Bitcoin Forum

Recently, there have been series of data and financial hack by hackers from exchanges and kyc verification firms entrusted with customers data, information and funds. The most recent is that of the 1billion Chinese data hack and hacker demanding for 10 btc as ransome.
I strongly believe that information and data of citizens are to be treated with utmost care because it's a private affairs so must be accorded due respect but when the third party entrusted with such information can't show any credibility and reliable feature in playing their role what happens?
It is unfortunate that data information of clients can't be protected with utmost care as a result of breached security measures.
Now I ask though it sounds funny but to be realistic, this is the reality. Who is to be blamed for funds hacks, data leak/hack? Is it the government, security agencies or the kyc firms or the sole organization that demands all customers must under a kyc verification process. Your genuine opinions are all welcomed.

https://www.washingtonpost.com/business/2022/07/06/china-hack-police/

There are no clients here. They are citizens.

People are forced to give their data to Chinese government, who cannot even provide the minimum security to handle that data.

Chinese state is a Surveillance state. Data from about 1 billion citizens was leaked.


https://techcrunch.com/2022/07/07/china-leak-police-database/


In China there is a law to protect citizens of misuse of user data  by private companies, but there are exceptions for government agencies.

As bitmover pointed out, China itself doesn't care about privacy, so I don't think this data should be "treated with utmost care": it should not be gathered and stored in the first place. And while the government of China can't be blamed for the hack itself, it should not have gathered the info about their citizens. Who knows, maybe the data was leaked precisely to show how much China as a state knows of its citizens. So I think better privacy laws, not more KYC requirements, could be a part of the solution. And using surveillance not to monitor regular citizens and what they say about the Communist party, but to look for real criminals.

Data leakage from China is unavoidable, even if it is considered a normal action for the government itself to allow access to personal data where it is permitted. I think the government here doesn't care about the safety of its citizens.

Back to the public access that is so easy to provide data without ever thinking that what they provide, is an action that drags the data into the publication area. Because the police give free space to be traded, the pretas proudly explain what is sold to the public on the basis of ignorance of people who provide data for free. Based on the article you shared, the victims still don't realize that their data is being sold.

Why open a thread like this when there is a topic where you could have asked your question about the specific event -> https://bitcointalk.org/index.php?topic=5405252.0

Bitcoin is completely irrelevant in this story, as it has been countless times before, because ransomware has been around since 1989 and has never been exclusively linked to Bitcoin. Hackers who ask for a ransom in Bitcoin are not very intelligent, because the anonymity they obviously want to achieve is actually the way they will be caught sooner or later.

There's no reason kyc data should be stored online, there's no reason most personal records should be stored online either.

If you have a central library of all the information stored in ways they can't be easily exported (such as: paper or microfiche) by people who don't care about the privacy of the data they need to protect then they'll find it time consuming to export and publicise even a few records (and will probably be easier to find).

Prevention is better than cure Perhaps it is best to try to reduce your access to the Internet and provide as little data as possible.
We can first blame users for providing their data to neglected third parties, and then to the state for not protecting customer data, and finally to the platforms for being interested in profit in exchange for privacy.
But do not forget that any system can be hacked, so if you want to maintain privacy, do not share your data.

Users are responsible for what they do. Where they visit, what link they click on, what platform (legit or not) on which they use email to register, enter account password and more.

If users are carefully with what they do and have basic knowledge about security, privacy they will have good practice that keeps them safe from hacks.

Exchanges or antivirus softwares can not protect you from all threats. Like if you jump into a massive mud, how do they exit completely clean?

Store it online and let it exposed to more risk. Between online and offline, I think there are more online risk than offline risk.

seems you fell for it...

china is not a surveilance state. you been watching too much fox news..

there are more CCTV camera's per populus in london than there is any other country in the world, including china
also police do not have records on 70% of the population..

shanghei does not spy on the hundreds of millions of chinese in villages dotted around the country.
(you need to learn that not everyone is in shanghei under camera monitoring, using digital cash... majority stil use paper cash. (yes paper cash still exists go to any travel agents and exchange yoour dollars for YUAN, i promise they wont ask you to register to be a CNY citizen just to use cash))

this whole gimmich is a clickbait campaign.. intended to make china look bad by making people assume the worse.

oh and 23kb per person of 1bill population(the assumed 23TB collection). is not much data per person.. heck its not even a 'mugshot' in SD photo format. let alone bank records criminal records and medical records of everyone.


take it from another approach..
if some lame hacker said he had record details of 230million americans stolen from a ohio police station containing all bank, criminal and medical records.. would you believe it.. .. no you would not

even if you cast aside the surveilance state myth that that a ohio police station had everyone on file.. just the limited amount of bytes per person shows the information is not as full as advertised

There are many hackers and scammers who use bitcoin because of the privacy they can get from it but also there are other hackers who don't sue bitcoin and other cryptocurrencies for their activities and this cannot be all on bitcoin and other cryptocurrencies because years ago because bitcoin the hackers were doing their own activities and using or not using bitcoin didn't change anything about them and crime they do, also the only one to be blames is the person who was the victim of them because of lack of knowledge, not bitcoin, even if they regulate everything and ask for KYC from everyone still we cannot be sure to say the hacker can be tracked by the governments.

Statistics claim the majority of electronic data breaches are inside jobs. Disgruntled ex employees or current employees.

A good percentage of ransomware attacks involving crypto are state sanctioned attacks credited to north korea. Electronic attacks planned and executed by nations are difficult to defend against. In the past we have also seen the united states and israel credited with carrying out stuxnet attacks on irans uranium fuel centrifuges.

There is an arms race of electronic vulnerabilities being collected and stockpiled by countries who have zero day attacks stored in vaults. There are many undocumented and unknown exploits to software applications and operating systems used by millions worldwide. There is simply no defense for it. Being patched up to date, won't defend an undocumented vuln that was never released to the public.

Of course governments, intelligence agencies, the corporate sector and approved security practices also factor in. Government and intelligence want backdoors built into everything. The private sector wants monitoring so they can earn extra profits selling end user meta data to the highest bidder. The electronic world is opaque with the inner workings of software and devices being a mystery. If people want things to change, they could push for greater transparency and broadscale adoption of open source code to avoid exploitation and abuse. But I don't think people would recognize the importance.

OP can I ask you this, did all the vices you mentioned begin with Bitcoin? If not then why are you even asking such a question, even before I learnt about Bitcoin I always known that Hack existed and so does ransom, placing Bitcoin as the spear head agent of crimes is crazy, Bitcoin Is a commodity and can falls in anyone hands and if the holder uses it for a wrong purpose then they should be caught and booked

None is to be blame, if you ask me i will tell you that more times over again with the reason being that if you're in their place you could do worse, things would have been well administered to if done appropriately, why using an exchange that could place you on the lane of loosing your privacy, data and coins by their policy and politics, or probably got hacked all of a sudden without remedy left.

The blame is not related to the bitcoin,the ransome using the bitcoin as the medium for transaction.Because same ransome used the usd for the transaction,So it’s essential to blame the usd .No,because it’s just the currency of one country.Likewise we can’t blame the bitcoin for the same.The sources of the crime is ransome and terrorist activities and not bitcoin.

For ransomware attacks, we cannot blame the medium (currency) to be responsible for these attacks. I know bitcoin is a digital currency and it is easy to get money in bitcoin in a ransomware attack but this does not mean that before bitcoins, there were no ransomware attacks.
The criminals or hackers are the ones who are actually the ones who do these unethical activities and it does not matter if they use bitcoin or fiat currencies.

There are multiple layers to security and there are differences between a LAN and a WAN. Why are companies storing all the KYC data on their WAN and not on external storage that are being archived and not connected to the WAN.  ???

They can process "new" applicants data online.....and once that is completed, they can shift that data to offline storage to reduce the chances that hackers could get access to that data.

So the blame should be with the people responsible to safeguard it.  ;)

Neither. It's the AV and operating system companies' faults for not building hacker-proof systems in the first place.

This might sound incredulous to most of you at first, but I have already stated that security as we know it must switch from being a mere defensive wall (aka. brick wall or barricade around the computer) to an outright offensive militia that disables hackers' invading PCs and servers, or maybe even a "Corps-as-a-Service" if you are daring enough to implement that.

You simply cannot expect every company in the world to have enough wall to withstand the penetrations caused by the shells of the hackers' devices (guns).

Do you really think so that disgruntled employees can be able to mutter up such gots to that extent of doing such? It's unfortunate that such occurrence can be tracked to employees of organizations if they do such. I think if such should occurr as a means of negligence from their employer, the should seek other means for a redress instead of taking such wicked and drastic measures against their employer and organisation.

No doubt as you have stated that organization want to make profits by letting government in through the back door seems this is most likely a point and spot for such but it's disturbing after luring customers into kyc verification and also involving in such act betraying the trust of your customers on you. It's quite unfortunate.

Finally people make a statement, understanding the pseudonym feature of bitcoin hackers have taken control ove the system requesting ransom. Here everything gets connected to bitcoin in no time, but the truth is that the system have got security issue and the same is being used to breach into the network and request ransom. People need to understand what is really happening when a ransom attack is done than indicating bitcoin as the reason.

It's a complex issue with no simple answer. There should be a robust digital identity systems instead of everyone uploading photos of their passports to every website that asks them to. And governments should be adopting privacy-protecting laws. And companies should be punished for these customer data breaches, so that they would be more incentivized to invest in their security. Also, companies who illegaly obtain hacked data and use it should also face consequences.

But the question is, how they would know it? If ever companies are accepting or buying those hacked data? For sure it would be  done on a system where it cant really be known nor be seen which is just common

sense and thats why they are really that confident when it comes to this manner.Yes, we could actually blame but what action we would able to take against them if something cant really be traced up and
cant really be known due to that decentralized and anonymity behavior?

As an individual then we should really be mindful on completing on whats been asked or trying out to comply even if its not necessary or mind off if the company is really
worth off for you to give those informations.

I try to keep it simple and look at it than rather who is to be blamed, what is it to be blamed?  Examining from the what perspective, the common thread is greed- whether from hackers (big hit/heist), users (quick $$$/moon), exchanges (more users, more shitcoins & more shitcoin promotions=more fees, more revenue, more crypto to lend out to take more risk to, you guessed it, generate more revenue).  Most other issues revolve around greed, for ex., why didn't the exchange have or practice better security; why do some of these companies have shitty network security; why did user not take better precautions; why didn't user educate themselves a little more; etc.  The next would be ignorance whether willfully or truly, examples- being too trusting to complete strangers in the crypto world, esp with no vetting; little initiative in learning about at least the basics. I could keep on going but being aware of at least these 2 and issues that revolve around them and entities solving for them would IMHO cut the rate of incidents and successful ones down by about 50% at the least.

They will only use contact numbers/emails to spam random offers if it is traded with a public service/entity for marketing purposes.

More sensitive data is generally traded to individual buyers and uses that to start blackmailing owners or as material for verifying financial services. Furthermore, they can do anything in the name of another person's identity including financing illegal activities.

About the specific question of the OP, of course Bitcoin cannot be blamed in my opinion. This is the same when your pitbull attacks another dog or a person. This is not dog's fault. This is th eowner's fault who knows he owns a potentialy dangerous dog, yet fails to take proper care of his dog, such as training his social skills, release his energy in a daily basis, walk him with a leash, etc. Or in another comparison, this would be like to blame a gun itself for a shooting. The gun doesn't shoot by itself (unless some malfunction is triggered by some weird event). The owner is to be blamed!

So, I don't think Bitcoin is to be blamed for any hacks, ransoms or such. The person behind the hack and probably the persons who failed to provide security that allowed the hack should be blamed instead!

Obviously the agency who is responsible to keep the data safe, including bitcoin into this story is irrelevant because ransom is existing here before the invention of Bitcoin so the medium has changed. However even if the funds transferred to the hacker via Bitcoin network then it can be traced so the hacker can't convert it into Fiat in any legal form.

The Chinese government requires sensitive data from the citizens, but it doesn't provide a high enough level of security, in order to protect this data. All the private companies are required by the law to impose KYC verification. I'm sure that many private companies have higher standards about data security, because in case of a hack/data leak, their reputation will be destroyed and their business will do downhill.
Anyway, playing the blame game is meaningless at this point. Who is going to sue the Chinese government for not taking care of private data, that belongs to it's own citizens? China is still a totalitarian country.
Bitcoin is irrelevant to this topic. The hacker could have asked a Monero payment for the data.

I guess you can't really pinpoint as who is to blame here, this government agencies should be working hand in hand with other agencies too. So there is no single point of entry for the hackers, maybe other government have the same exact copy of those leaked Chinese documents. For the government though, this is going to be a good lesson for them, specially how big and secretive and authoritarian government the Chinese is. For sure some heads are going to roll on this one as this has been reported in the public already and it makes the government inept and incompetent.

and after that the leakage data will still be end up on internet forever just like viral video which is so bad.

---

hack on bitcoin or mostly happen on DeFi nowadays you can see on https://rekt.news/ is crazy amount of money and this keep happening in every year. i know that most platform will die because of hack like MTGox did or try to survive.

but in the positive side so many hacker attack will be a tools to us learn against future attack

This is a complex situation and I think awareness and upgrading our knowledge technically has become much more important. The hackers will not stop and bitcoin not being centralised becomes our responsibility to protect our wealth.

In these situations there is no one to put blame on. I believe we should be alert and be able to identify such traps.

That's the job of hackers, always finding vulnerabilities to gain something for themselves.
So it is your responsibility as a user to take care of your funds. Third party sites has only limitations when it comes to security.
Be aware of what you are doing over the internet because you may be putting yourself at risk without knowing it.
No one will take care of your funds but yourself. As much as possible, update your security protocols more often.

This is a delicate situation and a discussion which can go very in-depth, but here is my thinking process regarding this matter:

- KYC is required so that criminal activities are contained  and that is a good thing.
- However the problem is that regulation should be much harder in respect to data privacy and protection. Firms who are required to collect personal information like IDs and proof of address documents should not be allowed to function unless they have proven they have the capacity to secure them properly.

In the Chinese case, the fault is borne by the government. It is scandalous that such a high-level institution was not able to keep the data safe from hackers.

I will attribute the users as the major causes to this menace because if a wall never crack there will not be a space for lizard to crawl in, to an extent it has been researched that users gives way in for an attack on their asset because the failed to know how to protect themselves from the intrusion of an external body against their asset, some uses centralized exchanges, visit website indescriminately, download unsolicited stuffs online, reveal their keys and lots more which shouldn't be handled the way they did, some may be out of negligence while some lacks the knowledge to how they can keep safe.

I totally agree! Who knows. No one can be trusted when it comes to money.

It is rarely impossible to avoid the internet this dispensation. Talking of data access, most people got themselves engaged in activities that requires such steps and process so therefore they would need to undergo the process to have access to their funds. You cannot for the fact about data breach ignore your funds for that matter so you would need to undergo the process so as to have access to it having it in mind that you are not the only one undergoing such process so therefore you would be at ease doing your task fulfilling the requirements. i just think all these data breach is as a result of negligence and carelessness of the organisations entrusted with the data of individuals.
like you have said that any system could be hacked. That is certainly sure because it just can happen t anytime but the custodians of data should be able to protect the data of their clients with utmost care and trust.