A KYC database sold on the Darkweb ?

[Snaic]

it's something scary, now KYC can also be hacked, I really don't think the darkweb site is really dangerous

No, dark web is a really dangerous site. There are a lot of illegal things that are ongoing there and anyone who gets there can get involve in crimes. Now, this proves a lot of things about KYC. It is not good and it is not safe. As a bounty hunter, we should not deal with KYCs anymore because of the risks.

For bounty hunters, checking KYC has always been and remains illegal, because the task of KYC is to prevent the laundering of dirty money. We do not deposit any of our money in ICO projects and therefore should not undergo such testing. The KYC check is carried out at the end of the ICO, because the ICO team does not want to pay as much as possible to the bounty hunters we earned tokens.
KYC verification is only advisable for large investors in ICO projects and large traders on the exchange.

[Ozero]

Now this is a teaching lesson for those who are doing KYC in order to get some few coins and they don't even know that they are selling their data and photos of their ID's. Why do you belive in strangers in the first place? And why would you involve into small projects who are asking for KYC when they don't even pass the KYC themselves so think again next time before uploading your ID.

As bounty hunters, we need to immediately find out from the ICO team and the manager whether KYC checks will be conducted and, if so, leave such a project, no matter how promising it may seem. Bringing a KYC check is generally illegal for bounty hunters. This is an initiative of the ICO teams, which is beneficial to constantly keep us on the hook and after use, then throw them away without payment, because we have not passed their KYC test, in which they sometimes have certain impracticable technical issues.

[mornabo]

That's the weakness of KYC and we had a taste of it when facebook got hacked and another one when this forum's database got stolen. I miss the times when we could trade freely without having to deal with KYC on sites like bittrex and poloniex, but things change. Unfortunately, in most cases they change for the worse.
I used to be and still am against KYC and government agencies trying to oversee crypto trading, but reading the posts of some forum members here makes me thing that I'm in the minority. 

VPN + download Google Auth for PC = No more KYC 
I tried as a test 1 year ago and I successfully bypass all KYC verifications, I forgot on which one of exchanges... it was one of the most popular.

How could you bypass a KYC verifications using only VPN and Google Auth? Aren't you aware what is KYC means? It just means that they want your real name and address while some of it asking for a any verified government ID's. Don't make KYC as easy as you think, it is not that simple.

Maybe what he means is about KYC still used only to increase withdrawal limits. Because he said in last year, when we put 2fa we get more limit, and if we do KYC, our withdrawal limit is increased again. Like we must pass any tier of security level in that exchange.

In some exchanges it is not required to verify KYC, but of course the class on your account will be (low) and result in the facilities you get incomplete at the exchange, on some other exchange sites it requires yo do KYC. but whatever it is, hopefully the data we give, is not misused or sold to someone

[naufals4]

Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web?

https://www.ccn.com/hacked-customer-data-from-world-leading-cryptocurrency-exchanges-for-sale-on-the-dark-web/

"On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.

According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.

The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service."



A few days ago, this also made news :

https://www.techspot.com/news/78317-leaked-database-exposes-87gb-emails-passwords.html

it was terrible to think that our identity had leaked and was sold like that. maybe from both sides like from the platform increasing their security about their KYC hackers can't be hacked about information and for investors don't want you don't want to, because you give them about your privacy

[kelz1]

It could be a shady ICO that lost the kyc data from a hack, or they simply sold it because their project failed and they were desperate for funds. Either way, avoid kyc projects or you will end up a victim

[PlusOne88]

This only presents how vulnerable people will be if exchanges holding so much information missed the important part of protecting the identities of their customer. What could happen to people's identity if used for a very bad purpose? This hacker should be stopped and be caught for good to protect every innocent person from being harmed by possible bad intentions. Thanks for posting this! Maybe this will help people prepare if they are the ones affected.

[q3579338]

every shit website need your ID
but they do not take care of it
what a shame!

[taguig]

How about that KYC from airdrops receiver, they are thousands of people who do KYC for a few cents of airdrops, I'm pretty sure there are a seller for these documents, the exchange are more credible than these airdrops..

[Savemore]

Hacked Customer Data From World Leading Cryptocurrency Exchanges For Sale On The Dark Web?

https://www.ccn.com/hacked-customer-data-from-world-leading-cryptocurrency-exchanges-for-sale-on-the-dark-web/

"On a darknet market called “Dread,” a vendor going by “ExploitDOT” is attempting to sell user data from the know-your-customer (KYC) data top cryptocurrency exchanges ask for, required by most jurisdictions.

According to data shared with CCN, the hacker has an ad that has been online since July 2018, in which he claims to have hacked documents used in KYC checks – including identity cards and drivers’ licenses – from users of top exchanges like Bittrex, Poloniex, Bitfinex, and Binance.

The data is seemingly for sale for $10 per 100 documents or more, with discounts applying for those who buy in bulk, all the way up to $1 per 1,000 for an order of over 25,000. CCN was able to independently verify the ad on the dark web, which is still online. No links to it will be added to avoid promoting the service."



A few days ago, this also made news :

https://www.techspot.com/news/78317-leaked-database-exposes-87gb-emails-passwords.html

We can do something for our identity to not be stolen by hackers. KYC is now part of rules and regulation, we can avoid our identity to be stolen if we will not participate in ICO and also if we will not upload our identity card in some exchanges.

[Bosx1ne]

We should be careful when we are giving our identity to the exchanges. Your post is one of the proof that our I.D. are vulnerable to hackers. We should only participate in KYC if the exchange is reliable and trusted.

[virasog]

That's the weakness of KYC and we had a taste of it when facebook got hacked and another one when this forum's database got stolen. I miss the times when we could trade freely without having to deal with KYC on sites like bittrex and poloniex, but things change. Unfortunately, in most cases they change for the worse.
I used to be and still am against KYC and government agencies trying to oversee crypto trading, but reading the posts of some forum members here makes me thing that I'm in the minority.  

VPN + download Google Auth for PC = No more KYC  
I tried as a test 1 year ago and I successfully bypass all KYC verifications, I forgot on which one of exchanges... it was one of the most popular.

How could you bypass a KYC verifications using only VPN and Google Auth? Aren't you aware what is KYC means? It just means that they want your real name and address while some of it asking for a any verified government ID's. Don't make KYC as easy as you think, it is not that simple.

Maybe what he means is about KYC still used only to increase withdrawal limits. Because he said in last year, when we put 2fa we get more limit, and if we do KYC, our withdrawal limit is increased again. Like we must pass any tier of security level in that exchange.

I think KYC is good in a sense that it can prevent fraud but it is the responsibility of the exchange to keep our KYC safe.

it's something scary, now KYC can also be hacked, I really don't think the darkweb site is really dangerous

No, dark web is a really dangerous site. There are a lot of illegal things that are ongoing there and anyone who gets there can get involve in crimes. Now, this proves a lot of things about KYC. It is not good and it is not safe. As a bounty hunter, we should not deal with KYCs anymore because of the risks.

For bounty hunters, checking KYC has always been and remains illegal, because the task of KYC is to prevent the laundering of dirty money. We do not deposit any of our money in ICO projects and therefore should not undergo such testing. The KYC check is carried out at the end of the ICO, because the ICO team does not want to pay as much as possible to the bounty hunters we earned tokens.
KYC verification is only advisable for large investors in ICO projects and large traders on the exchange.

That's even more scary as we cannot trust any ICO and if any ICO teams want they can misuse our KYC in the wrong way. Should be extra careful while submitting our official documents to ICO.

[Apened]

This could be one of the bad things that can be more widespread because of the SEC regulations in crypto as they put us our identity in danger. The ico's are force to require kyc but the documents submitted is not always been safe as per some outside people that's not belong to the board members are hired to check onto this documents as i know some people handling over it. I really don't like to submit any information on this kind of sites like they said: it is better to be safe than sorry.

[Sithawaka]

This is a major problem and a sign that show us that to think twice when submitting our KYC information for anything online and specially new ICO programs these days request to submit them more often in order to receive tokens for our investments and now we know these things can happen once we submit our personal data to unknown companies or people because there are lot of criminals in the crypto world and we will never identify because everything is anonymous

[Thanasis]

We should be careful when we are giving our identity to the exchanges. Your post is one of the proof that our I.D. are vulnerable to hackers. We should only participate in KYC if the exchange is reliable and trusted.

Even if they are trusted it can be hacked,the hacker keep updating themselves along with the development of technology so don't choose a centralized exchange for converting large amount of cryptos but still no DEX are capable of doing huge among of transaction so for now better stick with the daily limitation and then move the funds everyday just by splitting it under the daily limit without KYC.

[xWolfx]

We should be careful when we are giving our identity to the exchanges. Your post is one of the proof that our I.D. are vulnerable to hackers. We should only participate in KYC if the exchange is reliable and trusted.

Even if they are trusted it can be hacked,the hacker keep updating themselves along with the development of technology so don't choose a centralized exchange for converting large amount of cryptos but still no DEX are capable of doing huge among of transaction so for now better stick with the daily limitation and then move the funds everyday just by splitting it under the daily limit without KYC.

True. However we need to take into consideration that we have no idea how much they are investing on security and how many security professionals they are hiring to take care of the protection of data. It's pretty hard to defend them without that information publicly available.

The truth is a lot of companies still neglect security, which makes it to easy for hackers to break in and steal it. Remember that in the information age, information is power for those who know how to use it and for that reason it is extremely valuable.

[sheenshane]

True. However we need to take into consideration that we have no idea how much they are investing on security and how many security professionals they are hiring to take care of the protection of data. It's pretty hard to defend them without that information publicly available.

snip-

This is the reason why I hate KYC. I heard those big companies will use these KYC/personal data to make AIs which will dominate the marketing industry. KYC is often used to execute sales and advertisement.

I hate it an app asks me to provide the personal data since I know those data could be jeopardized. I still imagine, what if facebook's data about everyone gets hacked and will be sold to some illegal organization will ruin anyone who they would like to ruin? It would be so scary. KYC needs attention and this is a serious one.

[FIFA worldcup]

That's the weakness of KYC and we had a taste of it when facebook got hacked and another one when this forum's database got stolen. I miss the times when we could trade freely without having to deal with KYC on sites like bittrex and poloniex, but things change. Unfortunately, in most cases they change for the worse.
I used to be and still am against KYC and government agencies trying to oversee crypto trading, but reading the posts of some forum members here makes me thing that I'm in the minority.  

VPN + download Google Auth for PC = No more KYC  
I tried as a test 1 year ago and I successfully bypass all KYC verifications, I forgot on which one of exchanges... it was one of the most popular.

How could you bypass a KYC verifications using only VPN and Google Auth? Aren't you aware what is KYC means? It just means that they want your real name and address while some of it asking for a any verified government ID's. Don't make KYC as easy as you think, it is not that simple.

Maybe what he means is about KYC still used only to increase withdrawal limits. Because he said in last year, when we put 2fa we get more limit, and if we do KYC, our withdrawal limit is increased again. Like we must pass any tier of security level in that exchange.

I am always in a favor of KYC but the recent incident has developed a lot of question about the safety of our privacy through KYC.  I mean how can we now trust the exchanges that they will not misuse our documents.
This is a serious issue as these documents can be used for criminal purpose worldwide.

[jeeveless]

This is quite alarming, imagine the amount of documents all these projects that have been conducted KYC being hacked or misused. I was wondering of all these project build on security, privacy and decentralization, couldn't they make an app or system that secures KYC in that way that it can't be leaked/hacked?

[Ave_Maximus]

buy crypto through exchange services, like changenow and you won't be asked for docs and you'll be anonymous in web