The recent scandal involving the leakage of personal data of users of the Coinbase cryptocurrency exchange once again raises questions about the need for strict identity verification procedures, such as "Know Your Customer" (KYC). In December 2024, it became known that the attackers had managed to bribe Coinbase support service agents and gain access to the personal data of 70,000 users. The compromised data includes photos of identity cards, home addresses, and other sensitive information. But how does this leak highlight the weaknesses of KYC, and what does this mean for the future of cryptocurrency platforms?
Protection or threat?
When we talk about KYC, the fight against money laundering, fraud and terrorist financing immediately comes to mind. However, for ordinary users, KYC often becomes just an obstacle that needs to be overcome in order to start trading cryptocurrencies. Exchanges collect information like passport data, selfies with ID cards, and utility bills. This looks like an important step to ensure security, but real practice shows that the system does not protect users that much.
A developer under the pseudonym Bantag, commenting on the situation, said that KYC, in fact, only contributes to the growth of crime. After all, hackers, using fake documents, easily bypass the system, and real users become vulnerable. For example, one of the hackers showed how artificial intelligence can be used to create fake passports and pass KYC on a cryptocurrency exchange. The situation with the data leak at Coinbase, when hackers were able to gain access to personal information through bribing exchange employees, only confirms these concerns.
The problem of traditional verification
KYC as a process has existed since the 1970s, when it was introduced in the United States to combat money laundering and terrorist financing. However, this solution seems outdated for cryptocurrencies. As a result, cryptocurrency exchanges are forced to collect huge amounts of user data, which increases the risk of leaks, as we saw in the case of Coinbase.
What about new technologies? In recent years, alternatives such as zero-knowledge proof (ZK) have been actively discussed. This technology allows you to prove that the information is correct without revealing it. Imagine that once you have verified your identity, you could use it on all platforms without going through repeated verification. According to experts, this could significantly increase the level of user privacy, but, unfortunately, such solutions are not yet so accessible due to the high cost and technical complexity.
The way forward
The problem is that even if KYC causes discontent among users, it will not disappear in the near future. "Without KYC, cryptocurrency risks becoming a tool for any crimes," warns Ilya Kolochenko, a cybersecurity expert. KYC-related problems cannot be solved instantly, especially when it comes to international regulations that require data collection.
At the same time, many platforms are already starting to look for solutions that can improve user privacy while complying with the requirements of the law. ZK technology, which could potentially be an important step in the future, promises to preserve privacy and reduce the risks of data leaks. But for now, its mass implementation remains a matter of time and significant investment.
Conclusion: What can we do?
The data leak on Coinbase has called into question the security of traditional KYC verification, and many users are beginning to wonder more and more about how safe it is to transfer such sensitive data to centralized platforms. To what extent do you think KYC really protects users, rather than creating additional risks? And if so, how can this process be improved to maintain a balance between security and privacy?
