“`html
The recent data compromise at Coinbase has ignited fresh demands for the elimination of Know Your Customer (KYC) protocols in licensed cryptocurrency exchanges.
Criminal entities bribed the exchange’s overseas customer support representatives in December 2024 to obtain access to the personal data of 70,000 individuals. In May, Coinbase acknowledged that hackers had acquired information like government-issued ID photos and residential addresses.
“This entire charade of security needs to be eliminated urgently. Time and again, it only serves the interests of hackers and extortionists,” stated the pseudonymous developer Banteg on X. “KYC effectively facilitates criminal activity.”
Nonetheless, it remains impractical for exchanges to disregard KYC completely, as it is a legal requirement in numerous jurisdictions. In the meantime, privacy-enhancing options like zero-knowledge (ZK) proofs are still constrained by their cost and technical intricacies.
KYC proves to be a flawed gatekeeper for Coinbase
The latest data scandal surrounding Coinbase puts the Nasdaq-listed firm under scrutiny. However, this concern extends to all centralized cryptocurrency platforms functioning under regulatory licenses globally. Centralized exchanges are now tasked with collecting and managing passport images, government IDs, selfies, or even utility bills from users merely looking to trade.
KYC was initially established to minimize fraud, money laundering, and financing of terrorism. However, in reality, it’s the everyday users who find themselves vulnerable while determined attackers discover ways to circumvent the system.
“Anyone can produce a counterfeit US passport or diploma from a prestigious law school. And 50% of businesses engaging in identity checks are likely to be overcome using generative AI,” Ilia Kolochenko, the CEO of cybersecurity firm ImmuniWeb, told Cointelegraph.
In February 2024, reports surfaced indicating that individuals could successfully navigate crypto exchange KYC verification barriers by creating passports through AI. Then in October 2024, another AI tool emerged to incorporate a video generation feature to overcome crypto KYC checks.
Related: AI agents are positioned to become crypto’s next significant vulnerability
In 2023, notable blockchain investigator ZachXBT revealed details of an instance where he circumvention Gate.io’s verification process using a fictitious identity named after North Korean leader “Kim Jong-Un.” He indicated that it only took him a few minutes to accomplish.
Lisa Loud, executive director of the Secret Foundation, suspects that her personal details were part of Coinbase’s breach due to the rising volume of dubious spam messages she’s been receiving.
“Just yesterday, I received five messages concerning Coinbase, claiming someone was attempting to access my 2FA or withdraw funds,” Loud informed Cointelegraph. “The fundamental goal of Web3 is to transcend the challenges of Web2, not to replicate them.”
In a financial context, she regards herself as fortunate, as she doesn’t possess much on the exchange. Her greater concern lies with her private information that malicious actors might access.
Coinbase illustrates how Web2 KYC fails Web3 users
KYC was not crafted with cryptocurrency in mind, yet it has become a staple of how regulators compel the burgeoning industry to adhere to conventional standards.
“The issue isn’t that we’re KYC-ing individuals; it’s that we’re implementing it the Web2 approach and not the innovative way,” stated Loud. “Their aim is to enhance their risk model. This makes sense from a business standpoint — yet it’s wholly unjust to users.”
Related: Violent crypto heists are increasing: Six assaults targeting investors
KYC procedures originated in the 1970s under the US Bank Secrecy Act and saw significant reinforcement after the 9/11 attacks via the USA PATRIOT Act under the “Customer Identification Program.”
Cryptocurrency appeared much later but increasingly depends on identity verification. Malicious actors can acquire stolen identities or KYC-verified accounts on darknet markets, or utilize sophisticated tools, like AI, to bypass these verifications at minimal expense.
Some users have advocated for the abolition of KYC in favor of modern advancements like zero-knowledge (ZK) technology. This would allow one party to prove to another that certain information is accurate without disclosing the underlying data. In theory, this could enable regulators to meet compliance requirements while preserving user privacy.
“The challenge is that exchanges and numerous Web3 companies are all conducting KYC separately and repeatedly. However, if I could verify my identity once and then use that service to provide a zero-knowledge proof of my identity, it would be significantly more effective,” Loud stated.
Coinbase scandal will not eliminate KYC
Even though contemporary blockchain-based solutions can enhance privacy while validating user identities, Kolochenko asserted that KYC will remain prevalent across borders despite its shortcomings.
“KYC is here to stay, and regulators will not loosen the standards. If anything, they will heighten them. Without it, crypto risks becoming a tool for every imaginable
“““html
crime,” he stated.
In spite of the security occurrence, Kolochenko opted not to categorize it as a data breach, mentioning that client details were obtained through the bribery of foreign Coinbase personnel rather than via infrastructure compromise or a technical flaw.
No matter the terminology used, clients’ data has been jeopardized. There’s little they can undertake apart from adhering to best practices to uphold a pristine digital presence.
Physical offenses against cryptocurrency holders are escalating.
“Activate paranoid mode — positively. Refresh everything. Enable 2FA. Always be wary of incoming calls requesting your seed phrase,” Kolochenko advised.
Loud champions ZK technology, which can improve privacy while fulfilling identification verification standards. However, she concedes that the technology cannot be deployed instantly due to its significant computational demands and costs.
As crypto enthusiasts scramble to restore their privacy, regulators and exchanges remain entrenched in a compliance-first approach that insists on the submission of personal information.
Loud has become particularly vigilant since the Coinbase data leak, which she believes may have impacted her as well. She is now contemplating changing her phone number that she has maintained for over ten years, as it has suddenly been inundated with Coinbase-related spam messages.
The breach has also triggered concerns regarding user safety, as data on residential addresses was part of the leak. TechCrunch and Arrington Capital founder Michael Arrington mentioned on X that the exposed information might place users at physical danger.
Magazine: Coinbase hack illustrates that the law likely won’t safeguard you: Here’s the reason
Source link
“`
