In the context of increasing cryptocurrency-related kidnappings and the doxxing of the Solana co-founder, many in the industry are questioning whether KYC (Know Your Customer) is truly worth the risks it brings.
For cryptocurrency users who value privacy, #kyc may be a frightening term. This is a process that requires providing personal information such as name and address to service providers, primarily cryptocurrency exchanges. In many jurisdictions, including the U.S., KYC is legally mandatory. While it plays an important role in preventing illegal activities, KYC poses risks to both the data-collecting companies and the users providing information.
Earlier this week, Solana co-founder Raj Gokal and his wife were doxxed by malicious actors, demanding he pay 40 $BTC (worth $4.3 million). Gokal stated that his document photos were leaked from the KYC process but did not disclose details. Doxxing is the act of publicly revealing personal information online, which may include home addresses or banking information. In Gokal's case, it was photos of his identification documents, including his home address.
The incident occurred just two weeks after Coinbase, the largest cryptocurrency exchange in the U.S., admitted to a data breach, compromising customers' sensitive information. Michael Arrington, founder of Arrington Capital, warned that this could “lead to the deaths of many” as the wave of kidnappings increases in the industry.
Many believe that Gokal's doxxing is related to the Coinbase incident, although it has not been confirmed. Nevertheless, the incident has raised concerns among cryptocurrency users about having to provide personal information to exchanges. KYC often requires passport photos, proof of address, and selfies holding documents – sensitive data that can be stolen by hackers, bringing crime right to the users' doorsteps, especially as kidnapping incidents related to cryptocurrency are rising in France, the U.S., and many other places.
Nick Vaiman, CEO of Bubblemaps, shared with #Decrypt : “When a platform collects too much KYC data, it becomes a target. Hackers can use the data to conduct fraud attacks or worse, come to rob in person. KYC data creates risks – the more data you hold, the easier it is to be attacked.”
However, Arnaud Droz, COO of Bubblemaps, argues that completely eliminating KYC is unrealistic. KYC can be a “necessary evil” to prevent crime on the blockchain. Slava Demchuk, CEO of AMLBot, agrees: “KYC is an important tool for regulatory compliance and crime prevention. While sophisticated criminals may evade the law, KYC creates barriers, and when combined with other measures like transaction monitoring, it becomes a strong shield.”
KYC is a legal requirement in many countries, including the United States, under the Patriot Act of 2001. However, after the Coinbase hack, many industry leaders have spoken out against it. Erik Voorhees, founder of ShapeShift, called state-imposed KYC a “crime” on social media, and Coinbase CEO Brian Armstrong agreed.
Nick Vaiman's remarks: “The core issue is that fraudsters can easily deceive the system. They can buy fake KYC or use someone else's identity. With the development of AI, creating fake identities is becoming easier, making KYC systems weaker. KYC does not prevent bad actors but only complicates things for honest users.”
So if the KYC system is necessary but has vulnerabilities, what is the solution? Jeff Feng, co-founder of Sei Labs, suggests: “We are seeing innovative solutions like zero-knowledge privacy and knowledge-free KYC (ZK-KYC).” ZK-proofs allow users to prove information (such as not residing in a sanctioned country) without disclosing data directly. However, Demchuk from AMLBot argues that ZK-KYC is difficult to implement due to regulations like GDPR in the EU, which require exchanges to store KYC data for five years – something ZK-KYC cannot fulfill.
Regardless of how KYC may evolve, some users argue that this issue reflects a larger crisis. Charlotte Fang, the anonymous founder of Remilia Corporation, told Decrypt: “The ability to transact anonymously is the foundation of cryptocurrency – a revolutionary technology against state intrusion. The industry has strayed from the cypherpunk spirit, not only because of KYC but also due to a culture of seeking acceptance.”
Privacy advocates are calling for completely anonymous transactions on the blockchain, while regulators oppose it. However, the U.S. Treasury’s lifting of the ban on Tornado Cash – a privacy tool on Ethereum – earlier this year indicates that there could be a shift in Washington. Can KYC find a balance between privacy and regulation? This question remains the focal point of heated debates in the cryptocurrency industry.