The recent data of Coinbase is motivating fresh calls to learn its customer (KYC) requirements in the Breach Licensed Cryptocurrency Exchange.
In December 2024, illegal actors bribed foreign customer service agents to get access to personal information of 70,000 users. In May, Coinbase accepted That hackers received data such as ID photos and home addresses issued by the government.
“All this security theater needs to eliminate ASAP. Time and again it only benefits hackers and forced recovers,” Said Pseudo -Name Developer Bentag on X. “KYC actually enables crime.”
However, it is not possible for exchanges to turn on its back only on KYC, as it is a regulatory mandate in many courts. Meanwhile, zero-knowledge (ZK) proofs such as privacy-growing options are limited by cost and technical complexity.
CYC becomes a flawed gatekeeper for coinbase
The latest data of the coinbase keeps the scandal nasdac-list on the spot. But this concern applies to all centralized crypto platforms working under regulatory licenses worldwide. Centralized exchanges now collect and manage utility bills from passport scans, government IDs, selfies or even users who just want to do business.
KYC was designed to curb the funding of fraud, money laundering and terrorism. But in practice, it is everyday users who are finished while the prescribed attackers discover the methods around the system.
“Anyone is capable of generating a fake US passport or diploma from a major law school, CEO of Cybercity Company Immunivable, Ilya KlooChenko said. And 50% of the identity investigations are likely to be with generous AI.”
In February 2024, it was reported that people can successfully bypass Crypto’s exchange exchange KYC verification walls using AI. Then in October 2024, another AI service pop up to add a video generation tool to bypass the Crypto KYC check.
Connected: AI agent is ready to be Crypto’s next major vulnerability
In 2023, the famous blockchain detective Zachxbt shared a performance details, where he bypassed the Gate.IO’s verification system using a fake identity called North Korean leader “Kim Jong-un”. He said that it took him a few minutes to do so.
Lisa Loud, Executive Director of the Secret Foundation, suspects that her personal data was included in the violation of the coinbase due to the increasing frequency of suspected spam messages.
“Yesterday, I found five texts about the coinbase, saying that someone was trying to reach my 2FA or take out funds,” Loud told cointelegraph. “The full point of Web 3 is to move beyond the problems of Web 2, not to repeat them.”
In a financial sense, she considers herself lucky, as she does not hold much on the exchange. He is more concerned about his personal information that illegal actors may have access.
Coinbase has highlighted how Web2 KYC Web3 fails users
KYC was not designed keeping in mind Crypto, but now it is a foundation as to how regulators force the emerging industry to play by traditional rules.
“The problem is not that we are KYC-EIN people; this is that we are doing it in a web 2 way and not a new way,” said loudly. “Their goal is to tighten their risk models. It makes sense from a commercial point of view – but it is completely inappropriate for users.”
Connected: Increase on violent crypto dacoits: six attacks that target investors
The KYC practices originated in the 1970s under the US Bank Privacy Act and strengthened after the 9/11 attacks. USA Patriot Act Under the “Customer Identification Program”.
Crypto emerged much later but rapidly depends on the identity verification. Illegal actor can buy the theft or KYC-assigned accounts at the dark marketplace, or use advanced equipment such as AI to bypass these verification with minimal costs.
Some users have called KYC to scrap and have been replaced with modern innovations such as zero-knowledge (ZK) technology. This will allow one party to prove the other to prove that the information is true without the need to reveal the underlying data. In theory, it can allow regulators to tick their compliance box while users have their privacy.
“The problem is that the exchange and many Web3 companies are all KYC doing independently, repeatedly. But if I can verify my identity once and then use that service to provide a zero-knowledge proof of identity, it would be so better,” Loud said.
Coinbase Scandal will not remove KYC
Although modern blockchain-based solutions can improve privacy by verifying the user’s identity, Kolohankhenko said that the KYC will continue on the borders despite its flaws.
“KYC is to live here, and the regulator will not reduce the bar. If anything, they will increase it. Without it, Crypto risk becomes a tool for every imaginative offense,” he said.
Despite the safety incident, Colochanco refused to classify it as a data violation, given that the information of the customer was stolen through bribe of foreign coinbase employees rather than infrastructure damage or technical vulnerability.
Despite what it is called, customers’ data has been compromised. Very little they can do other than following the best practices to maintain a clean digital footprint.
https://www.youtube.com/watch?v=hf08so8ti
Physical crime against crypto owners is increasing.
“Turn on paranoid mode in a good sense. Update everything. Enable 2fa. Never rely on the call asking for your seed phrase,” KoloChenco said.
Loud ZK is a lawyer of technology, which can increase privacy by meeting identity verification requirements. But even she admits that technology cannot be implemented immediately due to its heavy computational needs and expenses.
While the Crypto user is left to retrieve its privacy, the regulators and exchanges are closed in a compliance-first mentality that demands to present personal data.
Loud has been particularly cautious since the data leak of the coinbase, which she suspects was also impressed. She has now been considering changing that phone number for more than a decade, as it is suddenly filled with spam messages related to the coinbase.
Breach has also determined the apprehensions about user safety, as the data was included in the data leak at home addresses. Techcrunch and Arrington Capital founder Michael Arrington Said The leaked information on X can put users at the physical risk.
magazine: Coinbase hack shows that the law will probably not protect you: Why is here
