Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: DdmrDdmr on October 17, 2022, 07:45:02 AM

If that is so, these pseudoTXs, that are not uniquely identified (i.e. there is no TX id), can be matched by date and quantity to derive the real TX Id on the pertinent blockchain, thus revealing some of each person's addresses (with what that entails).

At this point I will consider any centralized service and exchange that holds customers private information to be only one step away from sharing all this information with everyone in the world.
If people are still OK using all this services after so much hacks, leaks, liquidations, and other similar stuff, than they shouldn't be surprised if they get scammed in future.
It's even crazier that governments are now pushing harder than ever this digital identity crap and CBDC, and we should just trust them, yeah right.

Quote from: Rikafip on October 17, 2022, 10:00:37 AM

When you think about it, ~10% APY ain't that much at all, well at least not enough for me to risk my bitcoin and give it so a 3rd party. Imho very bad risk/reward ratio.

This is nothing, compared with the risk you are accepting signing up for services like this.
When you add high inflation of fiat currencies this 10% get's even less important for people who invested stable coins.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: The Sceptical Chymist on October 17, 2022, 03:50:50 PM

Quote from: NeuroticFish on October 17, 2022, 05:35:48 AM

On the other hand, I don't even know who is happier for that data - the thieves or the chain analysis companies - and my bet tends to go towards chain analysis.

This is going to sound like I'm a complete ignoramus (arguably true), but what companies are in the chain analysis business and what do they do with the data they collect? You're not talking about law enforcement, are you? That question might be off-topic, but not much.

I don't know them, there must be more than one. One is Chainalysis, the company also running walletexplorer.com and most probably a number of electrum servers too.
I know of Chainalysis since they were boasting at some point to be able to trace Monero (of course, it turned out they could do this in very special cases only, but it was a huge advertising for them).

Law enforcement doesn't work alone, I would not be sure they have all the know-how Chainalysis has.
I expect law enforcement be one of the customers (and maybe IRS another one), but not the only one(s), since they offer paid services to anybody willing to pay. For example this guy was claiming he has paid account. Ah, I'll also add exchanges too (some are overly careful with the source of money). However, they are boasting some of their customers, take a look for yourself.

I don't want to sound like a conspiracy theory guy, but this kind of services real and being pushed by some.

Pmalek

legendary

Activity: 2730

Merit: 7065

Quote from: tranthidung on October 17, 2022, 06:49:23 AM

Why do they have to pick centralized services if they can have decentralized services to choose?

Those are the ones that market themselves better. They are generally easier to use and widely more available than decentralized ones. They have got a much bigger customer base and more liquidity.

Quote from: tranthidung on October 17, 2022, 06:49:23 AM

Why do they have to pick custodial wallets to use if they can have non-custodial wallets to use?

Because it's easier to register an account with a centralized wallet service than to be in full control over your money. No matter how silly and simple it sounds for us who don't think to much of backing up our own seeds and consider it a normal thing, most people have lived their whole life relaying on centralized control and they don't care to have more responsibilities. It's only when they get bit that they will start thinking if there are better ways to handle their crypto. By that time, it can already be too late. It's going to take decades for this to change, if ever.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: The Sceptical Chymist on October 17, 2022, 03:50:50 PM

And yikes, this whole thing has been a complete shit show from the beginning. I wasn't even aware of Celsius until it imploded, and I was definitely surprised to learn that so many people had money invested with them.

Bernie Madoff

Tell people they will earn 5% they won't believe you. Tell them you can get 40% though your secret method they won't ask, they will just throw cash at you. Or you have not read this board: https://bitcointalk.org/index.php?board=207.0 If you think it started with crypto you are several thousand years to late. Greed will blind people to the obvious, and there will always be people to take advantage of that.

-Dave

The Sceptical Chymist

legendary

Activity: 3556

Merit: 7011

Top Crypto Casino

Quote from: Pmalek on October 17, 2022, 06:06:55 AM

It isn't really a leak in the traditional sense of the word.

No, it's not--but as far as I can see it might as well be, because now the data is out there for whoever wants it.

Quote from: NeuroticFish on October 17, 2022, 05:35:48 AM

On the other hand, I don't even know who is happier for that data - the thieves or the chain analysis companies - and my bet tends to go towards chain analysis.

This is going to sound like I'm a complete ignoramus (arguably true), but what companies are in the chain analysis business and what do they do with the data they collect? You're not talking about law enforcement, are you? That question might be off-topic, but not much.

And yikes, this whole thing has been a complete shit show from the beginning. I wasn't even aware of Celsius until it imploded, and I was definitely surprised to learn that so many people had money invested with them.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: NotATether on October 17, 2022, 12:51:44 PM

That would be really ironic because Nexo was trying to buy out Vauld after *their* insolvency.

And before that they offered to buy Celsius but I don't think that they had any intention to buy either of those and instead it was probably just a PR stunt to show how great they are doing so their users don't panic and withdraw money.

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Rikafip on October 17, 2022, 10:00:37 AM

Quote from: NotATether on October 17, 2022, 08:14:05 AM

We have crypto fintechs left and right filing for bankruptcy - Vauld (June bankruptcy), Bitwala (August), and the usual suspects Voager/Celsius/Hodlnaut.

I don't honk the fintech bloodbath is over yet.

There were some rumours recently that Nexo has solvency issues so they might be the next in line to go down. Afaik they offer similar APR to Celsius so that wouldn't be surprise at all.

That would be really ironic because Nexo was trying to buy out Vauld after *their* insolvency.

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: tranthidung on October 17, 2022, 06:49:23 AM

Why do they have to pick centralized services if they can have decentralized services to choose?
Why do they have to pick custodial wallets to use if they can have non-custodial wallets to use?

Because an average investor doesn't really care about any of those things, they prefer false sense of safety. For example, I know a guy (friend of a friend) who is a pro stock trader for many years (he doesn't want to trade crypto, he says its too volatile and stressful for him), before that worked in IT for top company so he is not technologically illiterate yet he didn't want responsibility of holding his own bitcoin and instead invested in it via Grayscale. I tried to explain him how easy is to take care of it by himself but he thinks of it as being too risky (afraid of losing seed, hacks, $5 wrench attacks, what will happen with it if he dies etc).

Quote from: NotATether on October 17, 2022, 08:14:05 AM

By chasing a high yearly APR,'you are effectively selling your privacy (and lets be honest, you would be lucky if you make it through the first year).

When you think about it, ~10% APY ain't that much at all, well at least not enough for me to risk my bitcoin and give it so a 3rd party. Imho very bad risk/reward ratio.

Quote from: NotATether on October 17, 2022, 08:14:05 AM

We have crypto fintechs left and right filing for bankruptcy - Vauld (June bankruptcy), Bitwala (August), and the usual suspects Voager/Celsius/Hodlnaut.

I don't honk the fintech bloodbath is over yet.

There were some rumours recently that Nexo has solvency issues so they might be the next in line to go down. Afaik they offer similar APR to Celsius so that wouldn't be surprise at all.

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: NotATether on October 17, 2022, 08:14:05 AM

By chasing a high yearly APR,'you are effectively selling your privacy

We already have the Why KYC is extremely dangerous – and useless topic, but people are ignoring it.
The higher the displayed APR, the more people tend to forget the minimal caution and jump in head first.

Quote from: NotATether on October 17, 2022, 08:14:05 AM

This underscores the warning not to use CeFi lending services at all.
[~snip~]
I don't honk the fintech bloodbath is over yet.

Although I don't expect this kind of "investors" read much, I'll add a topic that covers this. Recent events should make you withdraw all your coins to your own wallet: Part 2

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

This underscores the warning not to use CeFi lending services at all.

By chasing a high yearly APR,'you are effectively selling your privacy (and lets be honest, you would be lucky if you make it through the first year).

We have crypto fintechs left and right filing for bankruptcy - Vauld (June bankruptcy), Bitwala (August), and the usual suspects Voager/Celsius/Hodlnaut.

I don't think* the fintech bloodbath is over yet.

*autocorrect snafu.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Apparently, some people have made the information residing in the document easier to play around with, transforming it into formats more prone for querying (and/or exploitation). As such, I won’t refer the source where I got the following data from, nor is it expressed in the same exact manner, but the data on the files seems to include the following accounts, distributed by what seems to be the account’s balance in USD:

Code:

Amount nAccounts
< 1 $ 128.967
[1 $ .. 10 $) 81.351
[10 $ .. 100 $) 89.378
[100 $ .. 1.000 $) 122.631
[1.000 $ .. 10.000 $) 110.259
[10.000 $ .. 100.000 $) 60.591
[100.000 $ .. 1.000.000 $) 9.958
>= 1M $ 339

There are apparently over 600K people with accounts that are contained within the document. Of course the above would be a shapshot on a given day. It does not rule out that, let’s say, someone is in the 1K-10K range in the snapshot, but may well have a way larger portfolio.

From what I’ve read, the problem is two fold: not only can a balance be derived (from the snapshot), but there seem to be pseudoTX details too as depicted here:

see: https://twitter.com/hdevalence/status/1578128350958059520

If that is so, these pseudoTXs, that are not uniquely identified (i.e. there is no TX id), can be matched by date and quantity to derive the real TX Id on the pertinent blockchain, thus revealing some of each person's addresses (with what that entails).

tranthidung

legendary

Activity: 2310

Merit: 4085

Farewell o_e_l_e_o

Quote from: PawGo on October 17, 2022, 05:23:08 AM

Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing. As part of its bankruptcy proceedings—in which the company's owners are accused of pulling tens of millions of dollars worth of crypto out of the exchange before revealing its insolvency—the company's attorneys released a document that appears to include the transaction data of half a million of its users from April of this year until it ceased trading in June.

This is insane but it awakens people that they should be more careful when consider whether to use centralized services or not.

Why do they have to pick centralized services if they can have decentralized services to choose?
Why do they have to pick custodial wallets to use if they can have non-custodial wallets to use?

Decentralized services and non-custodial wallets are better for privacy and you don't have to worry about data leak. However, not all decentralized services as they advertise are actually decentralized. I would prefer to use non-custodial wallets as my main priority.

Data leaks can occur in many types even in unbelievable or unexpected ways like Celcius case.

Z-tight

legendary

Activity: 994

Merit: 1089

Wheel of Whales 🐳

Quote from: DaveF on October 17, 2022, 05:46:28 AM

I know we discussed it on another thread here someplace but,

Yes it was discussed in o_e_l_e_o's topic: https://bitcointalksearch.org/topic/--5416383

Quote from: DaveF on October 17, 2022, 05:46:28 AM

Change the facts a bit and it can still happen for a "semi legitimate" reason if the exchange had to go to court for some reason and had to give the information to the court / other side of the lawsuit.

Yes, that was what i myself learnt from that topic, through o_e_l_e_o's reply here: https://bitcointalksearch.org/topic/--5416383
Organizations and companies have to comply to bankruptcy laws when they file for one, and so the public revelation of this data is a legal one by this centralized service, without this data there is no way the court would be able to handle their case, before the reply i posted above i thought it was illegal, but it isn't, and now this is another different risk for users of centralized exchange or service if the one they use goes bankrupt someday and cannot pay creditors.

Pmalek

legendary

Activity: 2730

Merit: 7065

It isn't really a leak in the traditional sense of the word. A leak would mean that someone gained illegitimate access to the data or a serious mistake or misconduct caused it to become available somewhere. But in this situation, you can thank the courts and the US government for making it mandatory to make court documentation public. Celsius is responsible for bankrupting their customers and their company, but the court made the data intentionally available to the whole world.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

I know we discussed it on another thread here someplace but, it come back to the fact that if you are trading or doing anything really, on a centralized exchange or service like this you are always going to run the risk of something like this happening. Change the facts a bit and it can still happen for a "semi legitimate" reason if the exchange had to go to court for some reason and had to give the information to the court / other side of the lawsuit.

Once it's out there you never know what may be made public.

-Dave

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: PawGo on October 17, 2022, 05:23:08 AM

Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing. As part of its bankruptcy proceedings—in which the company's owners are accused of pulling tens of millions of dollars worth of crypto out of the exchange before revealing its insolvency—the company's attorneys released a document that appears to include the transaction data of half a million of its users from April of this year until it ceased trading in June. That database was briefly posted as a 14,500-page PDF to the court records website PACER before being taken down—but not before Gizmodo copied it to the Internet Archive, where it was widely downloaded before being removed there, too.

Incredible "legal" leak. More details: https://www.wired.com/story/celsius-user-data-dump-crypto-tracing-scammers/

The fact Gizmodo copied that file to internet archive only made it be available for free instead of being on sale somewhere else.
It was said very early that the dump is a huge problem, but nobody seemed to care much.

I really hope that somebody will have to pay a hefty fine for this, at very least under EU GDPR laws.
On the other hand, I don't even know who is happier for that data - the thieves or the chain analysis companies - and my bet tends to go towards chain analysis.

Still, a huge mistake that probably dwarfs Ledger's leak.

PawGo

legendary

Activity: 952

Merit: 1386

Celsius, a cryptocurrency exchange facing bankruptcy, leaked an enormous collection of its users' transaction data through an unusual sort of privacy breach: a court filing. As part of its bankruptcy proceedings—in which the company's owners are accused of pulling tens of millions of dollars worth of crypto out of the exchange before revealing its insolvency—the company's attorneys released a document that appears to include the transaction data of half a million of its users from April of this year until it ceased trading in June. That database was briefly posted as a 14,500-page PDF to the court records website PACER before being taken down—but not before Gizmodo copied it to the Internet Archive, where it was widely downloaded before being removed there, too.

Incredible "legal" leak. More details: https://www.wired.com/story/celsius-user-data-dump-crypto-tracing-scammers/

Topic: Celsius Exchange Data Dump Is a Gift to Crypto Sleuths—and Thieves (Read 183 times)