Topic: What happens when your identity is stolen -- real story || Avoid CEXs! - page 3. (Read 1022 times)

Losing our data to a criminal could possibly the worst scenario of doing KYC but this is about privacy and how our personal data is handled by the platform that we share with. Data is the gold of 21st century so we all should know how to keep our privacy as our highest priority and we should be cautious while sharing anything with other platforms and if the platform shares it with others for their promotions then the risk increases higher.

That was a smart move. I hope that you also stopped using centralized exchanges since then...


This is another reason for which you should never used a centralized exchange: similar to banks, they can always seize your account (abusively or not). You are not the owner of your funds once you deposit the money at the exchange. This is because you are not in possession of your private keys. And the saying "not your keys, not your coins" is very valid and it was also stated in a Court decision, by a judge! As a coincidence, the trial involved again Coinbase's name. The exchange was called into a Court of Law by a client which was not allowed by the exchange to redeem his BTG coins after Bitcoin Gold fork occurred. Judge's final decision clearly states that not your keys, not your coins.

conbase is also a reputable exchange and wallet. I didn't use coinbase exchange much but used coinbase wallet for long time but it restricted my account even though my kyc is complete.  Although it was solved after a month but this one month I really struggled to solve it because I had a large amount of Ethereum there. So since then I have stopped using coinbase services. This is why I mention coinbase very rarely in different place

Yes, even corrupting the database is a valid option for data leakage but we ourselves do not realize how much free data we are releasing, this information could come back to haunt us in the future, even simply thinking about a change of policy and therefore thought in our country.  For example, if we buy Bitcoin today or if we subscribe to propaganda sites, this information could become illegal and we would be persecuted.

I don't know how much your password can help you if hackers break the database of the exchange. Remember that the forum also got hacked in the past and hackers obtained many passwords of users' accounts...
Indeed, a strong password is useful but it's not all you need for not having your identity stolen. For not having your identity stolen no third party should have your data.

---

As I wrote above, you should use only decentralized exchanges, crypto ATMs and peer-to-peer transfers. You can always search on CoinATMRadar for a cash-in / cash-out crypto ATM in your area. These ATMs are (supposed to be) anonymous, although their fees are not small...

---

If you carefully read OP you'll notice that the first thief was caught and convicted. Then another thief used the victim's identity... He was in an endless loophole...


I doubt this would be a good idea... As bittraffic observed, such move would only draw even more suspicion on you...

---

No, there is no way to know for sure that your data was actually deleted...

---

Have you read in OP that Coinbase sold clients' data to third parties? Isn't Coinbase also a reputable exchange? Besides, don't you know that Binance got hacked twice already? Only luck made that Binance clients did not have their personal information stolen as well and hackers were only interested in their deposits...

cex exchange provides very good services in many cases like p2p facilities so many people are more interested in using cex.  But one problem in cex is that kyc is mandatory to trade or withdraw high amount. But in this case, there is a fear of kyc information being stolen.  But I don't think kyc on reputable exchanges like Binance, kucoin etc will have any data theft. But be careful while doing kyc on any new or non popular cex and avoid using smaller cex exchanges. Because in small cex there is a lot of risk of KYC documents being stolen as well as deposited funds

I already have my personal information tied to two exchanges already, back when I newly got into Bitcoin before getting exposed to lectures on privacy and what being careless with your personal information could cause, I had already registered an account in two exchanges and had to complete my KYC so that I could use the p2p service. Although they stated that if I wanted to get my info deleted from their system I should make a request and follow some directives and that way my details would be wiped out from their database.

The exchanges in question are Binance and kucoin. Now my question is; Is they a way to prove that my details has truly been wiped out from their database after completing all the procedures?

This is one hell of a nightmare, wouldn't be surprised if he quit his driving job  with all the humiliation he keeps getting But why didn't he use his lawyers to sue these convicts for identity theft and all trumour suffered because of  their actions..?

Btw if I were him,would have gone with changing identity, the damage is to much

The digital world is a whole different place which needs everyone of us taking extra precautions to protect our data, btw in such scenarios, does the exchange protect itself from being sued for misuse of data or failure to secure this data using its terms and conditions ?? ***Kind of reminds me of Facebook***

from this case it is really very dangerous to do KYC on an exchange, anything can happen beyond our control, very terrible,
but how can we trade if we don't do kyc on the exchange, even though that's the main part of being able to trade and withdraw funds.
hope that in the future all exchanges can be responsible for existing data

I think it's not so much how willing you are to use a cex but rather how strong your password is whenever you sign up for services that use KYC, and obviously how serious the service you're using is.
Breaking a password is not very difficult, simply giving an example a social network like Facebook will ask for a password with certain requirements (min. 8 characters, must contain a capital letter, at least one number and a special character) now think how much it has narrowed the field of research. A hacker can do a brute force attack and a dictionary already with that information and trust me it often takes 1 week to hack.  So the first source of security is yourself.

This is very well said, dkbit98! And I hope that my story will help many users to understand how it really feels to live such drama. I also suggest reading a topic written by 1miau, which is complementary to mine: Why KYC is extremely dangerous – and useless (I believe that Sarah Azhari, quoted below, will be very interested in reading 1miau's topic.)

---

Well, first of all you should inform the ones having your personal information that they do not have your consent anymore for processing your personal information. And according to GDPR, they should agree to delete the information they have about you. However, GDPR is recognized only in Europe, therefore if you will address to a company from the rest of the world, GDPR will be useless. If they won't agree, you will have to sue them.

It mostly depends on who is "they". If "they" are a honest business, they should delete your personal information upon your request. The problem is that you may never know for sure if they did it... Furthermore, in case you gave your personal information for something which has a financial connection, then your data will be deleted in 3-5 years (if they will ever delete it)...


You have to contact a lawyer from your country. I don't know your country laws, nor who you want to sue... But best advice is this: (1) contact the ones having your personal information and let them know that you don't consent to have your data anymore; (2) wait for their answer; (3) if the answer is positive, you can only hope they will actually delete your data; (4) if their answer is negative or if they don't answer at all, then contact a lawyer. You may never know what may happen with your data. And, as you saw in the story from OP, an identity theft is a living hell...

If you wish, you can keep us posted with what progress you made.

financial data usually needs to be kept on file for upto 6 years(countries vary) due to tax related stuff and other AML / bank secrecy act policies
UK - https://www.gov.uk/guidance/money-laundering-regulations-your-responsibilities#record-keeping-requirements

US - https://www.fincen.gov/sites/default/files/shared/bsa_quickrefguide.pdf
and yes expect exchanges to sell your data. much like expect your bank to sell your data
(banks DEFINITELY sell your data to other commercial businesses if you sign up to accounts that give "cash back offers on purchases" (because thats how they get the cash to give back))

however. be more aware if strangers on de-fi ask for KYC as they are more likely to use your information on dark markets

selling data to other legitimate businesses is less risk then handing id to stranger who can use it on dark markets

your story worries me, if I already have KYC, what can I do now?, do they really clean up my database KYC if I did cancel my membership or delete my account?. I also do not know how to sue them, because like my experience in past, where the Facebook case "Cambridge Analytic", give my KYC on a third party to a consultant company. Until now I don't know how to sue (1 BTC) Mark Zuckerberg because I've already KYC (taken a picture and sent my ID Card) before.

here is the thing
(i am not promoting CEX or denying utility of de-fi. i am being frank and rational about identity theft using observations)

the OP's story is not about identity theft related to a CEX..
the OP admits to this in his first sentance..


here is one thing i have seen happen in the past related to de-fi/localbitcoins(services like craigs list of buyers/sellers with a escrow service included)

when doing private bitcoin-fiat swaps with random strangers.  independently of a central market orderbook

some strangers steal from each other by doing chargeback scams

chargeback scams are where you would buy btc with fiat and then call your bank and claim someone falsely used your account to pay some scammer.. .. thus get a refund on your bank transfer and give the btc seller a red flag. resulting in them having their account closed
(many people had their accounts closed and it gave a bad impression with banks about bitcoin traders)

this then caused many bitcoin sellers to start requesting KYC on these de-fi methods of trading to prove the transactor is the bank account holder to use as evidence that there was no false transfer. thus avoid this drama of accusation

then malicious people using the kyc request ' new norm' experience people had to go through.. started requesting KYC and then selling the data to others on the darknet

and then those identities were used for nefarious purposes

yep
this is why many banks disliked bitcoin traders in the years 2013-16 of localbitcoins
this is why when the kyc stuff started up in 2016+
this is why many users stopped using local bitcoins more recently
this is why localbitcoins closed down even more recently

you will find the 2020 new "de-fi" crap will cycle through the same experience as localbitcoins
scamming for value. KYC to protect traders.. then scamming for identity. then people disliking and losing faith in the latest versions of de-fi

Not really, but I can understand why many people are still using centralized exchanges a lot, maybe when they are exchanging larger amount of money and they want to buy/sell lot of Bitcoins.
I am all for P2P trading and decentralized exchanges like Bisq, but let's be realistic and say that we can't expect everyone to use DEX especially if they are companies or financial institutions.
Identity and documents can be stolen anytime if they are sent for any verification, so I would suggest regular people to stay away from CEX like Coinbase, Binance., etc, or at least be aware of the risks and use them sparingly.

The lawyer's suggestion to change his name is the worse idea. Because that would add up again to another suspicion from the police as to why he changed his name.  I think he just has to bring papers every time proving he was cleared of the car and boat theft.

Yep, this could happen to any of us who have submitted all the documents to ICO projects or CEX. Very alarming that if it happens to you in one country, it could also happen to any country you will visit.

Indeed, not all decentralized exchanges have liquidity. However, you can always search on CoinATMRadar for a cash-in / cash-out crypto ATM in your area. These ATMs are (supposed to be) anonymous, although their fees are not small... As an alternative, you can also try peer-to-peer transfers.


Indeed, the subject of OP did not have any connection with crypto. However, as I wrote also inside OP, this is not the point. The main subject is to understand what you may live once your identity is stolen. Then I explained that such thing may happen if you use centralized exchanges.

---

Indeed...


No, this information was not published...


Indeed, my dear 1miau. This is why we have to do everything we can to ensure that our personal information remains personal.


Really? I would not expect something like that from a country like Germany... Wow!


Hehe, good to know!

The biggest crypto heist in the bitcoin history...

1. Mt.Gox
2. Linode
3. BitFloor
4. Bitfinex
5. Bitgrail
6. Coincheck
7. Kucoin
8. PancakeBunny
9. Poly Network
10. Cream Finance
11. BadgerDAO
12. Bitmart
13. Wormhole
14. Ronin Network
15. Beanstalk
16. Harmony Bridge
17. FTX

All these exchanges have been hacked at various times and have robbed people of billions of dollars. Not only billions of dollars have been stolen but also the information of various customers has been stolen. To all of you, always be careful when using centralized or decentralized exchanges. Your personal information can be stolen at any time.

Full details here: https://cointelegraph.com/explained/the-biggest-crypto-heists-of-all-time

I limit using CEX to insure my assets. I would like to ask everyone here who doesn't have a bank account, who doesn't have a citizen ID?...and many services in daily life we have to use citizen ID. If we all did it, it means our identity was exposed or sold before we used the centralized exchange. Don't blame CEX when our identity is sold, but many other cases. Apart from bitcoin, everything in this world is centralized, and we are using them every day, from our place of residence, school, and work... they all hold our identity. Our identities have long since ceased to be private.

Wooowww, really sounds scary as shit.  

Is it known where his data and which data was stolen?

I can believe once such data is gathered in DarkNet spaces and combined from other hacks / leaks, it might get pretty dangerous for people which data got leaked. KYC on centralized exchanges is very risky and we should avoid it.
But not limited to KYC, look at how many people were affected from Ledger's hack and received scary letters in their (physical) mailbox at home. And Ledger downplayed these hacks...


Most often, it's about to save costs. Shady, insecure and often fraudulent verification processes are offered. Computer science experts have warned about it multiple times but nobody listens...
In Germany, many banks are even deliberately ignoring BaFin (German SEC) standards and are getting away with it...

And, as you've said, some centralized exchanged are deliberately selling data to make more profits. Such exchanges engaging in such criminal busines, endangering customers, should face massive legal consequences.



Anyways, Mannheim has a veery nice park. 

---

+1