The recently data violation of Coinbase promises renewed calls to eliminate the requirements of its client (KYC) in license cryptocurrency exchanges.
Illicit actors bribed customer service agents abroad from exchange in December 2024 to obtain access to personal information from 70,000 users. In May, Coinbase admitted that computer pirates had obtained data such as identification photos referred to the government and housing addresses.
“All this security theater must be abolished as soon as possible. Again and again it only benefits the computer and extortionist pirates,” said the pseudonym developer Banteg in X. “The language of law KYC allows crime.”
However, it is not feasible for exchanges to simply turn their backs on KYC, since it is a regulatory mandate in several jurisdictions. Meanwhile, alternatives to improve privacy such as zero knowledge (ZK) tests remain limited by cost and technical complexity.
KyC becomes gatekeeker flaed for coinbase
The last coinbase data scandal places the company that quotes in Nasdaq on the spot. But concern applies to all centralized cryptographic platforms that operate under regulatory licenses worldwide. Centralized exchanges now collect and administer passport scans, government identifications, selfies or even public user services invoices that only wish to trade.
KYC was designed to stop fraud, money laundering and terrorism finance. But in practice, it is everyday users who end up exposed while the determined attackers find forms around the system.
“Anyone can generate a false passport or diploma of the US. Uu. Of a leading law school. And 50% of companies with identity controls are probably omitable with generative AI,” Ilia Kolochenko, CEO of Cyberigecury Company, Cintelaph.
In February 2024, it was reported that people can successfully ignore the Verification walls of Crypto Exchange Kyc generating passports using AI. Then, in October 2024, another AI service appeared to add a video generation tool to avoid Crypto Kyc verifications.
Related: AI agents are ready to be the next great vulnerability of Cryptos
In 2023, the famous Blockchain Zachxbt detective shared details of a demonstration in which the Gate.IOS verification system used using a false identity under the name of the North Korean leader “Kim Jong-un”. He said he took him only minutes.
Lisa Loud, Executive Director of Secret Foundation, suspects that her personal data was included in the coinbase violation due to the growing frequency of suspicious spam messages she has received.
“Just yesterday, I received five text messages about Coinbase, saying that someone was trying to access my 2FA or withdraw funds,” Loud told Cointelegraph. “Web3’s goal is to go beyond web2 problems, not repeat them.”
In a financial sense, it is considered lucky, since it does not have much in the exchange. She is more concerned about her private information to which illicit actors can have access.
Coinbase highlights how web2 KYC fails web3 users
KyC was not designed with cryptography in mind, but now it is a cornerstone of how regulators force the emerging industry to play with traditional rules.
“The problem is not that we are KYC people; we are doing it in the web2 and not in the new way,” Loud said. “Its objective is to adjust its risk model. It makes sense from a commercial perspective, but it is completely unfair to users.”
KyC practices originated in the 1970s under the Secrets Law of the United States Bank and were significantly strengthened after September 11 attacks through the US Patriot Law. UU. Under the “Customer Identification Program.”
Cryptography arose much later, but is increasingly based on identity verification. Illicit actors can buy stolen identities or verified KYC accounts in Darknet markets, or use advanced tools, such as AI, to avoid thesis verification with a minimum cost.
Some users have requested that KYC be discarded and replaced by modern innovations, such as Zero-Knowledge (ZK) Tech. This would allow one part to demonstrate to another that the information is true without the need to disclose underlying data. In theory, you can allow regulators to mark their compliance boxes while users maintain their privacy.
“The problem is that the exchanges and many web3 companies are making KYC independently, on and again. But I could verify my identity once and then service to provide a zero knowledge identity test, that would be so holy,”
Coinbase Scandal won adjust Kyc
Blockchain -based modern solutions can improve privacy while verifying users’ identities, Kolochenko said KYC will continue to persist through borders despite its legs.
“Kyc is here to stay, and the regulators won the bar. In any case, they will increase it.
Despite the security incident, Kolochenko refused to classify a data violation, pointing out that customer information was stolen through the bribery of Coinbase personnel abroad instead of through damage due to infrastructure or technical vulnerability.
Regardless of what is called, the client data has committed. There are little that can be done apart from following the best practices to maintain a clean fingerprint.
Physical crime against cryptography owners is increasing.
“Turn on the paranoid mode: in good sense. Update everything. Enable 2fa. Never trust an incoming call asking for its seed phrase,” Kolochenko said.
Loud is a ZK technology defender, who can improve privacy while satisfying identity verification requirements. But even she admits that technology cannot be implemented immediately due to their strong computational needs and doors.
While cryptography users let themselves fight to recover their privacy, regulators and exchanges remain blocked in a first compliance mentality required by the presentation of personal data.
Loud has been especially cautious since Coinbase’s escape, so it suspects that it was also affected. Now he is considering changing the phone number he has had for more than a decade, since he has suddenly flooded with spam messages related to Coinbase.
The violation has also activated fears on user security, since data on housing addresses were included in filtration. Techcrunch and the founder of Arrington Capital, Michael Arrington, said in X that the leaked information can put users at physical risk.
About The Author
