Topic: Anonymity vs. KYC: The Pros and Cons of Cryptocurrency Exchanges (Read 786 times)

Of course it is, but when you lose your car keys it doesn't mean that losing house keys will not be hurting for you anymore. Maximizing of compromised personal info is IMO always not a good idea. Of course sometimes we have no option of escaping that but if we have then I prefer to use it.


And we face up with a difference between old financial system and bitcoin again. If you need to trust a third party which will be an intermediary then old system works even better, but it also controls your money and can decide if you can operate them. Bitcoin returns control over your money but you take on the risks involved. It is a choice bitcoin gave us. And it is impossible to have both: to trust money to a third party and to keep full control over them.


Sorry to hear that.

Bitcoin was designed to be pseudonymous. There is no concept of KYC in bitcoin designed by satoshi back in 2009. The KYC just destroyed the concept of decentralized peer to peer cash transfer. For me, centralised exchanges that do KYC are not part of decentralized cryptocurrency. Rather, they are just like traditional banks that control your money.

I was talking about users' security because, in this thread, someone said you may know who are you dealing with. If anyone tries to scam you, you can ask the exchanges to investigate and find out who was. If users are already done KYC on exchanges, they won't try to scam on P2P Transaction. I already compromised my Privacy on an exchange and all users of this exchange must be KYCed. Still, I was a target of scammers twice. They sent me a fake payment message and luckily I checked my balance before I release my Bitcoin. I reported them and the Exchange blocked that scammer.

I understand what you have said. If they want to do business, they have to listen to the government. Still, we do that because somehow we need a service. I do not know any non-KYC service where I can buy and sell Bitcoin with my locals.

This is definitely for the safety of the exchanges not to be questioned by the government and since they are following the rules of AMLA, they left with no choice but to follow it. Now if the users is not ok with this, then better to choose DEX which i think can be more safe if your concern is more about your security. KYC have a pros and cons, its really prone to a data breach at any site and seriously, I know my information are already compromised by just having my facebook and google account.  

Being afraid to get scammed might be their number one reason on why they don't use any p2p sites. I doubt those people will go for some alternatives mentioned by @Potato Chips especially telegram because we know that there are so many scammers lurking on this platform.

There are so many people who use social media sites like Facebook and twitter but there are so many fake profile here, unless if the person that they will transact with show some solid proof that they are legit. Using a centralized exchange and then doing the kyc verification is not what you call convenient but it was kind of hassle however if this was the only way to do a safer transaction then why not?

It is usually not for users' security, it is for exchange's security. They don't want to have problems with government and try to follow all possible rules preventively. So if any problems they'll just pass the problem on to the user and that's all. And when they lose their databases with personal information of users they will just apologize and give you a discount certificate... or even will not do even that. So KYC is insecure for users much more than it can do for money safety, IMO.

I have discussed this in another thread as well. I believe Bitcoiner does not like KYC and wants to maintain its privacy and anonymity. Due to the requirements of KYC, a lot of people can't get into crypto. If you look at Coinmarketcap Stats,



Look at the 24H trading volume of Bitcoin. The difference between DEX and CEX will amuse you.

I believe there are a lot of ways to set users' security without asking for a KYC. Still, Exchanges ask their users for a KYC if they want to use their platform. We already compromising our privacy. Look at the stats and you will understand what's happening. I would suggest avoiding KYC Exchanges while I have already KYCed myself on an Exchange.

That's a good suggestion, but I would also caution anyone on the receiving end of such a proposal. If someone approaches you on social media and says "Hey, sign up for this site and we can trade there", be very careful that you are not being scammed. Not only with an entirely fake exchange, but also with a fake site mimicking a real exchange. If you are in any doubt, ask on this forum first.

Which doesn't really make sense, though. If you want to trade peer to peer, then you can pick a platform like Binance, which requires KYC, requires giving up custody of your coins to Binance's central wallet, has zero privacy, has zero security, can leak your data at any time, and can freeze your account and seize your coins at any time. Or you can pick a platform like Bisq, which requires no KYC, has maximum privacy, has no risk of data being leaked, your coins remain under your control, and they cannot freeze or seize anything. I cannot see a single reason you would choose Binance (or any other centralized not-really-peer-to-peer-at-all platform).

Or people cant really just afford on doing so or really that much afraid.Its true that there are other ways or paths on doing p2p but since the most common way would really be on those known exchange platforms
then this is where they would really be sticking into that belief and principle which would lead no choice but to make out some verification before they could unlocked up such feature.

In some key areas which its not really that necessary since there are methods or ways but people would really be surrendering out their identity for the convenience
and easy access on using up platforms which i couldnt really blame them out.

I think I phrased it poorly. I meant to say try to invite them over in one of the mentioned no-kyc p2p exchanges. I've been to a couple of local communities myself and none of the people I've talked to knows localcryptos, etc. (this was way before LC's shutdown). We have good no-kyc exchanges right now however a lot of people still have not heard of its existence but everyone knows social media - i guess i should not be surprised lots of people trade there.


Perhaps this is just my faith in the community but I imagine people would still pursue developing/maintaining alternatives to kyc'd platforms since restrictions drove people to such ideas in the first place. I think there'd be lesser no-kyc exchanges in the future as well however, when it comes to this, quality outweighs quantity.

I don't have any social media accounts, but from the number of reports on here, Reddit, and Twitter of people who have been scammed on social media, I would steer well away from using them to trade unless either you already know and trust the person you are trading with, or you are using a mutually agreed on reputable escrow. There have been plenty of such reports of scammers suggesting an escrow, and the escrow was working with the scammer all along. Pick one of the reputable escrows from this forum.

There is also the currency exchange board on this forum.

This actually doesn't bother me too much. P2P isn't going away; in fact, its volume is growing as centralized exchanges become ever more draconian. More volume on fewer exchanges means a better experience across those exchanges. If everyone did away with the semi-decentralized exchanges which operate via centralized websites and just moved the pinnacle solution - Bisq - then the volume on there would be amazing and would solve everyone's issues. We only need one decentralized coin, although there are plenty of lesser imitations. We would do just fine with just the one truly decentralized exchange.

I don't think trading on any platform (Discord, Telegram, etc.) without Escrow is safely to do. Scammers mostly watch over those channels to find such trades and scam inexperienced traders. So Escrow service provided by highly trusted person is very important to secure such trades for both buyer and seller.

Consider to trade with trusted trade partners and if you want to use Escrow service to make such trades more safely, only use Escrow from very trusted provider/ person.

In future, I believe there will be less platforms with non-KYC services.

If ever the known no-kyc p2p exchanges returned no results. I say try hitting some social networking platforms as well and see if it’s possible to invite someone over. A lot of people actually trade on discord, facebook, telegram, etc. without or a with a filmsy “escrow”. These people most likely don’t know there are better alternatives to do p2p that’s why they settle for such…

If you are a criminal looking to launder some money, then this must surely be an attractive way to do it. Copy the code from some existing shitcoin. Launch a bounty campaign across here, Reddit, Twitter, Facebook, YouTube, etc., paying in your newly made up shitcoin. Require everyone to first complete KYC to receive payment in your newly made up shitcoin. End result: Hundreds of people submitting their full identities and KYC documents directly to you, and you didn't have to spend a single cent or sat.

Anyone who sends their KYC documents to an altcoin is just asking to have their identity stolen.

Let's be honest here - it isn't convenience or accessibility which drives people to sacrifice their privacy; it's greed. They want to get a piece of the obviously unsustainable 20% APY that such centralized platforms were promising before they went bust. They want to get in on the next pump and dump scam. They want to be airdropped the next shitcoin scam. They want to get their 10 shittokens reward for completing advanced verification. And so on.

Might be that harmful but in order to be able to benefit out on services that could bring some convenience and accessibility then you would really be needing to sacrifice your identity and this is why its a matter of
choice which some doesnt really care on sending out their ID or documents as long they are able to benefit out on such usefulness or convenience.It is really just that there are really that people who are
really that mindful about their privacy.This is why its a matter of choice whether you do make use of them and sacrifice it out or would really be skipping out just because you dont
really like it.

Yup, having KYC always has been harm actually. With more and more projects coming to life they will start asking for KYC as mandatory step for user account verification. This is not just limited to exchangers anymore but also to the new alt projects with high throughput.

It’s literally getting equal to having a bank account opening process and submitting everything to the world. One thing is sure, you can’t trust exchanger and how big or secure they claim themselves it won’t matter. There always be someone smarter to hack into it.

I have never used a CEX and I trade between fiat and bitcoin regularly. It is not difficult at all. It is certainly far easier than having a centralized exchange freeze my account, seize my coins, and leak my identity on the dark web.

Where have you looked? Try some of the exchanges listed here: https://kycnot.me/. In particular, Bisq, AgoraDesk, and RoboSats are the best at the present time. And if there isn't someone in your local area, you can still trade via bank transfer with people further afield.

It can be said that the purpose of everyone participating in this market is to seek profit, to seek financial freedom, not to seek privacy, so they will not be too concerned about their privacy. Your privacy is also useless if you are a poor person, our society is a pragmatic society, and we need to accept the truth.
Another thing is, if you are not using CEX, converting to fiat will be very difficult. Honestly: I really don't believe in P2P trading, I can't find a trusted person in my local area to do P2P transactions.

That's what sites that ask their customers to do KYC have to do by being able to keep their customer's confidential identity data in a different place from their site so that if something happens to their site, the data is still safe there. And the big sites have implemented it, but maybe not all of them are aware of it, so we still hear news about hacking a site. And it should be if the exchange site can continue to improve its service to its customers so that the site can gain the trust of its customers. And its customers also rest easy as long as they use the exchange site for trading and other things.

Except they do. Every major centralized exchange has leaked customer data. Binance has been hacked for customer data. Coinbase admitted they sold customer data to third party without customer's knowledge or consent. Bitfinex, Bittrex, Kraken, you name an exchange, it's leaked user data.

Just means that if their third party KYC processor is hacked, then your data is stolen that way instead. And we've seen time and again that most centralized exchanges are very lackluster when it comes to the security of their users' data. They simply do not care about your data or your safety, and are unwilling to spend any real money to make the process safer.

The only safe KYC is no KYC.

It's not only about the potential abuse on why people avoid KYC but it's also because KYC is too hassle to do and then it invades ones privacy. We can't control the rise of the KYC on many websites but luckily there are still sites who don't comply with it. We can always choose to use those sites.

As long as the website is legit and you are willing to hand out your KYC, then you shall not worry because they won't likely leak you data to other companies that they know. It will be better if they store the KYC away from their server so that once their site got hacked, the users KYC's are still safe. Along with that is they must tighten their security so that hackers won't have the chance to access them.

It's sad that people are so easily ready to give up their freedom in exchange for convenience. If a person chooses food between freedom and food, then he will lose everything over time, including food. It's a pity that many do not think about it.

I am used to with KYC on all cryptocurrencies exchange market and actually as arbitrage need higher withdrawing in daily day need to break KYC process, but for trader or user not agree with KYC have alternative and option with trading on exchange without have to pass KYC like Kucoin, MEXC and Hotbit.

But have little disadvantage with account without process KYC get limit withdrawing under 2 Bitcoin in daily day and if want withdraw higher amount need to upgrade by KYC processing. Binance have been adopted must KYC and not available withdrawing or trading if not pass KYC or upload document needed.

In many cases of customer identity abuse, we try to avoid KYC on many websites. Still, we can't do it, especially now that more and more exchanges require their customers to do KYC. But we are still lucky because we can still find exchanges that do not require detailed KYC and can use those exchanges to trade as usual. Hopefully, those exchanges can maintain their customers' confidentiality by not abusing it for illegal things. Hopefully, the exchange won't let hackers try to take it from the exchange server database.

Biometric data and DNA? Well, I haven't thought that far and I don't think it's going to happen that way. Yes, things change all the time, and we need to adapt but I don't like holding headlights in front of cars. I will watch how the world changes, and I will adapt accordingly.

People are annoyed with the KYC of exchanges, but to speak more broadly about the outside world. When you use technological devices such as smartphones, social networks, and government services, our privacy has long been stolen, not only in this crypto market. Our world is still a centralized world, and the government is running it all, they know all we're doing, we couldn't be smarter than them.

This is true and on point!

When you do buy crypto - Neither p2p or using exchange or services that using up CC/Debit cards.
When you do withdraw crypto to fiat - You would be making use of exchange platform.

You could do all of these things when you are kyc-verified which means that you cant able to proceed if you aren't that verified.
If you are really just making it use for trading coins without pulling it off and making it a fiat then verification wont really be
that much needed.

Honestly, I prefer an exchange without KYC. So far an exchange have proof of reserve, Im okay with that. Do you know that some exchange will just terminate your account because of some unknown fanancial policy even after KYC?
I know many  Binance account termination victims even after thier so called third level verification. Now, After having all these people information, they terminate thier account. This means that all these information can be used for something else without the owners knowing. Since I know this, Ive switched to MEXC Global. Ive been trading, depositing and withdrawing without KYC for years and Ive never seen any kind of data breaches since it was founded in 2018 and there is proof of reserve. So, I just stay away from too much KYC these days.

There's no way on avoiding this considering that regulation do becomes strict specially on services and platforms which are involved or connected on cryptocurrency transactions specially on exchange platforms but somehow these kind of regulation does impose some security on users funds if ever these platforms do really make out some shady move.Yes, we arent that non knowledgeable when it comes on how DEX
works and yes its really something preferred if we do speak about total anonymity but since we are really that minding about having those fiat conversions then we wont really be having
no choice but to touch up these areas.

It may be news to you, but trading on the DEX does not require sending your funds to the exchange wallet or passing KYC.

And yet, if you ride a bicycle wearing a helmet and a truck runs over you, the helmet will not save you.

KYC is usually bad for cryptocurrency users. Yet things never turn out the way we want them to. The amount of regulation that centralized exchange must comply to is low. Users are forced to submit KYC because of exchange terms and conditions, although there are no benefits to doing so. A centralized exchange would request KYC whenever they felt like it. Don't feel completely comfortable since those don't currently require KYC.

It's like a game of chance, really. People are out here, willin to take on the unknown and untested by tradin on unverifid exchangis with no KYC. They assum that it's a good ideea to avoid givin out their persnal informashun, but hav they really thought it through? Wat if somethin goes rong, like some hacker decides to take a swing at their account and runs off with all their hard-earned cash? Without KYC, how will they prove ownershp of the account? It's a precarious balancing act, sure, but ya need to be smart and take the risk. It's like when ya ride a bike; ya may think helmets arent kool, but they're necessary to keep ya from gettin hurt. So, before ya sign up for that sketchy unverified exchange without KYC, take a minute and consider that enablin KYC is a constructive and creativ way to keep yourself safe from any security breaches.

Large or small companies, when we send our documents to them, we lose those things on Internet forever except if we can have a time traveling machine to correct our mistakes or past activities.

I don't know all companies and their data breaches in your list that is big but I am not surprised at all. They have lot of Terms in their Terms of Service that are set to protect their companies, not their customers.

Like all those data breaches, did any victim (among their customers) receive compensation from those companies? No, and worse, customer data were breached forever.

Change is inevitable, and it's no different in the world of cryptocurrency exchanges. With KYC becoming a necessary requirement for trading on most platforms, it's important to consider what the future may hold. As the need for security and safety increases, it's not hard to imagine that biometric data, including DNA, may be the next step in the evolution of exchange compliance. Are you prepared to adapt to these changing requirements?

Both CEX and DEX have their pros and cons, there is no winner when compared to each other. If you like privacy, don't want your identity to be sold on online websites, then DEX is the choice but DEX has a lot of limitations, if you are a trader, you make money trading, then you won't be able to do that with DEX. In contrast to CEX, they provide many services as well as convenience to use, but in return, we lose privacy, and we also do not have full control over our assets. I am a trader, so I still use CEX so far, I lost my privacy but in return, I feel satisfied with cex's services.

The concept of anonymity is good by not exposing our identity to many places, especially places controlled by the government. But unfortunately, the government itself wants to know who its citizens are, and they pressure a lot of business places to do KYC on those who come to these business places, especially for those who do business, so that the government can find out how much their profits are and the government can collect the taxes.

There has to be a desire to use the anonymity of everyone and turn around to pressure the government not to force KYC on everyone and let people choose what they want. But this is not easy because the government will not allow it.

Because you aren't supposed to deposit your money to an exchange at all. Proper DEXs let you trade peer to peer, and there are no centralized wallets in which to deposit your coins. Since the exchange never has control of your coins, there is no trust required. The fact that so many people think you must give up all control of your coins to a third party in order to trade them is a triumph of centralized exchange's marketing departments, but a complete falsehood. And I have no idea how anyone can seriously question how you can trust a proper DEX when literally no trust is required, while at the same time saying that CEXs are more trustworthy, despite the fact that dozens of CEXs have collapsed and gone bankrupt in the last few months because they were stealing/gambling/spending users' coins without their knowledge or consent.

CEXs are the least trustworthy platform in existence.

So you are willing to give up all your privacy, give up the security of your coins, risk your documents being sold on the dark web, risk your identity being stolen and being accused of money laundering and fraud, all because you can't be bothered to enable 2FA on your exchange account? Wow.

I get that our data could be hacked and be shared, and I am willing to take that risk. People think that KYC is just there for exchanges to comply with government requests and nothing more, which is very wrong.

KYC is there to protect you, in case someone tries to hack into your account, if you have KYC enabled that means you could provide proof that you are in fact you, whereas hackers won't be able to, because being able to hold a piece of paper that has that days date is not something they could replicate. Hence, having KYC, even with all the risks involved is still better for me and makes me feel a lot better about it in the long run.

Don't you think it is essential to preserve the user's freedom of choice, as it is the basis of individual freedom? By denying this fundamental right, we deprive ourselves of a part of our freedom that is already diminishing more and more.

If we continue to accept these restrictions on our freedom, it is highly likely that we will lose all the freedoms we had 10 to 30 years ago. We risk ending up under totalitarian control, where each of our movements will be monitored and controlled. Is this really what we want for our future and that of our children?

We ourselves have a share of responsibility in the establishment of this control. By choosing the easy path and accepting convenience at the expense of our freedom, we have allowed those in power to seize our most fundamental rights. We must be aware of this and take the necessary measures to restore our individual freedom.

Cryptocurrencies were supposed to be an alternative to state control, by offering anonymity and privacy protection. But we have abandoned this idea and turned to more practical solutions, without considering the long-term consequences.

It is time to wake up and fight for our individual freedom, by rejecting any form of government control and surveillance. We must reaffirm our right to privacy and freedom of choice, to preserve the democratic values that make our societies strong.

KYC may be against the spirit and practice of decentralization, but then we can not totally elude the importance of KYC to centralized platforms and cryptocurrency services providers, such as exchanges, first, they need to comply with government regulations for them to be able to get licensed, and since the government already know the risk of allowing crypto transactions on exchange to go unchecked, it's paramount for them to strictly follow the kyc mandate.
-But the user on the other hand has the right to choose between KYC and none KYC and this all balls down to how the individual perceives his privacy.

Even with those verified or regulated platforms cant really be fully trusted 100% but it is way more better compared into those platforms which arent that regulated. Come to think that there are even
platforms as of this moment that arent asking for some verification but still you could be able to make use of their site features if you are really that intending to deal up with crypto space.
Regulation do really come tighter as the years passing by and its not surprising that we do really becomes even more stricter for whatever things that deals up something with money.
You would expect that government would really be always loving to have involvement.

I really do not trust the exchanges without any KYC at all, I mean there are so many laws that bans exchanges to not ask for KYC at all, which means that if we are depositing our money into an exchange that doesn't ask for KYC, that means they are working outside of the law and in that case how could we truly trust them?

However the ones that ask your KYC, even though annoying it might be, working with the officials to make that happen, otherwise why would they need your KYC, not to put your face on their bedroom wall, which means that they are at least a bit more credible, such as if anything happens they may go to jail, just like how FTX screwed up, but didn't get away with it, knowing that prevents scammers a lot.

KYC does good things, but they also pose a lot of harm to those submitting the KYC itself. A lot of data breaches in the past have been recorded inside and outside the cryptocurrency space. It makes up for a perfect recipe for spying people and their activities. You are giving your identity to these entities hoping that you'll get accepted to their platforms and services. What happens when these entities get hacked? Your identity is at risk of getting used by other people in malicious activities. Who gets the repercussions? Of course, no one else but you.

Privacy matters aside, identity verification/KYC can be a very inconvenient process. 

For instance, you can do all the basics DOs and DON'Ts e.g. photo should be clear, text should be readable, etc. and still fail. There should be lots of threads complaining about how they have to try multiple times. There were also cases where people have to wait for days to be approved, worse is if the software can't verify them and they have to be put thru manual verification which is a longer process. This reason alone is enough for me to prefer no-kyc ones since I don't need to be subjected to any of that.

I do like to keep my privacy safe and avoid KYC, but the top exchanges make it mandatory to do your verification. I know there are many ways those exchanges can avoid the mandatory KYC verification, but they won't do it. And if we are to use the best one out there, we have to go by the rules and do it anyway. I don't think that's fair. Data breach has been an issue for a long time now, but as we have to use it anyway, then better to choose the best one out there. Those which got a good reputation, I won't mind sharing my personal info, tho I feel kinda unsecure doing it too. I would be good to have a decentralized exchange (there are many already out there). But they don't seem appealing to me to put my trust in them.

Even though on how much we do hate up CEX and recommend DEX but still there are really lots of ways on why these centralized and regulated platforms had been loved by most many of us, this is why we could

able to trade up directly in between coins with ease due to lots of pairs and could be able to convert it to fiat without any hassle.We do know that we cant directly purchase out a crypto via
these decentralized exchange and this is why we would really be still touching up this area because this is the only way we could acquire coins excluding on that p2p itself.

If you do mind off about anonymity but touched up these CEX's then you would really be needing up to give up that anonymity that you are protecting into.

Mistakes can be prevented with proper practice but we can never prevent a centralized exchanges from controlling us. It's much worse to lose your money because the exchange scams you than you lose it because of a mistake.

This is why decentralized exchanges are still a better choice that the majority must use. It doesn't matter if the exchange is reputable or not, or they will sold your data's or not but once you submit your KYC to them, it automatically kills your privacy. Even a simple sign-up on a centralized exchange will still require our sensitive details such as emails or phone numbers which is not very far from doing a KYC.

If you use a proper DEX like Bisq, then your money is never deposited to a centralized wallet. They never have control over your coins and so there is never any concern about getting your money out safely. This is in stark contrast to any centralized exchange, which takes full and completely ownership of your coins as soon as you deposit, both practically and legally speaking, and can do anything they like with them.

Using Bisq as an example again, there are both mediators and arbitrators who can get involved in the case of any mistakes or disputes. You will find them much more responsive and much more helpful than any centralized exchange's support desk.

QFT.

It is possible to purchase someone else's identity on the dark web for just a few dollars, which includes all the necessary information about that individual. The reason for the low price is due to the abundance of offers and available documents.

One might wonder where these criminals acquire so many documents to sell at such a low cost. The answer lies in the leakage of sites and their respective documents. If these platforms did not require their users to provide documents, then there would be nothing to steal.

Therefore, the KYC actually contributes to fraud, albeit indirectly, and does not provide protection against it.


The list of some known data breaches of companies where users underwent KYC in the past:
As you can see, these are all large and well-known companies that, according to some, can be trusted.

    Uber: In 2016, hackers gained access to the personal information of 57 million Uber riders and drivers, including names, email addresses, and phone numbers. KYC information was not compromised in this breach.

   Equifax: In 2017, hackers gained access to the personal information of 143 million people, including Social Security numbers, birth dates, and addresses. The breach also affected KYC data of some customers, including driver's license numbers.

   Cathay Pacific: In 2018, hackers gained access to the personal information of 9.4 million customers, including passport and identity card numbers. The breach also affected KYC data of some customers.

    Aadhaar: In 2018, an Indian newspaper reported that personal data of more than one billion Indians enrolled in the Aadhaar biometric identity program was compromised, including KYC information such as names, addresses, and bank account details.

    MyHeritage: In 2018, MyHeritage, a genealogy and DNA testing service, suffered a data breach that compromised the email addresses and hashed passwords of 92 million users. The breach also included the KYC data of some users, including names, addresses, and phone numbers.

    Ticketfly: In 2018, the ticket-selling platform Ticketfly suffered a data breach that compromised the personal information of 27 million users, including names, addresses, and phone numbers. The breach also included the KYC data of some users, including driver's license numbers.

    Chegg: In 2018, Chegg, an education technology company, suffered a data breach that compromised the personal information of 40 million users, including names, email addresses, and shipping addresses. The breach also included the KYC data of some users, including Social Security numbers.

    Quest Diagnostics: In 2019, Quest Diagnostics, a clinical laboratory, suffered a data breach that compromised the personal information of 11.9 million patients, including names, dates of birth, and medical information. The breach also included the KYC data of some patients, including financial information and Social Security numbers.

    Truecaller: In 2019, Truecaller, a popular caller identification and spam blocking app, suffered a data breach that compromised the personal information of 47.5 million users, including names, phone numbers, and email addresses. The breach also included the KYC data of some users, including photos of government-issued IDs.

   Telegram: In 2020, a database containing personal information of millions of Telegram users, including KYC data such as passport scans and government-issued IDs, was exposed online. It is unclear how the data was obtained.

    T-Mobile: In 2021, T-Mobile suffered a data breach that compromised the personal information of more than 50 million current, former, and prospective customers, including names, addresses, dates of birth, and Social Security numbers. The breach also included the KYC data of some customers, including driver's license information.

    Cathay United Bank: In 2021, Cathay United Bank, a Taiwanese bank, suffered a data breach that compromised the personal information of more than 1 million customers, including names, addresses, and phone numbers. The breach also included the KYC data of some customers, including government-issued IDs and financial information.


Crypto exchanges

    Bitfloor: In 2012, US-based Bitcoin exchange Bitfloor suffered a data breach in which hackers stole approximately 24,000 Bitcoins, worth more than $250,000 at the time. The hackers used the stolen data to create fake identities and take out loans in the names of several Bitfloor customers.

    Mt. Gox: In 2014, Mt. Gox, a Japan-based cryptocurrency exchange, declared bankruptcy after reporting that hackers had stolen approximately 850,000 bitcoins (worth about $450 million at the time) and other user data.

    Bitstamp: In 2015, European Bitcoin exchange Bitstamp suffered a data breach in which hackers stole the personal information of approximately 18,000 customers. The hackers used the stolen data to create fake identities and commit various forms of fraud, including phishing scams and identity theft.

    Bitfinex: In August 2016, Bitfinex, a popular cryptocurrency exchange, reported that hackers had stolen 120,000 bitcoins (worth about $72 million at the time) and other user data, including names, email addresses, and encrypted passwords.

    Bithumb: In June 2017, South Korean exchange Bithumb suffered a data breach in which hackers stole customer data, including names, email addresses, and phone numbers. The hackers also stole more than $1 million worth of various cryptocurrencies.

   Coincheck: In January 2018, Coincheck, a Japanese cryptocurrency exchange, reported a security breach in which hackers stole over $500 million worth of cryptocurrency, as well as customer data, including names, addresses, and dates of birth.

    Bitflyer: In November 2018, Japanese exchange Bitflyer suffered a data breach in which hackers stole customer data, including names, email addresses, and phone numbers.

   Cryptopia: In January 2019, Cryptopia, a New Zealand-based cryptocurrency exchange, suffered a security breach in which hackers stole cryptocurrency worth millions of dollars, as well as customer data, including email addresses and encrypted passwords

  Binance: In 2019, a hacker stole the KYC information of an unknown number of customers, including photos of passports and government-issued IDs.

  BitMEX: In 2020, crypto derivatives platform BitMEX was sued by US regulators for various charges, including failing to take appropriate measures to protect customer personal data. The lawsuit alleged that BitMEX's lax security measures resulted in hackers being able to access and steal the personal data of thousands of users, which was subsequently used for various crimes, such as phishing and identity theft.

   KuCoin: In September 2020, KuCoin, a Singapore-based cryptocurrency exchange, reported a security breach in which hackers stole over $200 million worth of cryptocurrency, as well as customer data, including email addresses and private keys.

    Celsius Network: In August 2021, crypto lending and borrowing platform Celsius Network suffered a security breach in which hackers stole customer information, including names, email addresses, and phone numbers. No funds were stolen in the breach.

   FTX: In 2022, FTX announced that a hacker had gained unauthorized access to one of their databases and had stolen customer information, including names, email addresses, phone numbers, and physical addresses.


Other
    Ledger: In July 2020, hardware wallet manufacturer Ledger suffered a data breach in which hackers stole customer data, including names, email addresses, and phone numbers. The hackers also published a list of over a million email addresses associated with Ledger products.

    Upbit: In November 2019, South Korean exchange Upbit suffered a security breach in which hackers stole more than $50 million worth of various cryptocurrencies.

    Zaif: In September 2018, Japanese exchange Zaif suffered a hack in which hackers stole more than $60 million worth of various cryptocurrencies.

    ShapeShift: In April 2016, crypto exchange ShapeShift suffered a hack in which hackers stole more than $200,000 worth of various cryptocurrencies.

    GateHub: In June 2019, crypto wallet service GateHub suffered a hack in which hackers stole more than $10 million worth of various cryptocurrencies.

    Bitrue: In June 2019, crypto exchange Bitrue suffered a hack in which hackers stole more than $4 million worth of various cryptocurrencies.

    Livecoin: In December 2020, crypto exchange Livecoin suffered a hack in which hackers took control of the exchange's servers and stole more than $2 million worth of various cryptocurrencies.

    YoBit: In January 2021, Russian exchange YoBit suffered a hack in which hackers stole more than $5 million worth of various cryptocurrencies.

    Liquid: In August 2021, crypto exchange Liquid suffered a hack in which hackers stole more than $94 million worth of various cryptocurrencies.

    Poly Network: In August 2021, decentralized finance (DeFi) platform Poly Network suffered a hack in which hackers stole more than $600 million worth of various cryptocurrencies.

    Cream Finance: In August 2021, DeFi protocol Cream Finance suffered a hack in which hackers stole more than $29 million worth of various cryptocurrencies.


Please note that this is not an exhaustive list, and there may be other data breaches and leaks that have not been made public or widely reported.

I tend to agree with this.

Both of them have a downside whether it's DEX or CEX, if you will entrust your private documents in any exchange make sure about their trust issue.  Many people now are convenient in using CEX because they can able reach out to the team when they have a problem but in DEX, once you have a mistake, it's unrecoverable. 

In a case of anonymity, it's clearly CEX is very dangerous, but I don't see it when it comes to reputable or top exchanges.
It might be an unpopular exchnage has an issue of a data breach not being on top exchange.

well, if you are doing p2p trading to convert your crypto directly to fiat, you will use top exchanges like binance. and binance has kyc requirements. i would rather undergo the binance's kyc requirements rather than trust a third party site where you have no idea if you can ever get your money safely. so in this case, it depends on the person himself about his preferences. sure there are pros and cons in both types of trading platforms, anonymous and with kyc requirements. but you need to weigh the possibility of getting out your funds safely.

Interesting facts you've raised here, it's nothing out of the ordinary but, your presentation is just precise and definitive on the matter. Good thing you have a hang on the issue but, its really no much issue.

Every system has got a downside and this isn't expected to be any much different. Its more of you having to size which is more to you at certain points. Why KYC has been such a troubling thing for most is because, we operate an online platform where the whom we do not know.

That's why it remains an issue of trust before using a platform and the options to KYC is always left with you.

With the birth of decentralized exchanges (DEX) now, it's now very easy to trade without even signing up for some exchanges.
But there are some people who prefer using centralized exchanges and are not comfortable using decentralized exchanges.
About KYC, seems this is becoming normalized for some people, but to be honest, I really find it annoying and am afraid to trust my personal identities for some people, it's invading my private data.

Centralized exchange with mandatory and complete KYC, will be more dangerous. All your data will be owned by them so you no longer have privacy.
There are also exchanges that only apply KYC when making a certain amount of withdrawal so that without KYC it can still be used.
The pros and cons of implementing KYC will always be a concern. Those who are not concerned about privacy will do it, but those who are concerned about their privacy will not do the KYC. using Dex exchange would be better than doing p2p without needing to confirm KYC.

Governments do not like that they do not have information about individuals, the source of their income, how they spend their money, and what is their share of each individual’s income. Therefore, they force the platforms to collect all this information. As for money laundering and others, they are just justifications, albeit logical in narrow limits.

The platforms are also trying to collect information on, commercialize or sell it and some are starting to use non-verification as a tool to get more logins.

So in short, everyone is racing to know the most information about you, and you must be smart to reduce the number of information collected about you.

This is the biggest downside of KYC, having your data leaked and that is beyond of your control and no one know where the data goes but for the security concern, its not that safe.

Some exchanges make KYC as mandatory so many have no choice but to comply though some site are still free from this, but if you want more features from CEX then filling out the KYC is a must.

Regulations were forced by the government on the centralised exchanges depends on where that it origin from and we have our own choice which one we can prefer. As you said KYC has its pros and cons however if you are being a trader you should choose the centralized exchanges since the fees are low there whereas p2p exchanges and decentralized exchanges offers anonymity.

My preferences are less important compared to my requirements. I mean even I prefer to stay away from all KYC things, I am still enforced to clear KYC because my needs are seeming like more important than my preference of protecting my identity. I was trading in bittrex exchange and they suddenly locked my account and when I contacted their support, I was directed to clear KYC. I got no other option except submitting my documents to enable withdrawing my coins.

If I was not into bounty campaigns and if I was not into the need of exchanging altcoins and tokens to BTC then probably I would have stayed complete anonymous by now but after cleared KYC in one exchange then I started get used to it. Still, I use old and reputed exchanges. I am not thinking on future problems as of now.

I have yet to see any convincing evidence that this is the case, and I've definitely looked for it. It is absolutely trivial for a money launderer to buy the identities and documents of hundreds or even thousands of users on the dark web for only a few bucks, and to use their names and information to open fake accounts in order to launder money. KYC does not prevent laundering - all it does is frame innocent users who have had their data stolen. And given that literally every major centralized exchange has had one or more data breaches in the past, if you go around completing KYC, then chances are your documents will be leaked, stolen, or sold eventually.

I am curious as to what you are trying to achieve by using a VPN and disposable email addresses when you are handing over your real name and information anyway.

Bisq, Robosats, AgoraDesk. More here: https://kycnot.me/

Database breaching is that main issue for which many people frown on this KYC verification thing. I mean we trust the exchanges with our data, but who will be blamed when the datas are leaked? Moreover Bitcoin are famous for it’s anonymity feature, and hence many people like to remain anonymous while dealing and interacting with Bitcoins or cryptos. I have also came across with such people, who don’t want to do KYC in any exchanges because, Bitcoins and Cryptos are not yet regulated in their nations. As a die hard Bitcoin lover, I would also prefer no KYC exchange over any centralised exchange.

KYC offers convenience. You're not going to do any trouble in trading and cashing out which is the reason prefer to send thier documents to centralized exchanges. You can hardly find a platform that doesn't ask for KYC when you have to cash out too.

For Anonymity I guess you have the assurance that a wallet is not linked to your name. That is if you know exactly how to do it.

You can use a decentralized exchange like Bisq or hodlhodl. If your country people are on this forum, you can buy from them. If you do not want to use KYC, you can try your luck with instant exchanges like ChangeNow or Changelly, but the risk is that they are still centralized exchanges and if they see your coin as tainted, they will ask for KYC. People nowadays uses centralized exchanges which are trading platforms like Binance, Huobi and the likes, thinking it is easy to buy and sell coins, but they do not know the stress they go through when they were registering up to a fully verified account. For centralized exchanges that are trading platforms, you can try Kucoin or OKX, but they may ask for KYC at anytime too.

Thank you for sharing your thoughts on KYC procedures.

That being said, I'm curious, what methods do you use to buy cryptocurrency? Are there any alternative methods or platforms that you prefer to use?

Despite submitting details for KYC, there is yet the human factor of third party that ask for different levels of verification any time you are accessing such platform and that is against the spirit of cryptocurrency or decentralized operations. I prefer the spirit which blockchain is the technology for freedom and personal responsibility and not third party interference.

KYC is a tool for governments to force centralized exchanges to collect personal identity data of customers. Those data later can be used for many purposes of exchanges and governments.

Tax for benefit of governments, data sales for benefit of centralized exchanges. Who are losers with KYC?

Customers are always losers if they submit their documents to verify their identities in KYC procedure. With big exchanges, their data can be hacked, leaked. With small exchanges especially scam exchanges, they can use KYC card as official reason to get customer data and sell it to get money.

You have to get something clearly about kyc on a centralized exchange, we are only doing it to have full access to the exchange but this doesn't mean your details are secured with them. Let just take it as you said already that "it's to prevent fraud and money laundering" yet they are being hacked those who are involved can't be tracked and trace, now tell me where do you think the hack is from?
Naturally this might comes from their staff or an insider who knows very well about the exchange.

Therefore, I don't like any platform which involves kyc and for trading it would be better of using p2p to trade in order to maintain anonymity and privacy.

As a boss trader in the crypto game, I know that privacy and security are key when you're using exchanges. You feel me? While KYC requirements can keep the feds off your back, I think there are other ways to stay safe and keep your business on the DL.

One way is to use decentralized exchanges where you don't gotta give up all your deets just to trade. But let's be real, there's always a risk when you're doing things off the grid.

Another option is to use exchanges that have a tiered KYC system. That means you can choose how much verification you want to give. You can keep it low-key for small transactions, and then do the full shebang for the big bucks. That way, you can have some privacy while still keeping it secure.

At the end of the day, it's all about what you're comfortable with and how much risk you wanna take. Me? I like the tiered KYC system. And I ain't taking no chances - I use VPNs and anonymous email accounts like a boss. Ain't nobody gonna catch me slipping!

Thank you for your attention to this topic. You are absolutely right.

The state has always sought to control its citizens. Under the guise of combating terrorism and money laundering, the state aims to regulate the financial activities of everyone. However, the state's desire to control its citizens should not come at the expense of people's privacy and security.

Cryptocurrencies like bitcoin have been accused of being a tool for criminals and terrorists to fund their activities. However, this argument is flawed. Criminals have always found ways to launder money, and they do not need cryptocurrencies to do so. In fact, the vast majority of criminal activity is still carried out using traditional banking systems. Additionally, corrupt officials themselves often launder their own money using traditional banking systems, as evidenced by documents published on Wikileaks.

You make me remember this:

Why KYC is extremely dangerous – and useless

Just that traders prefer centralized exchanges, but recommended using the amount you can lose to trade.

Technically, yes. But in the grand scheme of things, KYC does more harm than good. We couldn't count now how much platforms(inside and outside the cryptocurrency space) have been hacked and with their databases breached.

Hey everyone, I wanted to start a discussion around the topic of anonymity and KYC (know your customer) requirements in cryptocurrency exchanges. As we all know, there are exchanges that require extensive KYC verification, while others operate with little to no verification process.

On one hand, KYC can help prevent fraud, money laundering, and other illegal activities. It can also provide a sense of security and transparency for users who want to know who they're trading with and ensure that their funds are safe.

However, KYC can also compromise anonymity and privacy, which are often highly valued by cryptocurrency users. Some argue that the need for KYC goes against the decentralized and borderless nature of cryptocurrencies, and can even put users at risk of data breaches and identity theft.

So, what are your thoughts on exchanges with and without KYC? Do you prefer exchanges with strict KYC requirements, or do you value anonymity and privacy more and prefer to use exchanges with little to no verification process? What are the disadvantages and advantages of each approach? And what measures do you take to ensure your anonymity when exchanging cryptocurrencies?

Let's have an open and respectful discussion around this topic and hear everyone's perspectives. Looking forward to your input!


List of KYC data breaches.