Bitcoin Forum

You still think that your data is save on Centralized exchanges? Think again, today australian crypto exchange accidentally expose users information, over 270,000 customers data is exposed, what kinda mistake is this anyways?

https://ia.acs.org.au/article/2020/australian-crypto-exchange-exposes-emails.html

Privacy is a problem which is getting bigger every day.

You should consider that EVERYTHING you send online is (or will be) public known. If you send your passport to an exchange to make KYC, it can leak to third parties in several ways:

-They can sell your data.
-They can share your data with their partners, who can do anything they want with it.
-They can be hacked, like ledger  (https://coingeek.com/phishing-scam-targets-ledger-wallet-users-again/)was.

You should really consider the risks when sending photos, comments, information about yourself, documents or anything personal online. Avoid as much as possible.

However, we are soemtimes obligated to identify ourselves and share our documents.

It's not a must to share your data with centralized exchanges, I'd have advice you to start using DEX but we all know that DEX can't meet up with the advantages of Centralized exchanges, there are few top Centralized exchanges that allows trading and withdrawal with no KYC verifications like binance and huobi, there is only limits per withdrawal in 24hrs and that's cool enough, this is what I do as I can't share my data or use DEX

Once you agree to the terms and conditions of those CEX, then expect that your personal information is not safe anymore because I believe they are selling it on the black market and for sure, hackers also knows this thing. That is not a mistake, that’s the proof that we are not safe and yeah, this is the risk we should always consider.

That was a very unfortunate incident but we can't do anything about it. Because in the very beginning after we sign up and start using any exchange platform we must consider the possible risk that we might encounter along the way. like in the case of a hacking incident our funds and identity might be exposed like what happened in that so-called Australian crypto exchange, we have no choice but to accept it and hope that those data will not be used in any illegal activities. Because in the first place we are not forced to use that exchange and do the KYC in that matter it is our personal decision so let's face it.

These kind of data leak always happening everywhere, big platform like ecommerce and not to mention exchange and that's why it's always important to keep my data somehow ambigous in my opinion. However an exchange that requires KYC will become a disaster once the data got leaked.

These data leaks are unjustifiable and doesnt matter how much losses the exchange need to bear they should be responsible for the leak of hundred thousands important data.

User data aren't going to be safe with centralized exchanges in the first place, teams can sell data to other entities or hackers can steal data on their exchange, the only way to avoid this is not using centralized exchanges at all or stick with centralized exchanges that accepts withdrawal without any KYC verifications, Decentralized exchanges are also good options

Data safety is a lost battle for common users. Your data is stored everywhere and almost everyone without even a slight seriousness about it's safety. Personal data had been leaked from almost all of online platforms that takes it. Even the KYC sent to binance was leaked. You data also leaks from banks and even from government agencies. Google and other advertising network takes every of your data without your full consent. Your data are bought and sold sometimes illegally and mostly legally.

it's being said over and over already in the forum that CEX are often vulnerable to hacks and our data are not safe because authorities can request the users data from them. as long as exchanges ask kyc data from users, its not going to be safe for users privacy.

to be honest I'm not even sure now even the dex because if you withdraw btc and eth from dex and cash out going to your bank, it may be traced still going to you.

Authority is less your problem and in fact, Any business establishment like banks will give your bank details once they request since they are the Authority and they will not ask for it unless you do something unlawful like thief.

Let's face the reality, You can't keep your privacy safe as long as you are converting your BTC in Fiat because all transactions will end in the bank or similar platform that holds your KYC since its Fiat. Almost 90% of crypto user are trading back there asset to Fiat to take some profit.

so I read the news and it's leaked because the exchange uses external service for sending email and the email that was sent unexpectedly sent in batch including all other emails as recipient
Wow its actually crazy how an exchange, thats supposed to be competent in handling data and privacy of its customers do something this dumb lol.
the mistake feels like amateurish and leaked email is nothing to be underestimated since some people could send some phishing email to all these addresses.

Data is not safe anywhere so far its been given out. Whenever I give any data out to any exchange or any where.. I know Its not safe.

users or customers need their privacy safe, and this news bring bad news to centralized exchange
by the way, if like this i think 2021 will be the year of decentralized exchange

Data breach of such private, sensitive data is highly condemnable and i think the local authorities or regulators in Australia should take strict action against the exchange or atleast warn them to make the data secure or else the exchange will be closed down.

We know it's the exchange duty to secure user's data but everyone should note that, this data is safe with a third party, hence anything can happen to your data at any point in time.
It once happened to binance when users kyc data leaked in the year 2019, this isn't the first time we are experiencing data bridge. We should be careful when dealing with a platform that requires users information especially centralized exchanges.
Personally, I have two emails. One I used for non cryptocurrency activities, offline work and the one I used basically for online business, multiple registration on centralized exchanges. This way, if my online email is leaked, I don't bother because I don't do kyc since I'm eligible to withdraw at least 2btc in centralized exchanges.

NB: if you are scared of data bridge, use decentralized exchanges.

Yes, if you can just trade without submitting your KYC, the don't submit any doc. Because a lot of exchanges don't require KYC if you have daily withdrawal below 2-3 btc. So just take advantage of that opportunity, unless, you are a big timer in crypto, wherein you need a high withdrawal limit. And when you are talking about local exchange where you need to convert your crypto to fiat, usually they ask for ID, it is better not to submit your passport but other government IDs. We can never be sure about what will happen to these exchanges, even if they are boasting to have tight security protocols. Hackers are getting sophisticated because of the tools that are available now.

The most regrettable incident is that user data is not protected with strict security features such as a very valuable gem, very disappointed that 270k user data has been revealed even though the only name and email but many users will experience fraud caused by phishing and spammers in the email inbox.

Despite it's quite possible to use the withdraw margine set for non verified users, it's still not that safe. The can freeze your balance at any time and start asking for KYC (maybe a deep one). Everyone should be responsible for his choice, so either you chose centralised exchanges with real identity or enjoy less features with decentralised exchanges.

Yes because they shared our information into other institution that governing them and requiring them to do so and we should be aware of this one. CEX are working under the rules of the government and if they didn’t comply then they should not operate under that jurisdiction. Just make sure that your account is safe so hackers wont access your account easily, and keep on monitoring your account.

This is one of the problems we have been facing in a centralized exchange,


We should have realized and think carefully before submitting KYC since every personal information we have submitted online is prone to this issue. This is also the reason why most crypto users prefer to use an exchange without them having to submit KYC before they can activate their withdrawal in an exchange.

I think all these exchanges and other organizations should value more of the users' data and secure it by all means. Do we say they don't know what to do or how to go about it?
Thanks to project like https://bluzelle.com helping firms to safeguard their users data using the blockchain technology.
It's high time users data is being given priority to in the context of security!

I don`t think really big exchanges have so weak safety level, but sometimes they can`t defend from hackers attacks and many people lose their data. Of course, centralized exchnages are not safe, but I don`t think they don`t have it at all. They always try to improve their protection to avoid hacks, because their reputation depends on it

With every centralized services we're accepting a long list of terms and conditions. Within that everything gets included. Once after getting exposed, if we go for a claim we'll be described about some specific terms created for the arise of such issues. Data safety is important, and in the growing techn world it is possible, but human errors are inevitable. Firms won't do it in purpose, but at times it happens. Quite often we can see this commonly taking place with different networks.

This is one of the things that we always worry about when doing KYC anywhere, even at local exchanges where they have registered the legality and securities of the data we provide under the law. However, take a look at what the @bitmover:


Whether it's intentional or accidental, isn't it the same if our data is lost or exposed? still, this is related to the loss of our privacy. Meanwhile, in this case, we need privacy and it is unfortunate that the KYC system always endangers its users.
Maybe just with KYC using email without ID or a photo of ourselves, we still have a way to use our backup email. However, if it's KYC with our ID and photo, then this is the dangerous one.

As if we have more choices and we have to accept this fact because its happening around the world and not just on cryptomarket. Even facebook made a huge mistake on this one and I’m sure google is also doing the same thing exposing our identity to others, even banks of course so don’t panic and make a less exposure as much as possible.

I mean, yeah it can happen with practically any centralized service out there, not only crypto related.
Thats why one wants to use decentralized services and prefer it in every possible way.

No data is safe when it gets uploaded on the network servers so crypto exchanges are not an exception to this. If you never want to share your personal details on the internet then you shouldn't be using an services which asks for personal details and source of income like details then you can have your privacy to some extent.

No one guarantees that our data is in a centralized exchange, or any platform on the internet "SAFE", every platform on the internet must have its own weaknesses, it could be hacked.
Or what is worse could be that the platform owner sells his user data for personal gain.

It is very traditional story when we are talking about exchanges. People pay most of their attention on profit and store their crypto on exchanges. They don't care or pay very little attention on non-custodial wallets to save their cryptocurrencies.

Some people are careless as they store their 2FA activation codes, private keys, mnemonic seeds on online services. They think those companies are Google (Google Drive), Dropbox, Microsoft (Azzure) and thought the storage platforms they used can save them. Any serious things need to be backed-up have to be done offline.

Data breach, email breach, hacks only wait for carelessness and chances to attack us. Be cautious and be careful when you are in crypto and online. Protect your devices, secure your accounts, save your backups.

Even binance has been involved in controversy about this problem. There is no guarantee that Centralized exchanges are absolutely secure, except for stolen personal information your property can also be lost, but for Centralized exchanges you will also receive benefits and policies which the DEX doesn't have.

There are already too much of reasons to not store your money on the exchange if you are not a trader

this due to carelessness on the path of the exchange management. management has the responsibility of protecting users' documents. but this does not mean all CEX are nonchalant with users' document.

Why would anyone trust centralized exchanges with their data? If you don't know you should, the law and government have the power to ask any centralized platforms for their users information and thy have to abide, it's the whole idea why decentralized platforms should be the right place to be but unfortunately centralized platforms better forcing many and myself to stick with CEX

I guess the exposure was a mistake by the company rather than a hack? Thought they should be deleting customers private identities, or at least hide them somewhere until they are needed by the authority for what they where collected for. Unfortunately, it's hard to trust the centralized exchanges/platforms to keep people's private data safe

I have already understood that for large companies we are human beings. It has long been proven that Facebook and Google sell user data. Or use them for their own purposes. But do not forget the human factor happens everywhere. Such a mistake has fully taken place.


Therefore, decentralized exchanges will develop. Perhaps this is a decentralized revaluation.

There is one thing called reputation in crypto space and it's very important for any project that wants to take their platform to a higher level that's why you can never see binance exchange going back on their words, limits are been put on withdrawal for those who don't want to go through any verifications to avoid illegal fundings, forcing KYC on users is ruining their reputations unless the user try cheating the system

no system is completely secure, all systems have loopholes so you have to be really careful to store your assets in exchanges or centralized wallets even though it helps you to collect various assets in one wallet but it is very risky
This is my suggestion that you better store your assets in your own wallet, not in a centralized wallet

When you consent to the terms and conditions of those CEX, at that point expect that your own data isn't protected any longer since I accept they are selling without your permission. That isn't a slip-up, that is the evidence that we are undependable and better believe it, this is the danger we ought to consistently consider

I well understand your point but let me give you this nice example:
daily withdraw limit for non-verified users in Kucoin is  btc, and as i can remember it's 2 btc in binance.
2-5 btc daily is also a big money and in their TOS the platform has the right to suspend withdrawals for any user even just by suspection especially if find someone reaching the daily withdraw limit everyday; in simple words, if you want to lunder 20 btc then just split it into 4 and use Kucoin to withdraw 5 btc everyday.
That's how i think we shouldn't use centralised exchanges if we are not ready to go with KYC procedure.

It's an exchange, and it is centralized so what should we expect? There's no system that is safe except those that are decentralized and audited many times. The problem is just that if the decentralized exchange encountered an error, it will be hard to fix as there will be no one guide or contact except the developer of the platform. But since it is decentralized, the developer basically doesn't have the responsibility to supervise each and every user. Meaning, use the system at their risk.

Going back, Centralized exchange has a feature that could help the users to somehow regulate their accounts, but this is the downside, their personal data needs to be collected and if there's a massive breach, it could be exposed.

Privacy is a great concern in cryptocurrency and this is the reason why some will consider DEX unless they hold big amount of crypto which is not even advisable to put on any exchange. users data can be hacked into and sold on black web. If big corporation such as google are facing issue of data leak, I do not think it is something strange if we see the same thing happening to some centralized exchanges. This is the reason why it is very important to be carryout security auditing ones every month and always seek for the best technology to protect users data from blackhat hackers. It would be a big mistake if truly the company mistakenly leak the users data. They are going to face a little setback because people will not trust such platforms with their information anymore.

If you care so much about your information and identity pls don't go near Centralized exchanges, even if top exchanges are more reliable because of their reps they can still become victims to hacks and vital informations can be exposed, DEXs wins the data security in crypto space, it's why I wish that DEX can be as good as Centralized exchanges someday.

I think most of the members here know that except for newbies of course.
The ones who just started knowing what cryptocurrencies are and then exchanges.

Also, the reason why I don't do KYC's on some exchange platform.
Binance for example. You still have a 2 BTC limit so if you are trading below that then, there is no need for a KYC.
You are in Bitcointalk. Discussions about privacy mean a lot.

If it is a big centralized exchange，that should be relatively safe，but it's certainly not foolproof. And the important is，we all know decentralized exchange is better，but the reality is the trading volunme of centralized exchange is much larger than decentralized exchange‘s. So i think that existed is rational.

This is a normal thing, that’s why we as individuals has to be very careful. Centralized institutions will always tell you that they are offering the best of security, but at the end there will likely end up being an issue of identity theft where they will lose their customers' information to hackers. This is not an issue with only cryptocurrency exchanges, it happens everywhere, you sign up with your email and info and due to some hack or bug on their system they will expose your info.

I am always cautious these days with the kind of information I am putting online these days, so that I don’t end giving an information that will affect me later in the future.

your asking if what kind of mistake is that of course it was accidental or accident and they didnt mean it to happen so dont judge them too quick . i think that mistake do happend to on fb and on other site if i still remember , see ? they arent alone to make that mistake . we cant also say that we wont give our personal credentials online because we also need the service and we cant use them if we dont comply on that simple rule . lets just hope that your data arent going to be used for bad purpose if your one of those affected in the accident .

When you give money to the exchange, you should expect that you will not receive it back because you may be asked to provide documents, money can be stolen from the exchange or the api key can be stolen be responsible for trading ;)

I don't think that many people still believe in data security anywhere in the Internet. If they do they're young or childish.

Even banks and other big and regulated companies had leaks. Facebook comes to mind as one of them.

Centralized exchanges can not only leak data but also have it stolen by its employees or even sell it. There were exchanges that went bankrupt and then sold user data to make some money.

Still, this is definitely a problem with CEX which is currently complicated to solve, as they have complete control over the customer's account. they can easily freeze the assets on the account if they think it's "suspicious"

Centralized exchanges are all under the law, SEC have power of them, they can easily be regulated as well but not decentralized, that's why we need more DEX in crypto space, not just anyhow DEX platforms but DEX with better and easier dashboard, less confusing to newbies, presently only Uniswap makes sense, others are rubbish

There will definitely be problems with centralized exchanges in near future, if government and law gets too closer to centralized exchanges they will start losing customers and people will be forced to stick with DEX and accept DEX problems as it is, people like having control over everything and that's what DEX is all about but due to lack of volumes many have no choice but to stick with top exchanges, that might change any time soon

Users data aren't safe with centralized exchanges, even if a certain exchange plans to never expose or use users data all centralized exchanges aren't above the law, I prefer using CEX over DEX, no doubt about that but if centralized exchanges feels like unsafe haven for traders many will abandon CEX, moreover DEX has better security, total control of funds, DEX only lacks volumes

Everyone should be careful when it comes to centralized exchanges. I suggest that you should not use your personal email and of course password which you use in other places.

People are afraid of their data now? I mean for the past 20 years online business and companies have been collecting as much data about you as possible, they have been giving you tests to solve like a joke or entertainment while on the backend use those answers to sell you stuff and basically use you like a wallet for their services, and NOW you are worried about your data?

Believe me, between what Facebook and Google type of companies do, these crypto world will be nothing comparatively speaking, there are trillions of data not only at the hands of one of the cruelest business ventures in the world, but also there are a lot of your data leaked into online worlds for anyone to use or sell if they want to. So, giving few KYC information to CEX will not change anything at all.

People are afraid of their "data" being stolen in everywhere they go online, they are afraid that their information will leak into internet and will be there forever. What people are forgetting about is the fact that most of the time when there is a data available to sell, it is not your personal information most of the time, it is more about what you like or dislike so that these places can sell it to marketing companies and other companies who would like to sell your something.

You think facebook really cares who you vote for? Or which brand of coffee you like? They do not care about it at all, but they will take it so they can sell it to coffee brands in order to try to sway to their brands. Centralized exchanges do not have any information that people could really use, if hackers can get to your money that is fine, but that is about it of what you can get there.

You know dude i am not surprise at all. You can see this kinds of gossips everyday on internet. You will probably find this news like app selling data information. Nowadays application personalal data is mostly selling online. It was happened before USA election.

It's most causes online survey application. And now with cryptocurrency data information. I heard some days ago about one exchange, "i forgot" actually it's happening majority times.

It is not at all error, this is a problem due to outside influence, maybe the hacker has broken into the database and tried to steal it to sell to the outside. All exchanges that require KYC to do so intend to sell all of our information.
Even with Binance, they do the same thing. When tens of thousands of KYC sets were leaked in 2018 by a hacker, they alleviated users' anger by allowing them to transact without KYC. But anyway, it all came out and exchanges have the same mechanism. So we should only trade with exchanges that don't require KYC provision, which makes it much safer for us.

Presently binance and many other top exchanges haven't compulsory KYC to their users, if you aren't trading with huge amount of money you won't have problem with the limited 24hrs withdrawal on binance exchange and other top exchanges, to say the truth DEX isn't a good place for trading but if in near future the SEC or law force top exchanges to start rejecting non-verified users off the Exchanges we will have no choice but to complete the KYC verification

Don't talk data safety when you still trust your data to an exchange in which you don't even know who's the team running that exchange. Imagine handing over credentials to these strangers.
Leaked email is some measly thing compared to the valid government ID being leaked. But, people always overlooked such thing and let it go as if it's not gonna give them bad effect in the long run.

It would have been great if this is all there is to centralized exchanges and users data but no, things won't end up like you said, centralized exchanges have no power to neglect whatever the law wants, sooner or later they will have to abide or face the consequences, of government entities need users data for tracking purposes who dares says no? We might end up trusting DEX only later on

Data privacy is becoming a huge challenge in the world not just in the crypto space, but talking about data safety in centralized exchanges is a long discussion because there are many things to put into account. First centralized exchanges have enough volume and good user interface and this makes them very attractive unlike its counterpart decentralized exchanges, thus to enjoy more trading in most exchanges like Binance, you will need a verified account. Also, most centralized exchanges now supports fiat withdrawal and the first step towards withdrawal is having a verified account, thus you can see most times users have no choice than to do what they have to do in order to make it easy for them. And lastly, centralized exchanges most of the times, acts on the directives of the law enforcement.
But however, all these doesn't outmatch their incompetencies in securing users data thus should take full responsibility for their failure in that. This also means that, users should at all times take every step to protect their data, in whichever way they can, there are good Dex, P2P platform are also there etc. 

The internet is evolving with each passing year and the security methods are following this evolution line and with crypto it's no different. So, as the comment above said, at the moment we do not find any 100% effective security and that we can trust all of our information and finances and what we can do is hinder some access or resort to the justice of your country to ensure your rights.

Tale your time to open the best DEX website (Uniswap) right now and you will see a warning sign about some scammers creating fake tokens and sell them on uniswap, how can you say that DEX is safe? If you lose money to cloned tokens you aren't getting a refund, if you lose money to top exchanges there is a chance of getting refunded

First of all I would suggest not to give your data with centralized exchanges to anyone because they can do a lot by stealing our data. But yes I also say that when we are involved in this type of cricket we need it for buying and selling so I can talk binance and huobi for my convenience, and I have done so. There are many exchanges where you don't have to give any data and for that you have to work within their limited. That means you have to work at your own risk.

This can really happen, but not all over the world.
Regulators operate in certain locations, which means we can always find a large exchange that will provide us with the necessary functionality without having to go through the identification procedure so hated by many.
Binance can request identification at any time if they don't like something.

You are right. Not your keys not your coins irrespective of precaution measures you took. It's very important we always remember that no matter how secure how centralized exchange is, they can be hack and your personal information and assets can be toy with.
One can used personal email and password, it all depends on how secure you are with your account, I believe every crypto exchange has a 2FA which can be another precaution and measure for safeguarding once account.

Most users are not yet ready for decentralized services. They prefer centralized exchanges because of convenience and are even willing to turn a blind eye to privileges such as privacy, security, and freedom. Many people still do not understand all the advantages of working with decentralized exchanges.  :-X

Are you saying that to tens of thousands of people who are actually forced by centralized exchanges to disclose their personal data?
Alas, for most traders in need of good liquidity, there is no choice. They have to put up with the fact that exchanges receive their personal data in exchange for providing a quality exchange opportunity.