't do KYC on those website but still this is a data base theft and I'm wondering what are those websites saying now? They will say is not their fault ...like all the others...

He does say that this information is from top exchanges but who can confirm that it is really is? He can say whatever he wants to say but that will not make it true, it can be some KYC from some bounties and he claims it is from exchanges. I know that giving out your information is not a good thing but in some cases, it is for the better, like in bounties I am ok with doing basic KYC but not full KYC because that will help stop the cheaters and it is the only way.

Absolutely agree with you. KYC verification does not justify its role, it only causes great harm to users of cryptocurrency. This is especially noticeable in the activities of ICO. KYC verification is still valid on exchanges and ICOs in transactions with large amounts of funds. To apply it absolutely for all is stupid. It is especially useless for bounty hunters. KYC checking slowly kills this activity.

That is the disadvantage of the KYC, we cannot ensure that our identity will be safe. I am really afraid that my identity will use by other people. It is really better if we will participate in icos that are not requiring kyc.

any KYC related document that you have ever given an ICO or will give in the future is going to be sold on the darweb not because it is hacked but because the ICO owners want to make more money and THEY sell it there.
any KYC related documents that you give exchanges has a high possibility of being sold on the darkweb because of the same reason as ICOs but also because exchanges are known to be hacked left and right. specially since many of them are scammy like Bittrex, they will do the selling themselves. that is why they ask for it in first place.

The bigger problem with this is that this same information can be used to signup for other services that require these documents. The money launders and criminals can siphon their dirty money through these services and it will be traced back to these victims. They will not even know that this information was compromised and they will have a difficult time, explaining this to the authorities.  >:(

Centralised services are known for lots of exploits and weaknesses, from corruption from within these services and software with huge flaws.  >:(

I would only trust a company like coinbase with my information. I would trust no other exchange with my identification scans.

Well KYC documents can be used for very wrong purposes or if I say, they can be used for criminal purposes. That's why I do not give my KYC to ordinary ICO sites as I have no grantee that they will not mis use it. On the other hand, it is the responsibility of the exchanges to keep our KYC documents safe as it contains very sensitive information about the users.

This is incredibly bad news, especially if it is true. A lot of people upload documents that confirm their identity but also input personal data like date of birth, place of birth, address, and more, and all of this can easily be used to steal people's identity, which would be extremely serious.

Oh no our private personal details were being compromised that could be resulted to hacking things from us. Anyway, I am not afraid of it because I am poor and they had nothing to take away from me. The problem is now more on the rich people that could get a threat to their life after the KYC details has been compromised.

I participated in many ICOs that requires a KYC. After I readyour post, i feel nervous because I realized that our identity is not safe anymore. There are a lot of buying and selling of identities so it is now not safe to give our identities in excahnges and ICOs.

We cannot do something because KYC is part of the  regulations. If we want to protect our identity, then we should not upload our I.D.s in the internet. There are now many rumors that the identity of the KYC participants are been using by other person.  So we shoul be careful on all of our decisions.

that is your own fault though because you were blinded by greed!
there simply has never been any reason whatsoever for an ICO to ask for KYC. Know Your Customer laws only apply to things that are regulated and want to follow the regulatory laws. no ICO in the whole world has ever been regulated. in fact they are illegal in most parts of the world!
that leaves only one reason for asking KYC, and that is to sell it and make more profit.

This is like what I worry about a lot of bounty campaign, airdrop and several other campaigns that require participants to do KYC and I think why it should be KYC while your identity is very important even your privacy should be very confidential, after many KYC cases I realized something would happen like this, the identity of many people is sold for crime.

Government makes KYC mandatory, exchanges push it to the clients, then hacker gets all the data of those individuals by hacking! Scary!

It is worrying yeah. Many here would potentially be at threat of having their identity cloned etc. Let’s hope nobpdy buys it from this guy :(

Well, this is not new anymore since even banks do this things especially the credit card companies who are sharing the information of their clients, I also believe google are doing this. Its better not to participate on a suspicious campaign for you not to be scared, just try to protect more you wallet.

I saw that news. It's painful to see this happening. Imagine what the thief could do with this information. It could be for identity theft, terrorism, hacking, and even blackmailing.
I wish current kyc practices is abolished. There are  ico services that are a bit safe. No website should be  allowed to hold people's documents.

That's kind of scary. That's the reason why I really don't use any projects that involve KYC because who knows where they are going to sell it. Also, it's beating the purpose of being anonymous. One day, Decentralized exchanges will take over the market.

You said that it is now not safe. You meant that before this, was it safe? A straight NO.
Because it had been said many times that providing your KYC anywhere is full of risks of theft/abuse/sale and to remain safe from such problems, you need to trade under limits but you can have multiple accounts to keep your side safe. This is one of the most significant reasons why I'm not supporting regulations; because then, everything will go in the hands of Govs and eventually, even companies will start selling all your crypto-related usage data (they must be doing it already). So, try to save yourself from such attacks, I know that to trade with higher limits on exchanges, you need to verify your account with KYC, but you can also choose to have more than one account (it's illegal over some exchanges to have more than 1 account, but to save yourself from getting your data sold and abused, you can try).

In principle, this was to be expected. The only question is how the data from the stock exchanges fell into the hands of scammers?If this is true then you need clarification from the exchanges on which the documents were stolen.There is another option - this post was written by a competitive exchange and thus it wants to impose an imprint on the exchanges indicated in the post.

I think exe installations are far more worrying. I've been looking for a responsive template for my new Bin This !!! site ( part of the Crypto Coin Tree ), and I found one that looked good, and just what I wanted. I hit download to get the HTML and CSS, and they requested an email address. Well that is fair enough, and a lot of sites do this ( including some of mine ). The email included a download link, and when I went o it, it required me to install an exe routine. I ran from there, and I blocked the site.  I suspect that exe routines will start appearing soon if KYC gets a bad rep.

I thought that to provide my personal data to such trusted exchanges as Binance, Bittrex, and it does not carry a big threat. It turns out this is not so. If in such exchanges hackers were able to steal documents, the various projects that require KYC then also should not be trusted.

This is super scary to be honest. I have done some KYC on 1 or 2 exchanges back in 2018 but it seems we don't know wich KYC database was compromised... I see this as an attack to our privacy so decentralization is the key of cryptos.

That's why some people warn us to not to easily give our KYC to suspicious sites or similar of it and actually i'm not too worried about bounty campaign use KYC because i was never give my KYC before and skipped if there is ICO's for KYC required but currently i was so fear if there is big exchange such as bittrex or poloniex got hack because i was submit my KYC to those exchange to get verified accounts

This had been my fear since i joined the world of cryptocurrencies(KYC). Haven some one data on an exchange based on KYC then be hacked by a hacker is very awkward to hear that such sensitive materials are linked to hacker. I will never do any KYC again not even to other good exchange as the case maybe.

So is there actual proof?

If so why wasn't it encrypted and where did it come from?

This is one that I don't like about KYC, where our data privacy is threatened. Maybe we feel confident that our privacy data is really safe, but we should also know what risks will occur if our privacy data is hacked. Maybe KYC is one way to gain trust from a platform, but will you immediately trust that platform?

this is one of the resons I'm, against any form of KYC
scary , but quite predictable
it was to happen sooner or later with all of the entities gathering data
almost every exchange and many casinos are collecting your personal data
and I'm sure it is not just one database that is leaked, just the one that is on sale OPENLY
you can be sure there are more circulating if not on darkweb then in some other forums or communities

Yes, now you should think about whether to once again send someone your personal data. Even if such good exchanges are under attack, it suggests that the KYC procedure has become dangerous.

Part of the common sense of each. You can give your data but you need to understand that it can be sold either by the company or by someone who is supposed to steal data from that company you trusted.

I do not send my identity in exchanges because I know that there possibilities that my identity will be hacked. I became more scared because of what I have read. I will never send my identity because most of it are being sold in darkweb.

This does not sound very well at all for crypto activities and this is one of the main reasons why i don't like projects involved in KYC. And the most annoying thing is that you only earn pennies for selling such a vital information out there. this could pose some security threats in case these details fall into the hands of a wrong person.

KYC is really something. I do not upload my identity to exchanges because I feel something fishy. I do not trust this exchanges because I know that their securities are too weak and there is high chance that our identity will be stolen by others.

This is very scary news. If those documents are real then it will dangerous for our identity and safety. Law should be applied to them who are responsible for this.

No, dark web is a really dangerous site. There are a lot of illegal things that are ongoing there and anyone who gets there can get involve in crimes. Now, this proves a lot of things about KYC. It is not good and it is not safe. As a bounty hunter, we should not deal with KYCs anymore because of the risks.

Your not in the minority, it's just a necessary evil we deal with. Personally I'm not a fan of KYC it can at times make things more of a headache when funding to exchanges than it can help. It is a matter of trusting the central authority in charge of the KYC processing to be able to protect your information since if it leaks that is a new juicy database that will show up on the net.

OMG but who can we make sure our data is safe and buy crypto at the same time? Do you guys know trustworthy protection systems and/or exchanges?

On the internet like this we have to be more careful in entering our data, because we do not know what will happen if we give our data to unknown people, our data may be used as a tool to commit crimes, so we ourselves will become victims, so we shouldn't give our data to others.

Everyone likes to trade freely without any obstacles and no one in the right mind would want his identification details published to anyone, there must be a precedent on how they are going to secure the sensitive information they are collecting and if they are not able to do so there must be hefty fine so that these events does not happen and they will be more vigilant on how these information are stored. I really liked the earlier days where we could create account and start trading but things are changing for the worst and that is the world we have to accept.

and finally, the worst fear of KYC was released. What needs to be asked is how the exchange can concede their user data. Does each exchange have a very naughty insider to distribute the data to other people for sale or indeed there are hackers who are able to hack the exchange only for their data ?

i believe every letter that has been said in this as i have started receiving emails from people i am very sure of not having anything to do with, both individuals and corporate bodies relating with me as though they have my details and they come so strong that you will think you have visited and office with such identity. this should be curtailed

To save you the trouble of losing your sensitive information to the general public i don't engage in  bounties which require KYC because it is very sad to hear that such a vital information is just being sold on the Darkweb.

This should be considered by most people who want to invest in using KYC or trading on a trade that is required to do KYC, if it is not done, chances are that our money in trading is likely to be lost and investment money will disappear, so there are many options for solve this problem and look for trusted trade and investment that is truly, store user data properly and so that it is not misused, by irresponsible individuals ...

Not all scam ico's will sold your profiles because some maybe using them for personal preference  .  not all ico are also scam therfor its okay to take risk and apply for a kyc oriented campaigns . its actually optional because there were also campaigns that did not require a kyc at all but that does not mean that they are legit   .  scammings and other nefarious crimes online are normal but they are avoidable

I'll consider this the safest approach, considering how most of these so called bounties turns out to be either scam or just come up with flimsy excuses why they had to cancel or suspended the ICO indefinitely, they end up never coming back. And no one knows how far those hackers or buyers are willing to go with such informations but I can tell it is never a good sign.

Sounds bad, I bet there are my KYC data on this seller...  :D
Because I have experienced pass the KYC procedure on Bittrex and some ICO's that I have joined for the bounty...

For now, it almost every legit bounty project that I have to join always ask me for KYC. I personally too lazy to giving them my personal data but I have no choice if I want to get my reward I should pass it...  :(

I have never supported the idea of KYC in the cryptocurrency world. Now, the technology can be hacked. what is the essence then. I think KYC  should be stopped. I see it as useless.

I think most of exchanges put more layer of security to protect their exchanges with the wallets and tokens they managed and the kyc documents is least of their priorities. But I hope exchanges are smart enough to request clever ways of approving kyc like writing dates on a piece of paper for greater proof.

Recently Loyakk (they collected more than 16 million in the ICO) wanted KYC from all bounty hunters (of course they informed about it after 8 months bounty period at the very end). They set a deadline of about 3 weeks. And best of all - they collected all documents via google form.

A similar case of DATABLOCKCHAIN . Here is my topic -> https://bitcointalk.org/index.php?topic=5099688.msg49319218#msg49319218 Several bounty campaigns. Also at the very end they don't issue tokens. They say something about "shares" Of course they all want KYC.


So many bounty campaigns for nothing (Sidera, Introa, Humancoin, Trustlogic and much more) . Hundreds of heavy hours of translation work. 90 % is fraud. The rest doesn't pay. They steal your documents. They are blatantly lying.
Many of these scammers have a proven identity on icobench. In my opinion (and I have more than 90 projects behind me) icobench is closely related to these scammers.

=====

Who invented this KYC in crypto world ???
After all, this is the gate for real criminals to completely whitewash

Sadly, "know your customer" issue became known by anybody . What a bad thing that for us. Our private data is on hackers' hand and they are gaining money by selling this data. Unfortunately, companies want to know very much about their customers and they have detailed database. As you know there is a principle which is called "the principle of least privilege" (PoLP). I think, this principle must be implemented strictly. By doing this, we are not going to be under thread, even though hackers reach to data, because this data is limited.

everything is not as scary as what you think because I know that the team of these exchanges has worked so badly when it leaves customers' personal information stolen. Everything can be done by money so to avoid this situation exchanges should cooperate with a company that has KYC expertise and security to make things safer.

Security of these exchanges are very low or their flaws might have be know to the hacker or there must have be an insider that leaked out the information on the exchange. Though there are still speculations of the possibility of the exchange making deal for the sales of the customers database.

If so, it means that those who have done KYC at the ICO are very vulnerable to losing their privacy,
because KYC from large markets like BITTREX and BINANCE are also traded, this is really bad

Now this is a teaching lesson for those who are doing KYC in order to get some few coins and they don't even know that they are selling their data and photos of their ID's. Why do you belive in strangers in the first place? And why would you involve into small projects who are asking for KYC when they don't even pass the KYC themselves so think again next time before uploading your ID.

I think that is two-factor authentication you are referring to. It is not KYC. KYC or know your customer requires people to send legal documents that prove that they are real people.

Stealing personal data is one of the worst consequences of kyc
The worst thing is that some airdrops ask kyc for some cents in the end
We must be very careful in dealing with our data.

There are disadvantages on  participating in KYC and that''s why I never uploading my identity in not reliable exchanges. We should not do KYC if we want to protect our identity. The IDs that we upload are vulnerable to hackers.

Only the people who are unable of what hacked data could be used for always speak for KYCs. A majority of people on this platform are against KYC but it seems none can voice it out and even if it is voiced out, nothing can be done about it. This is one of the negative parts of the blockchain industry, there are no central agencies to oversee some of these activities. People do what they want.

This is really serious. No wonder a lot of people have condemned the idea of requesting for a document for KYC especially the ICO. Many of this people are faceless people who also hide their identity but they always want people to provide a document for KYC. I could not imagine amounts of a document in that hacker disposal that he went so low as giving 100 documents for 10 dollars. This will sound as a warning and reminder for investors and anyone else interested in crypto to be careful in giving out their documents most especially international passport.

The sales of customers' data to the dark web has been an issue for years now . It has now become lucrative to sell huge data to the dark web. This is the main reason why most online workers do not heed to the idea KYC. This sold information are normally used to send phishing emails to all participants with their data attached.

Still waiting on actual proof.

News like this is what has discouraged some of my colleagues in joining the crypto space, although devs cannot be 100% perfect but in cases of kyc database daily maintenance and checks should be in place to tackle against situation like this. I'm not happy with this news because If this users details gets in other people hands it might be use for something dangerous.

Since the recent news of hack, I had been researching on Custodial and non-custodial exchanges thinking that if funds are safe with me in my wallet I am safe. But, this a completely new thing to me that KYC database has been sold. Now, I think one need to only prefer Non-custodial exchange with no kyc.

I found that the following two Exchanges are Non-custodial as well as NO KYC required.
1. CoinSwitch.co  (https://coinswitch.co/)
2. Changelly (https://changelly.com/)

It really scares me when I read all such discussions in forum. I have even been using Bitmex (https://www.bitmex.com/) which is custodial but, till day did not face any major issue using there site.

Thats why i always trust only third party services with history proof in market . Ofcourse i did KYC in bittrex and other exchanges to withdraw funds , but hopefully nothing bad happens with my Identity =D If that proof is real that it was leaked ... Maybe somebody trying to earn some money with FAKE kyc documents

that's why many people against KYC on ICOs, airdrops, giveaways or anything which trying to collect personal data
they hide behind KYC/AML or fraud-prevention policy but most of them just want to get your info
and we know those exchanges was breached (I think) at onetime in the past,
but how can we tell those data are really originated from those exchanges?
it sounds like marketing gimmicks, while their real source is just from ICO and Airdrops

People who don`t believe that, should just think about what is technically possible. Data is gold!
KYC is a piss take. Whoever is giving his identity away is just dumb and is "non compos mentis". KYC on crypto to fiat transfer. It´s ok, but not for bounties, ICO registering and withdrawing crypto from services (exchanges).

Good think I avoid sites that looks for KYC when joining the site. I always knew something like this might happen. No matter how secure they claim their service/exchange is, there is a slight chance the data might get hacked.
People should just be careful when handing over their KYC form, specially to those scammy ICOs. There are high chance that those failed project ICO will end up selling your data.

Its too risky to share your personal information and because of this many investors will doubt to come in if they are being asked to give their details. Bounties should not ask for this one or even the ICO’s not unless they already make their name in the market just like the top exchanges but I still think that there is still risk. If you want to be more private, then stop using facebook and other social sites.

How could you bypass a KYC verifications using only VPN and Google Auth? Aren't you aware what is KYC means? It just means that they want your real name and address while some of it asking for a any verified government ID's. Don't make KYC as easy as you think, it is not that simple.

Maybe what he means is about KYC still used only to increase withdrawal limits. Because he said in last year, when we put 2fa we get more limit, and if we do KYC, our withdrawal limit is increased again. Like we must pass any tier of security level in that exchange.

For bounty hunters, checking KYC has always been and remains illegal, because the task of KYC is to prevent the laundering of dirty money. We do not deposit any of our money in ICO projects and therefore should not undergo such testing. The KYC check is carried out at the end of the ICO, because the ICO team does not want to pay as much as possible to the bounty hunters we earned tokens.
KYC verification is only advisable for large investors in ICO projects and large traders on the exchange.

As bounty hunters, we need to immediately find out from the ICO team and the manager whether KYC checks will be conducted and, if so, leave such a project, no matter how promising it may seem. Bringing a KYC check is generally illegal for bounty hunters. This is an initiative of the ICO teams, which is beneficial to constantly keep us on the hook and after use, then throw them away without payment, because we have not passed their KYC test, in which they sometimes have certain impracticable technical issues.

In some exchanges it is not required to verify KYC, but of course the class on your account will be (low) and result in the facilities you get incomplete at the exchange, on some other exchange sites it requires yo do KYC. but whatever it is, hopefully the data we give, is not misused or sold to someone

it was terrible to think that our identity had leaked and was sold like that. maybe from both sides like from the platform increasing their security about their KYC hackers can't be hacked about information and for investors don't want you don't want to, because you give them about your privacy

It could be a shady ICO that lost the kyc data from a hack, or they simply sold it because their project failed and they were desperate for funds. Either way, avoid kyc projects or you will end up a victim

This only presents how vulnerable people will be if exchanges holding so much information missed the important part of protecting the identities of their customer. What could happen to people's identity if used for a very bad purpose? This hacker should be stopped and be caught for good to protect every innocent person from being harmed by possible bad intentions. Thanks for posting this! Maybe this will help people prepare if they are the ones affected.

every shit website need your ID
but they do not take care of it
what a shame!

How about that KYC from airdrops receiver, they are thousands of people who do KYC for a few cents of airdrops, I'm pretty sure there are a seller for these documents, the exchange are more credible than these airdrops..

We can do something for our identity to not be stolen by hackers. KYC is now part of rules and regulation, we can avoid our identity to be stolen if we will not participate in ICO and also if we will not upload our identity card in some exchanges.

We should be careful when we are giving our identity to the exchanges. Your post is one of the proof that our I.D. are vulnerable to hackers. We should only participate in KYC if the exchange is reliable and trusted.

I think KYC is good in a sense that it can prevent fraud but it is the responsibility of the exchange to keep our KYC safe.



That's even more scary as we cannot trust any ICO and if any ICO teams want they can misuse our KYC in the wrong way. Should be extra careful while submitting our official documents to ICO.

This could be one of the bad things that can be more widespread because of the SEC regulations in crypto as they put us our identity in danger. The ico's are force to require kyc but the documents submitted is not always been safe as per some outside people that's not belong to the board members are hired to check onto this documents as i know some people handling over it. I really don't like to submit any information on this kind of sites like they said: it is better to be safe than sorry.

This is a major problem and a sign that show us that to think twice when submitting our KYC information for anything online and specially new ICO programs these days request to submit them more often in order to receive tokens for our investments and now we know these things can happen once we submit our personal data to unknown companies or people because there are lot of criminals in the crypto world and we will never identify because everything is anonymous

Even if they are trusted it can be hacked,the hacker keep updating themselves along with the development of technology so don't choose a centralized exchange for converting large amount of cryptos but still no DEX are capable of doing huge among of transaction so for now better stick with the daily limitation and then move the funds everyday just by splitting it under the daily limit without KYC.

True. However we need to take into consideration that we have no idea how much they are investing on security and how many security professionals they are hiring to take care of the protection of data. It's pretty hard to defend them without that information publicly available.

The truth is a lot of companies still neglect security, which makes it to easy for hackers to break in and steal it. Remember that in the information age, information is power for those who know how to use it and for that reason it is extremely valuable.

This is the reason why I hate KYC. I heard those big companies will use these KYC/personal data to make AIs which will dominate the marketing industry. KYC is often used to execute sales and advertisement.

I hate it an app asks me to provide the personal data since I know those data could be jeopardized. I still imagine, what if facebook's data about everyone gets hacked and will be sold to some illegal organization will ruin anyone who they would like to ruin? It would be so scary. KYC needs attention and this is a serious one.

I am always in a favor of KYC but the recent incident has developed a lot of question about the safety of our privacy through KYC.  I mean how can we now trust the exchanges that they will not misuse our documents.
This is a serious issue as these documents can be used for criminal purpose worldwide.

This is quite alarming, imagine the amount of documents all these projects that have been conducted KYC being hacked or misused. I was wondering of all these project build on security, privacy and decentralization, couldn't they make an app or system that secures KYC in that way that it can't be leaked/hacked?

buy crypto through exchange services, like changenow and you won't be asked for docs and you'll be anonymous in web