Topic: Centralized and kyc platforms can pose risks in the future (Read 518 times)

Also to this effect for those promoting bounties, you need to be careful about how you provide kyc information about yourself. It is not compulsory to promote bounty that will require kyc (Know Your Customer). Many times the information and photograph you provide can be used for illicit dealings that you don't know about and in the future, you may have issues with your government when document is required to be presented but because your data information has already been used for scam or bad involvement, you may be denied certain things or benefit.

There are no crypto platforms or exchanges anywhere I would trust with my KYC details. The small exchanges are obvious - their security is lax, and they often disappear or outright scam, taking your KYC data with them. But even the big exchanges cannot be trusted. Pretty much all of them use third parties to collect, process, and store, your KYC data, and you have no idea what security these third parties do or do not have, how securely your data is transferred, how securely it is stored, who can access it, and so forth. You also don't know how they share you information.

For example, Coinbase transfer your data to a number of companies, such as Jumio and Sift, as laid out here: https://www.coinbase.com/legal/privacy. Let's see how they handle your data:



As soon as you hand over your data to Coinbase, it is transferred to a third party, who transfers it to more third parties around the world in a bunch of countries with who knows what data protection laws. It could end up in the hands of literally anyone on the planet, and often does. Every major exchange is the same. How anyone is OK with this I will never understand.

Maybe the main concern here was the legitimateness of a platform, asking for a KYC or being centralized was a big responsibility since they have big information of their users that could easily be used in other agendas.

There are a lot of people who hate centralization and definitely not willing to do KYC in a platform just for their services or maybe willing to chance the platform if it is asking for a KYC.

It could easily be used in a crime but I guess you could still do it if there are platforms that you ready trust its security, there are a lot of exchanges that get hacked even some big exchanges has a history of hacks so it's really a big risk giving your data to centralized platforms.

There is, and it is to use decentralized exchanges.

Sure, they are not as fast to complete a trade (although they can be faster to actually get bitcoin or fiat in your hands once you consider the time it takes to actually deposit or withdraw fiat from a centralized exchange), and they user interface might not be as slick and shiny, but those are a small price to pay for not having to complete KYC, allow some complete strangers to monitor your financial activities and hand that information over to your government, and not risk your identity being sold or stolen in the future. Not to mention that you get to keep control of your coins during the trade and do not have to deposit them to a wallet controlled by someone else.

If you are keen to avoid KYC as you should be, then I would recommend taking a look at Bisq, Hodl Hodl, and LocalCryptos.

Knowing this why do we have to risk our information being sold on the black market. If the excbange is credible and do not sell, exchanges could also be hacked by cyber criminals. During the hack the database of all the customers are in the hackers possession. There is no way out of this mouse hole

KYC is like a 2 edged sword. I still doubt the function of kyc as a crime prevention. There are so many exchanges that still provide leeway for the minimum amount of top ups and withdrawals, meaning that there is a criminal loophole there. Actually, they are not fighting crime as you think, they're just obeying the law. On the other hand, they can become criminals themselves for kyc reasons, seizing your money arbitrarily or selling your identity to other criminals.

I'm scared of identity theft so I keep my details and lifestyle away from social media. Now in order to buy Bitcoin from most exchanges I am subjected to provide my id card and documents for kyc. I really do not understand the whole point of kyc...is it actually fighting crime or enabling it?

You have full control of your hardware wallet, if the coins stored on it are lost, you can get another hardware wallet to recovery your coins. This is the reason if you have your seed phrase and passphrase, your coins are not lost because the seed phrase and passphrase will generate you your keys needed to access your coins.

You can also use online BIP39 wallets because recommended hardware wallets are BIP39, you can import the seed phrase from lost hardware wallet on such online wallets but it is not safe like recovering it on offline wallets.

Well, that's just not true at all. Every large exchange uses third parties to process and store your KYC data. Your data is transferred to these companies (sometimes several different ones) and you have no idea how securely it is transferred, how securely it is stored, or who has access to it. KYC data is frequently stolen without any sign of an inside job, even to the largest exchanges such as Binance, who were hacked for thousands of their users' information. And yes, a lot of exchanges or their associated third party processors have been caught selling data too.

Irrelevant. Knowing the people behind the site does not make your data any safer.

Its looks like I know this custodial wallet and the exchange platform as well.  It's really hard to trust someone on the internet with our personal information but AFAIK, all KYC information that collected on a centralized exchange or a custodial wallet, they are on a separate database that highly encrypted and no one can steal on it unless if there's an inside job or the owner itself will sell that information of our personal data that has been collected.

We should be wise on trusting any websites that ask KYC.  It should have transparency of their team and as possible there's no hiding on a website owner.
Though it feels risky in the future, we don't have anything to do is to abide by the law and a part of the law is to have KYC and since a website license under the law of the government, they also required a KYC.  Searching for legit websites for the KYC thing will less risky in the future.

Although this thread is about the dangers of centralized exchanges, the OP also mentions hardware wallet, so your question remains partially on-topic.

The coins are never on your hardware wallet. Only the private keys which allow you to spend your coins are stored on the wallet. When you set up your wallet, you will be presented with a 12/24-words seed. Everything is derived from that master seed. Make several copies of your seed on paper and store them somewhere safely.

If your hardware wallet breaks and stops working, you can simply get another one of the same type or a different one as long as it's compatible with BIP39 seeds. So, if you use Ledger, get another Ledger or Trezor wallet (those are the most popular ones), import your seed, and you will have access to your coins again. You can also import your seed in a software wallet, but doing that, you lose the security that hardware wallets provide.

i believe hardware wallets are a safe way of storing cryptocurrencies from the articles i have read about it, the question i have is what happens if this hardware wallet is stolen or is destroyed, does that mean that the cryptocurrencies on it are lost forever? or is there a way to recover them in the case that the hardware wallet is lost, damaged or stolen?

The fact that one of the KYC platforms exposes user information is already there, so the security of user information is extremely important, now when IDO projects explode, a lot of KYC projects have been mentioned. as alf a mandatory process to join IDO, so the security of user information is very important.

I'm not sure you've grasped how a truly decentralized exchange works. It doesn't matter if the government sets rules for exchanges to abide by, or banks place limits on the fiat accounts of exchanges. By definition, an exchange which is actually decentralized does not hold any of your money - be it fiat, bitcoin, or altcoins - at any time. There are no bank accounts which must abide by certain rules, and there is no central company or corporation which can be regulated against or strong-armed by the government. The best decentralized exchange, Bisq, doesn't even run from a website. Much like with bitcoin itself, users download the open source software, run it locally, and connect directly to other users over Tor. A government can't force rules or regulations on it any more than they can against bitcoin itself.

This censorship resistance is one of the main benefits of using a decentralized exchange, along with improved security and improved privacy over centralized exchanges.

It may work for a while or for other countries but once the government set a rules to abide there's no way a decentralized exchanges would exist especially if it's under the central bank jurisdiction. And yes, I agree that centralized exchanges are all at risk once it's compromised because your personal information could be used for identity thief or any other means that they could use to take advantage that's why using a custodial wallet is still risky even if it promise you to take care of your personal info.

Delete

That is just it, there are differences between privacy and security, using exchanges to buy cryptocurrencies can make someone not to have privacy, but there are still security measures that can help to secure the coin safely on noncustodial wallet, any cryptocurrency that is not active for trading on exchanges should be moved to noncustodial wallet like hardware wallet for safety of the coin, leaving it on exchanges makes it not safe unlike having the mnemonic. What is most worst thing about custodial wallet is that users do not have complete control over the coins, the control can be overridden by the wallet company, if it is not your key, it is not your coin on blockchain nakamura12.

Many cryptocurrency traders go for centralized exchanges over decentralized ones. I can't blame them because I use centralized exchanges from time to time as well. But there is no reason to use a custodial wallet with your bitcoin when there are so many good non-custodial options available. No one who used any of the hacked exchanges in the past had any problems with them either until something bad happened. Keep that in mind. Things worked great until one day they didn't. It's better to keep the risks of losing coins as low as possible.  

In ny country, I used a centralized exchange and also a wallet where you know that I don't have the private key or mnemonic phrase for the wallet but so far I don't have issues using it. Still, I am very careful not to transfer huge amount of money (in fiat money) as It may be risky (more like money laundering) but in real life or in any platform is that I don't launder money, not ever. I even completed the KYC so that I can use cryptocurrency they accepted which is BTC, BCH, ETH and XRP.

I have traded peer to peer for years and never once have had any problems with scammers or having my bank account blocked or investigated. It is very easy to avoid scammers by simply trading with reputable users with thousands of trades and near universal positive feedback. If you are still concerned about accepting fiat electronically, then arrange to trade in cash. And if you are concerned about counterfeit cash, arrange to trade at either an ATM for smaller amounts so the bitcoin buyer can withdraw the cash there and then, or at a bank for larger amounts where the cash can be withdrawn immediately prior to the trade or deposited immediately after to ensure it is not fake.

A Trezor device in the hands of a knowledgeable attacker can have the seed phrase extracted and unencrypted and therefore all your coins stolen. You need to use an additional complex passphrase or the SD card encryption (with the SD card not in the hands of the attacker) to mitigate this.

Coins are never stored on a hardware wallet, but the private keys on the hardware wallet can be restored via the seed phrase.

There is very little evidence that KYC aids in tracking down criminals. Criminals in general aren't stupid enough to cash out stolen bitcoin via an account which has all their personal information linked to it.

You don't need to trust bitcoin, and bitcoin doesn't need to be trusted. That's the whole point.

Go and read the small print of any major exchange and you will find that they are regularly selling and sharing your data with a huge variety of third parties. Some exchange, such as Coinbase, have even admitted in interviews that they do this - https://youtu.be/ZCD_yDHenis?t=119

Pretty much every exchange sends your KYC data to a variety of third parties to be processed, verified, and stored, and you have absolutely no idea how good or bad their security is. That's why even the biggest exchanges like Binance have had their KYC databases hacked and leaked.

It is not advisable I guess to do KYC since cryptocurrency is not regulated or something, everything could always mess up in the future and the worst thing is we lost everything because of it.

But most of the exchanges are centralized and probably would require you to do a KYC in the long run, there are always since that if you do the KYC because there are a lot of scams everywhere, your data probably could be used in illegal transactions, exchanges could be selling our information I mean we never know but it's possible. Our data could leak if there is some hacking happened also.

I guess you could lessen that if you did a KYC in a top exchange or website since they might have the best security in their website compared to others. And since they are big already it lessens the chance of getting scams in fake or phishing exchanges online because that could always be a possibility most of the time.

Jumping from burglars to KYC is quite a wide topic for discussion. Maybe more knowledgeable thieves would take any USB looking device with them, I'm not totally familiar but does the Trezor require a further password to access - otherwise it is useless? Can Bitcoins stored on a Trezor be restored without access to the original device? If you think of exchanges like a bank versus storing some money in your home - it makes sense that bank security will be much greater, so should be used to store large amounts, should the same be true of Bitcoin? More KYC can actually be useful for people who are interested in the long term future of Bitcoin, because knowing your customers is the only way to track down criminals who like to move around in the shadows. Anyone who transacts with Bitcoin in most developed countries should not be required to announce their current ownership but it would be sensible to exchanges to monitor future transactions for fraud. The cleaner bitcoin is presented, the more it will be trusted by the average person.

Exactly. One of the biggest advantages of peer to peer trading is that you can protect your privacy, don't have to risk disaster by giving away your personal documents and information, don't have a centralized exchange spying on you, etc. So why do people give up all these advantages by completing KYC anyway? Why not use an actually private platform such as Bisq or LocalCryptos?

I'm sure it is, but if everyone who used Binance P2P swapped to a decentralized peer to peer exchange, then you would all have the same volume but with none of the privacy invasion, none of the risk to your information, and none of the risk to your custodial coins.

You mean standard exchange? Your not allowed to use p2p if not undergone the KYC I guess. Also, if I used the standard, how could I put it on bank with such ease since there is no fiat trading directly of my currency there? Needed to find someone first to right? To do peer to peer. What I after is the convenience, I'm sure many will agree binance p2p is great for those who uses it.

So Ive still need to interact with those via peer to peer. In short no, place to do what Binance offer, that still saves the privacy. Anyway we have our own choice here. If I gonna make a poll how many uses Binance p2p here.

I'm sure 90% here favors for that. (just estimation)

In your country, is it easier to receive a bank transfer from another person peer to peer than it is to process a bank transfer withdrawal from Binance's standard exchange?

That's kind of my point. Peer to peer has some obvious down sides, the main one being speed, but some people (myself included) accept these down sides for the considerable upsides of better security and better privacy than using a centralized exchange. If you are going to give up your security and privacy anyway by using a centralized platform such as Binance, then peer to peer brings very little benefit, so why not just use Binance's standard exchange?

It's not really the case of a DEX supporting bank transfers, but rather the individual traders on that DEX. I predominantly use Bisq.

Many people keeps talking about the risks involved with KYC but it's the only way to swap your crypto to Fiat, it's not as if Fiat is eradicated already and all store and markets in the world are using crypto as means of exchanges, you can't do with Fiat when it comes to daily needs and life responsibility
[/quote]

If the hacker got our info, then there could be the possibility of this going to happen. When they have the intention of getting some money from the easy target, they could do it, especially if you live in a vulnerable spot. I could be a target.

Although I really don't have a lot of coins, it's more alarming because if they can't get the coins they expect from me, they might sodomize my ass.

Binance is a centralized exchange, its p2p is just another product or feature. For convenience isnt bad for us cause example in our country you can easily get the payment to your bank account and or remmitance supported in our country. Let say, I will only use peer to peer, its possible but it's gonna be hassle when no one can transact to you at the time you needed it.

Perhaps you have plenty of time to do actual peer to peer. Is there a dex that supported an easy money to my bank account? If you can give me I'll use it instead.

Lots of user here belongs to our country are probably all using that. I'm sure of it more than 90% and above.

I don't understand what appeals to people about Binance P2P at all. It is all the worst bits of peer to peer trading, in that it isn't as fast as a centralized exchange, combined with all the worst bits of a centralized exchange, in that you have to complete KYC, give up custody of your coins, give up your security, and give up your privacy. If you are happy sacrificing all that, then why not just use a centralized exchange?

Nobody should be relying on that as protection for their coins. Your accounts should be secured with long, random, and unique passwords, and should all have 2FA enabled, preferably from a hardware key but at a minimum from a 2FA app on a separate device and never from email or SMS. Even better, none of your coins should be stored long term on an exchange, service, or web wallet, but rather withdrawn to your own wallet for safe keeping.

So you can see at times that the solution can also pose some sort of a problem! Where the freewill to transact as you wish could be harmful in the sense that, should a scammer or hacker with the know how get your privacy details and with the fact that, there is no daily limitation to how much that can be transfered within the day, with one swipe, one can be left with nothing. Too bad but, its actually one of the distinguishing factor between traditional banking system and the cryptocurrency blockchain system.

On the internet, no where could be entirely safe. The know how might not have been discovered yet but in time, it will. Thats why there is a need for regular checks by platform prgrammers, updates on prevailing circumstances and for us to be mindful of what details we put out on the web.

Yes but I am looking for it. There is a local user on our boards posted his experience with it. His bank account got locked cause he got a transaction with someone who has involved on malicious activity so he got investigated too. That's what I remember, I just forget this user name and the thread in particular.

Yeah that's what I do or at least limiting my transaction to those who are verified and somehow trusted by most. I wanted to try peer to peer but of course Binance p2p is way convenient if you are in need of cash.

Any data to back up that statement? Or is that just a guess? Just because someone cares about their privacy does not mean they are doing anything illegal.

I have traded exclusively peer to peer for years and have never once been investigated or had any problems whatsoever. If this is a concern of yours, then either only trade with people who have lots of positive feedback, or only trade in cash or similar and avoid direct bank transfers.

Still, you'll face much worse than a locked bank account (such as a criminal record and being liable for tens of thousands of dollars of credit and loans you didn't take out) when your KYC data is leaked, hacked, or sold and your identity is stolen.

This is a challenge that most people are not up to, some because they simply do not know that there are alternatives (DEX - Decentralized crypto exchanges or P2P markets), and others for whom privacy and protection of personal data is not a priority in life. In addition, people generally equate crypto exchanges with banks, and therefore think that there are insurance mechanisms in what they consider crypto banks. Living in the belief “my crypto and my data are safe” is certainly very enjoyable until something bad happens.

The real problem is that most of those who collect user data (not just related to crypto) have an almost amateurish attitude to the security of that data - and that just shows that they don't care too much about their customers. All of these companies should be forced to raise security measures to the maximum in order to prevent data leaks - and the only way for them to take this seriously is extremely high fines in the event that such things happen to them.

This is kinda worse. But what is realistic happening is the money on p2p exchange used has been involved in money laundering. Now you are the one receiving the money and of course you'll end up being investigated and possible locked of your bank account if the money paid or used was proven came from scam or malicious activity.

I've witnessed this before happening on some of our local users.

No, it isn't. There are plenty of platforms designed to enable decentralized peer to peer trading, which allow you to sell your bitcoin or other crypto for a fiat of your choosing using a method of your choosing (cash, bank transfer, money order, PayPal, Perfect Money, Zelle, AdvCash, etc.) Bisq, LocalCryptos, and Hodl Hodl are the most popular such platforms. You can also find people on this forum who are willing to trade, or at local bitcoin meet ups or events.

Sure, it is difficult (but not impossible) to live on crypto, but you can spend it in a lot of places if you just go looking for them. The easiest method is to use a gift card site (list here: https://bitcointalksearch.org/topic/list-gift-cards-providers-5208530) to buy gift cards for your chosen retailer. That way, you can shop at Amazon, Ebay, Walmart, CVS, and other big retailers, all without having to complete KYC.

It would be hard as well to find social circles or community that trade cryptos. I tried to find one in Facebook and most of the Facebook Groups I joined were mostly just promoting ponzis that aren't even crypto-related, just like a dead group page.
Only thing I could think to personally buy and sell coins especially Bitcoin without KYC is through ATMs though some still require government issued IDs and it could be quite rare to find one especially in the 3rd world countries.

Many people keeps talking about the risks involved with KYC but it's the only way to swap your crypto to Fiat, it's not as if Fiat is eradicated already and all store and markets in the world are using crypto as means of exchanges, you can't do with Fiat when it comes to daily needs and life responsibility

How will you receive your package then? I don't think this is a good idea. Maybe you want to say that users should use an address or po box dedicated for delivery instead? As far as I can remember this is one of the solutions that was discussed when the Ledger leak happen.

Anything that is currently on the internet can pose risks in the future. Any account you have today might be compromised tomorrow. Therefore, it is a very good practice to use separate false personal information and passwords for every account you own. This way, your accounts cannot be linked together by name or passwords in case one of these are leaked, nor can your personal identity be linked to those.

Use temporary emails as often as possible for accounts you only need temporarily. Perhaps you could use a different e-mail for every domain you have activity in. Need to create a Binance account? Create a new e-mail for it, separate from your personal one. The less information there is online about you, the better. Once KYC is completed, nobody can ensure you that your information will ever disappear of the web. It's a web - information gets caught in it and it's quite hard to take it off.

Meet in the middle of the day somewhere very public and maybe with good CCTV coverage, such as a large shopping mall or travel hub such as an airport. Only trade with people with lots of positive feedback, or trade with the same person over time to build up trust. Bring a friend with you, and bring your own means of self defense if legal in your country. Leave extra cash, BTC, and valuables at home - only bring with you what you are going to trade.

Anyone on the street could be a thief waiting to mug you a gun point. You can trade cash in person very safely if you take some basic precuations.

Yes. Binance have previously been hacked for KYC information. If you were one of the unlucky ones, then not only has your real name and address been linked to the fact you own a verified Binance account and therefore you own crypto and are a prime target for muggers, but also your personal documents are probably now being sold on the dark web and you could end up with your identity being stolen.

KYC is always a risk.

Where I'm from people look at me like am crazy when I talk about crypto, they don't even believe one can make any good amount of money out of it, till date most people believe it's Ponzi scheme like MMM and others so people here don't care, if you talk about voodooizm and rituals then you are on point since they believe this is the only way to be a billionaire nowadays, different stores for different countries mate

Ok, I have been using binance right from the start when it comes to Fiat withdrawal and KYC verification is been verified, are you saying criminals can track my address all the way from binance down to Africa? They will never get here successfully 🤣🤣🤣, their plane will crash before they reach their destination lol, that's just a joke thanks for sharing the warning, the best we can do is get used to P2P strategy and that's what I'm using on binance exchange right now and also stay low-key cos we don't know who is watching

We can't totally avoid centralized exchanges especially if someone trades a lot or has a huge volume of crypto or funds to trade. With most decentralized noncustodial services, it's hard to come a cross an exchange of that caliber with high liquidity or trader with huge volume of assets, so people are eventually forced to use centralized services that have the volumes.

Sometimes even p2p exchanges can prove challenging security wise especially if offers involve meeting your trading partner to exchange the BTC for cash in hand. The person you are meeting could be malicious and just posing as a trader yet he's a thief/robber you could tell you to transfer your BTC at Gun point.

Also during transfers involving bank accounts and Electronic payment, you will still have to share some of your information with the other third party such as account number, email, name the account is registered to and some times even the location.

I agree, being secure and private as a cryptocurrency user is very important. A lot of people assume anyone who they know is involved in crypto is earning a lot, especially when different markets start pumping and this can make those people targets

In addition to the points you made;
• Do not reveal you are into crypto, except if absolutely necessary, and never reveal how much you hold
• If you own a hardware wallet, use an extended passphrase to create an alternate address that can be used for plausible deniability should you find yourself in trouble.

I believe this is not only happening in my country but in all other countries, we need to be very careful before we will become criminal's targets. There are many ways criminals are thinking about ways they want to steal from us, physical harm can still involved. There was a case I read recently about someone saying he had trezor with him in his home when theives came but did not touch the trezor after stealing other valuable things.

Some thieves are unable to make use of people's Bank ATM cards because they are afraid of the account they will send the money to not to be traced, that is why some will have to go to ATM with the cards to withdraw some money, but there are daily limit that someone can withdraw, this can safe the victim not to lose money much.

But we are in the time of cryptocurrencies, no daily limit, we can withdraw as possible as we can as all can be withdrawn. We need to be careful with the information we are having online, be careful of exchanges that are custodial, even we must be careful of the so called information require while buying hardware wallets, find ways not to give right information that can make criminals trace your home or work place.

This is still the time most offline thieves know nothing about hardware wallet, that is why the trezor was not stolen, even the thieves can require for the pin and other necessary information needed to be able to transfer all coins on the hardware wallet. We are still lucky today to have those offline bad actors not to physically attack someone, but the day may come.

The advice is that we should try all possible ways to avoid custodial services, they are the threat that may favor thieves tomorrow. To use cryptocurrencies properly, go 100% noncustodial, also do not fill in right information while buying hardware wallets.