Topic: Be careful with your identity documents and KYC (Read 391 times)

As far as I understand, the situation is more likely stealing from the person who's data is stolen/leak and then bought by that person and then use it to create a P2P account which is already considered as identity theft to be able to buy crypto using the victim's identity and money. I would say that this is more likely a financial theft and identity theft made by that person or a group of people. Well, it's up for others on how they see this situation but that's how I see it and anyway, the important thing is that you share it for other people to be aware of such scheme. After all, it's better to be safe than sorry.

Sometimes, one's boxed into a corner where one will have to provide certain documentations to enable one benefit from features on the sites one is on. For instance, to be able to enjoy the P2P facility on Cexs, one has to provide one's bank details to be able to transact there. So, you see, it's not that those who tender such are that stupid. There are security features allowed for users to strengthen their accounts (2FAs and all that) and most times these security breaches don't come from users but the exchanges when hacks happen on them and users' data base are compromised.

If whether merely submitting personal info that don't include bank details can lead to banks hacks, I don't think so. For those who always say it will, how does that work? If you want to say because names and addresses and phone numbers are given, don't we also have those information with the national identity card centres in our various countries? How come no one has looked into that as a possible way of bank account hacks too?

Yes, but not random people on the street. There is also a big difference between showing your drivers license to a single officer who pulls you over, and scanning it in to electronic send it with unknown security to an unknown third party for unknown storage and unknown distribution.

As you say, banks request to see these documents for proof of ID and to open accounts, loans, credit cards, etc. Given that, then you can clearly see why letting random strangers have access to these documents poses a massive financial risk.

It's pretty awful for an insider to do a dirty job like this. Many exchanges in the past have closed and have KYC data of their users and it is possible that this data can be sold so it is very risky. But some large Exchanges like Binance currently do not rule out the possibility of doing the same thing if they have a lot of user KYC data.
Depositing KYC is the choice of each user, or you can use fake KYC.

I think we have misunderstood ourselves a bit and I need to step in to clear something to make my point better understand by you boss,  what I meant by kyc documents being public document is in the sense that,  most of the documents we present for verifications are all documents that we have are requested and used by their party,  e.g your driver license which is use for kyc verification os a public document because the road safety can ask for it from you or even the police,  including the banks,.
So that point of view is where I am looking at it from that is said,  KYC document at public properties since it for their party usage.

This is really unfortunate on the part of victims. They lose their money without knowing that they have deposited in an exchange and Binance is totally not aware of it. So maybe it’s a lesson that one should be cautious when and where to give his KYC that links to his account. Sometimes, scammers are not just outsiders from an exchange, but some scammers are actually doing inside job. Well that’s even more pathetic.

Exactly, scammers can go any lent they want to try to get access and steal someone else's funds.
This is why keeping your funds in those exchanges is highly risky because they get your data when you pass the KYC verification, coupled with the fact that in the exchange in which you store your cryptos, you don't have the keys,  so you can easily get screwd.

Giving out your identity or passing the KCY process poses a gigantic kind of risk, it means that you have granted someone access to your privacy, and those details could be used to commit various cyber crimes if sold out. These cases are as a result of an insider job,



 

This is simply incorrect. In the US alone, identity theft affects ~40 million individuals each year and costs those individuals upwards of $50 billion:

https://javelinstrategy.com/2022-Identity-fraud-scams-report
https://javelinstrategy.com/research/2023-identity-fraud-study-butterfly-effect

Once someone has your identity, they can take out loans in your name, open credit cards in your name, use your insurance to rack up enormous bills, commit tax fraud in your name, and more.

What? In what country do you live that individuals' personal ID cards and passports are public information that anyone can look up?

Far from it mate,  I think highest the identity theft can do is to create some fake accounts on some social media but having to involve the bank details or control of the bank account of the victim is no longer KYC document linkage,  for such extent of transaction to happen with victims account there most be either an insider or a time the bank account holder may have comprise the log in security of their bank account.
So I don't believe in that assumption that once your KYC documents are comprise your bank accounts are also comprised,  because this are two different things,  let not forget that,  most of the documents we provides during KYC are all public documents like ID,  Passport and signature,  this is all public information that anyone can get access to.

If we want to summarize I would say stay cautious in the crypto world. Protect your personal information, be mindful of KYC requests, and do your due diligence before engaging in any campaigns or airdrops. Let's all work together to create a safer environment for crypto enthusiasts, both new and experienced.

As, Promoting awareness and vigilance within the community is essential to ensure that everyone can enjoy the benefits of the cryptocurrency space while minimizing the risks associated with it.

Well people would everything just for the sake of earning something. Back then, I almost gave away my personal infor when airdrops were still like a hot topic here in the forum and good thing I didn't really do that. What's more alarming from this is that scammers might even do it through dark web and God knows what will happen to the victim once the people found out about not just the banking information but also their personal information.

Reality is people wouldn't stop risking that action until they encountered the consequences involved with it.

Most people don't know the risks when they submit their personal documents to CEX and other crypto platforms as these could be used by bad actors to cause great harm to them. I read this article^[1] by GazetaBitcoin, which reveals an interesting story of the identity theft of a young man whose life was wrecked apart by the scammer. This is one of the many ways KYC can be used against you, some persons are even languishing in jail for crimes they did not commit.

KYC should be avoided at all cost because of the dangers it pose. I do make use of Kucoin when it was a KYC free exchange, but the moment KYC became compulsory I had to stay away. DEX and P2P trading are better and safer.

1. What happens when your identity is stolen - real story || Avoid CEXs!

Is everyone who uses a centralized exchange gullible and greedy? Maybe you can argue such people are gullible, when they believe that the centralized exchange will keep their data safe, or keep their documents secure, or cares even the slightest about what happens to your KYC information. Every centralized exchange out there has leaked KYC data one way or another, whether it was a hack, sharing it with shady third parties, or even just selling it outright.

You always have a choice. You can choose not to trade that shitcoin or choose not to use that service. That's what I do, and I get by just fine.

Once your KYC data has been leaked, it is almost trivial for a scammer to perform a SIM swap attack and take control of your phone number.

I'm still wondering how the scammers used the stolen data to create an account in Binance and set up a P2P trading account because if you want to set up a P2P trading account you will have to add your bank account details and a verification code will be sent to your phone number to prove you are the one setting up the P2P trading account. How do the scammers bypass the Binance P2P verification process

You are right, and I think it will be very difficult for scammers to carry out these type of scams in Binance because of the face verification attached to its KYC proceedure. There are Some other exchanges that doesn’t ask for face verification and they only ask of some national identification cards and bank accounts details which make it easy for scammers to make use of these exchanges and create account with someone else documents on the platform. I think such exchanges should learn from Binance and adopt a face verification system to prevent this kind of scam from happening.

Scammers use Airdrop as a hub for their fraudulent activities; they use it to entice victims and obtain their personal information by offering them a small sum of money. As a result, we should exercise caution while participating in airdrops and when disclosing personal information in order to pass KYC verification and be qualified to receive a small number of tokens. There are now very few legitimate airdrops, and they are no longer worthwhile. Let's refrain from giving personal information to an unrecognised or untrustworthy website.

I am still trying to understand how someone will be giving out his financial account details online to some entity he doesn't know in a chase for airdrops. That's one easy ways to be stupid you know!

For a person to complete a p2p transaction on binance you must have undergone different process of kyc and when you're the buy then it means you still undergo another KYC from your bank before you can transfer your funds. So for a scammer to be able to gain success in all of this process is either the bank is suffering from a weak security which makes it unfit for modern banking. Or the individual must be brainless to have render his bank pin, password, email address, and OTP,  but how's this possible to let out all these information to a stranger when you ain't at a gun pointed to your head?

Although that is true, and we should never compromise our personal documents and data for a few bucks shitty airdrops like the ones you mention grant, sometimes we have little to no choice, for example, if we want to trade a coin which is only listed in one exchange with mandatory KYC or to simply use any of the top, regulated, crypto (and not crypto) services.

We need a solution for this problem. How can we be identified and, at the same time, prevent our data from being leaked? could cryptography help?

OP post should be taken seriously by airdrop hunter, like the new comers they thought putting information on the airdrop give them more chance, to win lots of money they are all.wrong instead their information sometimes passwords were collected and can be sold in the darkweb, sometimes also can be use by scammers in an airdrop, and pretend that the information is them.

Damn, this is sad. I mean imagine you are scamming people online and then you get a case against you from Binance and you never did any transaction nor you have an account which got that money deposited. Binance surely needs to look into this if it's happening a lot. I mean, they need to make the P2P requirements much better and secure for others. And payments should only be allowed from pre-approved payment methods.

Technology is growing at a rapid pace to the point that it becomes a problem for most of the users already. With AI, for sure this will happen even more in the future. Deepfake the pictures, AI, and a bit of knowledge is what the scammers need in order for this to be successful, and can't be detected by Binance.

---

I always watch videos on Youtube regarding Indian Scammers that are being busted by these Youtubers. I find it very entertaining for these scammers to get busted, and who will not be knowing that they're very notorious in scamming people.

This is the reason why people must not give their personal information to the public ever. The problem with most of these investors is that, they're very gullible that when you say to them that they will give at least 20% interest, they will fall for it even though it costs them personal information including bank accounts. What's the solution for this? I guess letting them experience will teach them what to do next in the future. Letting them experience getting scammed will make them realize that "Ohhh I don't want to give my personal information to a random stranger anymore", but TBH, this is a no-brainer already because why in the hell will give your personal information into somebody that you don't know personally.

Overall, this post is all about awareness for those newbies out there who are trying to join into these scam telegram channels. Please don't join, don't give information to strangers, don't be too gullible, and be vigilant.