Topic: What happens when your identity is stolen -- real story || Avoid CEXs! (Read 954 times)

The case showed us that not only their Identity but their biometrics can be stolen as well. It was a fingerprint in that case. We do not value our privacy and do not think twice before doing these things. The thing is, we can grab the SIM seller because they have a local store. But, it's not possible to do anything with the CEX because we don't even know from where it was stolen! Most of us use multiple CEX these days!

I have read another story of a Bangladeshi scammer who uses Mobile banking accounts to scam people online. When Police investigated the cases, they found that the mobile banking account was registered with an old woman identity who could not even write or read. This means, that her identity was stolen and those scammers are using her identity to scam people. The woman wasn't in much trouble because it's understandable that her identity was stolen. But what if the same thing happens to me? They will initially arrest me and it will take ages to prove that I am not the scammer and my identity was stolen.

Wow, at this point, when your personal info is available on the dark web for sale, then it's really hard for you to live your normal life. I would be living in paranoia if such an incident happened to me.

Even after taking the advice of the lawyer to change the name, there's no guarantee that he will not be called for checks by police for every crime committed by the person who bought his ID.

This is why I'm wary in signing up for different online services that require KYC. Be it CEXs, online shopping apps--you name it, I just try to avoid using them as much as possible when there are alternatives that works the same. You'll never know how much info they're keeping and selling to other parties, especially if it's stated within their ToS that they can sell what they receive once you click 'Agree' on their ToS.

Here in the Philippines, a popular mobile wallet called Gcash is often the target of these guys. Idk how were they able to get our personal numbers but they're actively sending phishing SMS sometimes with our full names for us to believe that the message is legitimate. One theory is that after the mandatory sim registration, someone gained access to the database and are constantly trying to phish for more info to be later used on other crimes.

This one is more extreme though, as they were able to get fingerprints and other such personal information that are only obtainable through legitimate means. Bad actors are increasingly getting smarter and devious by the day.

Thank you for this Learn Bitcoin! So yes, this story is similar to OP, which describes an event which happened without using a CEx. Such examples should show everybody how thin is the line between having an identity and losing it afterwards. It may happen because people make accidents but also without their will... But using a CEx is, for sure, a way of offering your identity willingly to a third party so such unfortunate events can happen even more often.

A friendly bump!

I was watching YouTube videos last night and saw an old video where they showed how a Bangladeshi guy was caught with an illegal VoIP calling system and over 3500 SIM cards. Usually, A Bangladeshi citizen can have a maximum of 15 SIM cards with his national identity and biometrics. Now, the question is, how the hell did this guy manage to buy 3500 SIM cards?

If you are guessing that their identity was stolen, then yes. You are right! But their identity wasn't stolen from CEX, but from local SIM selling points. Some of the SIM sellers were collecting finger prints in silicon rubber and identifying information by taking a picture from phones. This could be another example of why you should be careful with your identity. Here is the video; https://www.youtube.com/watch?v=HVrg9HInRJw

If you are a day trader, you really don't have too many options, I understand that. You are also someone who has participated in this market for a long time, and you know everything that has been going on, but I still sincerely advise you. You should limit your use of CEX and don't put too much trust in them, don't put all your bitcoins in them. The risk of CEX is not only that our privacy and identity are exposed, but there is also a risk like the collapse of FTX that you also know. Our safety is as important as our making a profit.

Good campaign Gazeta but this really does not validate the case. In fact, it hurts the validity of the whole story.

If the man's identity was mishandled by a centralized exchange, then this story would serve as strong precedent. However, this man could have easily had been a wrong doer himself, and at some point sold his identity or put it in the wrong hands by his own means.

I understand the point that "This could happen to you if you give your identity to CEXs" however it's not "This is what happened after someone gave their identity to a CEX"

I for one am against CEXs for the reasons stated in the OP, as I agree, it's completely possible....but sharing this story and using an unrelated story to validate the point? Not sure if that's good authorship.

That's just my 2 cents though.

But for some limitation still not much people are using DEX, where DEX is more safe in comparing CEX. As you mentioned, there are no way to P2P option in DEX. In my end, i can't stop to using CEX because crypto is not legal in my country, so it's very risk to sell crypto in physically.

DEXs do not require KYC (or, at least, most of them).

P2P in CEX and DEX exchanges requires KYC. From this KYC data may be leaked or traded. However, in my opinion, the data leak could also come from other methods, or not from CEX or DEX exchanges but from other applications that involve personal data. Phishing regarding this identity has existed since before the CEX exchange existed. Like carding activities, isn't this also an illegal activity that also involves buying and selling personal data on the black market?

Although I don't use DEX often because it still has many shortcomings as I mentioned, I have to agree with what you said. All DEXs have a p2p feature and it is truly p2p trading following the concept that bitcoin created. P2P on centralized exchanges is not P2P because of the intervention of intermediaries.

But as I said, for those who don't care about privacy, CEX is a better choice than DEX because it offers more useful services and features, especially for day traders.


Thanks for the reminder but I know what I'm doing with my money. Trading is really risky and many people have lost money from it but just because many people lost does not mean all or the rest did too. I have been trading forex for many years and now I am also making profits from cryptocurrency trading. Why should I stop? Just because many people have lost money with it?
If you are just a long-term investor, only buying bitcoin and holding it, you should stay away from CEX because of the risks it brings not only in terms of privacy but also the risk of us losing assets like FTX did. But like I said, I'm a trader, I know what I'm doing with my money and I'm willing to take the risk if that happens.

That's a massive ordeal if I ever read one. Imagine getting your whole identity stolen, the cops knowing that it was stolen in the first place, and then getting into the same altercation once again cause the cops failed to understand that your information was compromised from the get-go. In times like these they should put people whose information got stolen into some sort of filing group that doesn't kick them out of the suspect lists, but at least sets the expectations for the investigators that these people got their information compromised in the past, and they may have to employ a different style of apprehension or receiving anything of value from these people.

Just hoping this would be the last that he'd get into this situation, but if he does get into one once again, what are the possibilities of having his identity be replaced, just like what they do for witness protection?

Aside from losing your hard earned money from these hacks, what you mentioned is another big problem. Merely knowing that someone out there has every information there is about you is worrisome (I won’t speak for everyone, so at least worrisome to me). Centralized exchanges know the dangers involved in using their services which is why they must have stated something to back it up in their privacy policy. However, they won’t tell you the dangers because that will obviously cause bad business for them, and most of us sheepishly click on “Agree”. Hopefully people learn more about what goes on centralized exchanges, in fact, what could go on (because it may not be now but a lot could go wrong).

You may want to rephrase that

---

Who is we?


Why are you engaged in such a risky thing like day trading? You like losing money?
For those still believing in getting rich over the night I suggest reading this topic: Trade vs. HODL - avoid traps.


Some would also say that smoking is healthy or excessive drinking of alcohol is healthy. That doesn't mean that those activities are healthy. You can say and think whatever you want, that will not make CEXs a good phenomena in crypto space.

---

See? You already answered yourself about how to avoid CEXs although you don't have DEXs in your are.

---

This happens because so many users headed to CEXs at the beginning. Time passes and people start to understand the huge risks they are confronted with when using CEXs and DEXs came into play recently. The more people will use DEXs the more DEXs will exist. This is an effort we all have to do in order to avoid this plague caused by CEXs.


Peer-to-peer services by CEXs are a joke, as you are also fully exposed to all risks involved by CEXs. Stay away of these services!


This is true. Never associate crypto with CEXs and with banks!

For more information you can also read this topic of mine: 12 years later and people still don't know to use Bitcoin nor what it's good for.

You are wrong, most DEXs provide p2p features but because the number of DEX users is still limited, p2p trading will be a bit difficult. For example, it will take us longer to find suitable buyers and sellers, we do not have as many options as in CEX. One more thing, p2p on centralized exchanges is no longer pure peer-to-peer trading because of exchange intervention. While that ensures the transaction goes smoothly and we can complain if a dispute arises, it makes the transaction no longer truly peer-to-peer.

By the way, if you use CEX to withdraw or convert to fiat, it means your identity is exposed, it is not necessary for you to use DEX to trade when your identity is known as CEX has be collected.

It is very important for us to use DEX to protect privacy and securely transact funds from being hacked, but p2p services are not available here.  So DEX can be used to trade cryptos and CEX to cash them out as needed.  Because we don't usually need to cash out large amounts, CEX can be used to cash out small amounts as needed.  Or avoiding Cex we can physically sell crypto to known crypto investors. In this case at least we will not have any fear of document theft

Everything has pros and cons. For DEX, we will fully guarantee our privacy but there will be disadvantages such as high transaction fees and not enough services like CEX provides us. Especially for day traders, DEX does not yet offer a daily trading feature. Meanwhile, CEX offers a better experience than DEX but in return the KYC process makes it impossible for us to maintain privacy. For me, both are good and each person has their own choice depending on their needs. I wouldn't be so stubborn as to say that people who are using CEX are idiots just for the sake of privacy.

The purpose of using CEX is to avoid certain things.  Because trading on CEX has a very small fee. But when we use DEX for trading it charges another high fee. On the other hand p2P can be used through CEX and kyc is mandatory for p2P services.  Because of these basically we cannot avoid sex.  And if we have to use CEX then we cannot exclude kyc. There are many centralized exchanges in the crypto market but we can't use all of them of course.  But there are few exchanges which are very trustworthy like Binance, Coimbase, Kucoin and others which I have not mentioned.  So to use cex we need to use trusted and reputable exchanges then our documents will be less likely to be stolen.

Thank you for bumping this thread, cygan!

I also read UniJoin's article and, indeed, it is very useful for this matter. It is, if you want, complementary to this topic, both essays completing each other: one with theory and one with practical examples of what can happen when you lose your identity.

By sharing UniJoin's article here as well I hope that it will reach more readers and, maybe, they'll open their eyes regarding the risks they are facing by using CEXs.

UniJoin has published a very interesting blog article on the topic, which describes the differences between cexs and dexs in detail and addresses various points

https://unijoin.medium.com/why-choose-decentralized-exchanges-894b3d4e279e

hello sir. I was thinking about translating a post of yours to my local language (Bangla). I am not an professional translators nor my translations are 100% accurate. But I think I may able to translate it if I give it a go. Sure it will take some time to translate.

https://bitcointalksearch.org/topic/what-happens-when-your-identity-is-stolen-real-story-avoid-cexs-5444158

Is this post open or somebody already doing the translation?
I'll be waiting for a reply.

p.s : I already sent a PM. But I am confused whether it got sent or not because it was my first time sending anyone any PM. So I am re-replying to this thread.

In my area, identities are even sold on the black market by banks, school organizations and law enforcement, let alone exchanges. It can be said that today for money, they are willing to do anything, no matter how harmful it is to others. I am also frequently bothered by securities companies as well as insurance companies. But what surprised me more was that my bank account number was also exposed, and the bank was the only one who knew about it.

This kind of story wanted me not to do any KYC at all, especially in some new exchanges with no reputations. As for me, my imagination is what if when I go to another country that I'm not familiar with their laws and regulations and suddenly I get hold at immigration for unknown reasons but the truth is my information got used by the hackers, man! that would be a worse experience of my life, I would have ended up in jail for life because I am a nobody. If Andrew Tate is still in prison for doing nothing with his millions of dollars, what about me then?

That's why even if the exchanges are trusted, you need to think multiple times if you really need to use these exchanges because if not, it's better to choose the ones that don't need KYC.

Thank you! Please check also the PM I sent you.

I posted your topic in the Russian
https://bitcointalksearch.org/topic/m.62057071

yes, it is. This can happen in all industrial sectors. in fact, in my country, there are some people who take advantage of someone's personal data that they get from online loans. with ID cards and selfies, they can easily trick others into borrowing, cheating, and other bad things. I agree that giving our identity to others is a dangerous thing, but we need to know where we give that identity. it's a negative effect of so many industries, and I think there are very many cases like this happening.

thank you for sharing this very impressive story.
after reading this story I became a little scared, because nowadays a lot of personal data is uploaded on social media.
The point is to be more careful when accessing or entering personal data, especially on the internet.

Wow that is tragic, this poor guy. I hope he can catch a new stream of luck. Gonna have to say a prayer for this fellow  🙏

Identity theft also has a significant impact on individual privacy. I have been bothered by dozens of different phone numbers for a long time from other stock agents and different sales agents. In addition, I have received several past due notices sent to my home address when I failed to make those loans. I quickly reported the incident to the local police.

I have seen fake crypto exchanges that are opened for collecting people's KYC information, it is better to pass KYC requirements on top exchanges if you must use a CEX.

I have heard a lot of rumors about people purchasing evil stuffs online through the dark web and they always use stolen identities to carry out the purchases, we need to be careful with who we share our information.

The question I have now about people that are not using Centralized exchanges, because of identity stealing issues is, how are you guys doing day trading?

The main reason why I have no choice but to keep trading daily on centralized exchanges is that they are best for trading.

it's ridiculous and adorable. The data that must be personal is even used like that by irresponsible parties, criminals can occur anywhere and whenever including the theft of identity for financial or dangerous activities.
I am indeed an airdrop er hunter willing to join the event only to pay only 5 $ I often do, it makes me laugh, it's cheap. Even though the guise of verification, of course we do not know what personal data want to be made by the second party even to 3.
As you mentioned and there are some media that say in my country I have also been reported by people who are not known and they make a customer database by being sold to other parties, even I also often get WhatsApp and SMS from people who are not known , for promotional offers. It doesn't make sense if they randomized the number.

If the Exchanger is a means of play, buying and selling, and all transactions as a whole, there is no choice sir if they want it. They require KYC. If there are some who do not require. But the features are quite different.

What is quite powerful is indeed dex and very flexible without sensitive data vulnerability.

So far I am still doing and submitting my personal data for a certain application or excanger requirement. I am aware of the big risk.

Don't use no-name exchanges obviously.

Do a background check on exchanges you do business with to see their founders, their leadership board, etc. of course, they will try to hide a lot of things from the public eye, but if you happen to find something about them that rings alarm bells, DO NOT USE THAT EXHANGE, let alone give your details to it.

I think, that identity theft can have serious consequences for individuals. It is worth noting that the story is not related to the use of centralized exchanges, but it is a cautionary tale for anyone who stores personal information online.

Hackers can gain access to personal information and use it to steal identities and commit crimes. Even centralized exchanges like Coinbase have been known to sell personal information, so it is essential to take steps to protect your information and be aware of the risks involved with online transactions.

Unfortunately, it is indeed sad. While all this technology and the evolution of the internet have huge benefits, digitalization, as positive as it may sound, is bound to be abused by some for evil purposes. In my opinion, it's way too late to limit this situation, not to mention reverse it, since our digital footprint stays forever. Cryptocurrencies were supposed to avoid all this KYC frustration, but due to all these regulations, it's practically inevitable.

It's great if you can avoid using CEX.  But in my case I try hard enough to stay away from using cex but in some cases I have to use it like saving gas fee, using P2P service etc.  So I can't completely avoid using CEX. But I think if DEX provides p2P service then Cex usage will reduce to a lot more then now. This is because cryptocurrencies including Bitcoin are still illegal in many countries.  P2P usage is still a very important topic

What is that solution for using a CEX, which always requires KYC, without providing your personal data? A fake ID?


This is right. It is a cautionary tale. Yet, on the same principle, no house was ever broken by a burglar until a burglar broke in for the first time. I guess we should take this story as a "better safe than sorry" advice.

---

Yup, thank you for pointing this to me! I fixed it

---

I, for one, never used a CEx

---

This is correct.


This is sad, but true. All we can do is to limit, as much as we can, exposing our private information...

It's a shame that an innocent man had to go through all this trouble and humiliation, completely out of nowhere. While I understand your point and agree that centralized exchanges should be avoided if possible, the exact same thing can happen to anyone who has submitted their documentation to a platform or service. My point is that it's unavoidable not to submit our personal details anywhere, especially online, and thus, the damage has already been done. Personally, an older email of mine had been found in many data leaks, and who knows what information a hacker may have acquired?

The truth is that there are a few examples of data breaches through CEXs, which contain confidential information that most websites don't, such as an ID or taxpayer identification number.

Oh I think you made a little mistake and didn't link to the right post here. The translation of your good PGP post is out of place here. 

This should be the right link:

• German: Was passiert wenn die Identität gestohlen wird, wahre Geschichte | Vermeide CEX!, translation by AHOYBRAUSE

So this is how stolen personal information can be used against someone else for the main benefits of those behind the business of taking someone's else name and use it for criminal activities. I used to be thinking vague on this but things are now clear to me as to the danger of info thievery. Good thing that I don't have any hint of being a name in the online world...as I think this is one factor why the victim was chosen by these criminals. We really have to be careful and pray that the platforms we are trusting will not fall into the hands of the criminals otherwise we are all at risk. This is one big advantages of DEXs over CEXs. And we have to face the reality that hacking will continue to be more sophisticated into the future and it seems to me that nothing can stop them to be successful from time to time.

I haven't quit using cex completely but use cex very sparingly. Because many times there is a need to use cex for many purposes, so even if you try to avoid it completely, it is not possible. 

Yes depositing a fund in cex means handing over your money to others cex basically works like a bank but because the bank is authorized by the government there is a central bank under which all other banks operate so there is a lot of security here but in cex high quality money  They are very dangerous to keep so we should minimize their use and avoid if possible

Losing our data to a criminal could possibly the worst scenario of doing KYC but this is about privacy and how our personal data is handled by the platform that we share with. Data is the gold of 21st century so we all should know how to keep our privacy as our highest priority and we should be cautious while sharing anything with other platforms and if the platform shares it with others for their promotions then the risk increases higher.

That was a smart move. I hope that you also stopped using centralized exchanges since then...


This is another reason for which you should never used a centralized exchange: similar to banks, they can always seize your account (abusively or not). You are not the owner of your funds once you deposit the money at the exchange. This is because you are not in possession of your private keys. And the saying "not your keys, not your coins" is very valid and it was also stated in a Court decision, by a judge! As a coincidence, the trial involved again Coinbase's name. The exchange was called into a Court of Law by a client which was not allowed by the exchange to redeem his BTG coins after Bitcoin Gold fork occurred. Judge's final decision clearly states that not your keys, not your coins.

conbase is also a reputable exchange and wallet. I didn't use coinbase exchange much but used coinbase wallet for long time but it restricted my account even though my kyc is complete.  Although it was solved after a month but this one month I really struggled to solve it because I had a large amount of Ethereum there. So since then I have stopped using coinbase services. This is why I mention coinbase very rarely in different place

Yes, even corrupting the database is a valid option for data leakage but we ourselves do not realize how much free data we are releasing, this information could come back to haunt us in the future, even simply thinking about a change of policy and therefore thought in our country.  For example, if we buy Bitcoin today or if we subscribe to propaganda sites, this information could become illegal and we would be persecuted.

I don't know how much your password can help you if hackers break the database of the exchange. Remember that the forum also got hacked in the past and hackers obtained many passwords of users' accounts...
Indeed, a strong password is useful but it's not all you need for not having your identity stolen. For not having your identity stolen no third party should have your data.

---

As I wrote above, you should use only decentralized exchanges, crypto ATMs and peer-to-peer transfers. You can always search on CoinATMRadar for a cash-in / cash-out crypto ATM in your area. These ATMs are (supposed to be) anonymous, although their fees are not small...

---

If you carefully read OP you'll notice that the first thief was caught and convicted. Then another thief used the victim's identity... He was in an endless loophole...


I doubt this would be a good idea... As bittraffic observed, such move would only draw even more suspicion on you...

---

No, there is no way to know for sure that your data was actually deleted...

---

Have you read in OP that Coinbase sold clients' data to third parties? Isn't Coinbase also a reputable exchange? Besides, don't you know that Binance got hacked twice already? Only luck made that Binance clients did not have their personal information stolen as well and hackers were only interested in their deposits...

cex exchange provides very good services in many cases like p2p facilities so many people are more interested in using cex.  But one problem in cex is that kyc is mandatory to trade or withdraw high amount. But in this case, there is a fear of kyc information being stolen.  But I don't think kyc on reputable exchanges like Binance, kucoin etc will have any data theft. But be careful while doing kyc on any new or non popular cex and avoid using smaller cex exchanges. Because in small cex there is a lot of risk of KYC documents being stolen as well as deposited funds

I already have my personal information tied to two exchanges already, back when I newly got into Bitcoin before getting exposed to lectures on privacy and what being careless with your personal information could cause, I had already registered an account in two exchanges and had to complete my KYC so that I could use the p2p service. Although they stated that if I wanted to get my info deleted from their system I should make a request and follow some directives and that way my details would be wiped out from their database.

The exchanges in question are Binance and kucoin. Now my question is; Is they a way to prove that my details has truly been wiped out from their database after completing all the procedures?

This is one hell of a nightmare, wouldn't be surprised if he quit his driving job  with all the humiliation he keeps getting But why didn't he use his lawyers to sue these convicts for identity theft and all trumour suffered because of  their actions..?

Btw if I were him,would have gone with changing identity, the damage is to much

The digital world is a whole different place which needs everyone of us taking extra precautions to protect our data, btw in such scenarios, does the exchange protect itself from being sued for misuse of data or failure to secure this data using its terms and conditions ?? ***Kind of reminds me of Facebook***

from this case it is really very dangerous to do KYC on an exchange, anything can happen beyond our control, very terrible,
but how can we trade if we don't do kyc on the exchange, even though that's the main part of being able to trade and withdraw funds.
hope that in the future all exchanges can be responsible for existing data

I think it's not so much how willing you are to use a cex but rather how strong your password is whenever you sign up for services that use KYC, and obviously how serious the service you're using is.
Breaking a password is not very difficult, simply giving an example a social network like Facebook will ask for a password with certain requirements (min. 8 characters, must contain a capital letter, at least one number and a special character) now think how much it has narrowed the field of research. A hacker can do a brute force attack and a dictionary already with that information and trust me it often takes 1 week to hack.  So the first source of security is yourself.

This is very well said, dkbit98! And I hope that my story will help many users to understand how it really feels to live such drama. I also suggest reading a topic written by 1miau, which is complementary to mine: Why KYC is extremely dangerous – and useless (I believe that Sarah Azhari, quoted below, will be very interested in reading 1miau's topic.)

---

Well, first of all you should inform the ones having your personal information that they do not have your consent anymore for processing your personal information. And according to GDPR, they should agree to delete the information they have about you. However, GDPR is recognized only in Europe, therefore if you will address to a company from the rest of the world, GDPR will be useless. If they won't agree, you will have to sue them.

It mostly depends on who is "they". If "they" are a honest business, they should delete your personal information upon your request. The problem is that you may never know for sure if they did it... Furthermore, in case you gave your personal information for something which has a financial connection, then your data will be deleted in 3-5 years (if they will ever delete it)...


You have to contact a lawyer from your country. I don't know your country laws, nor who you want to sue... But best advice is this: (1) contact the ones having your personal information and let them know that you don't consent to have your data anymore; (2) wait for their answer; (3) if the answer is positive, you can only hope they will actually delete your data; (4) if their answer is negative or if they don't answer at all, then contact a lawyer. You may never know what may happen with your data. And, as you saw in the story from OP, an identity theft is a living hell...

If you wish, you can keep us posted with what progress you made.

financial data usually needs to be kept on file for upto 6 years(countries vary) due to tax related stuff and other AML / bank secrecy act policies
UK - https://www.gov.uk/guidance/money-laundering-regulations-your-responsibilities#record-keeping-requirements

US - https://www.fincen.gov/sites/default/files/shared/bsa_quickrefguide.pdf
and yes expect exchanges to sell your data. much like expect your bank to sell your data
(banks DEFINITELY sell your data to other commercial businesses if you sign up to accounts that give "cash back offers on purchases" (because thats how they get the cash to give back))

however. be more aware if strangers on de-fi ask for KYC as they are more likely to use your information on dark markets

selling data to other legitimate businesses is less risk then handing id to stranger who can use it on dark markets

your story worries me, if I already have KYC, what can I do now?, do they really clean up my database KYC if I did cancel my membership or delete my account?. I also do not know how to sue them, because like my experience in past, where the Facebook case "Cambridge Analytic", give my KYC on a third party to a consultant company. Until now I don't know how to sue (1 BTC) Mark Zuckerberg because I've already KYC (taken a picture and sent my ID Card) before.

here is the thing
(i am not promoting CEX or denying utility of de-fi. i am being frank and rational about identity theft using observations)

the OP's story is not about identity theft related to a CEX..
the OP admits to this in his first sentance..


here is one thing i have seen happen in the past related to de-fi/localbitcoins(services like craigs list of buyers/sellers with a escrow service included)

when doing private bitcoin-fiat swaps with random strangers.  independently of a central market orderbook

some strangers steal from each other by doing chargeback scams

chargeback scams are where you would buy btc with fiat and then call your bank and claim someone falsely used your account to pay some scammer.. .. thus get a refund on your bank transfer and give the btc seller a red flag. resulting in them having their account closed
(many people had their accounts closed and it gave a bad impression with banks about bitcoin traders)

this then caused many bitcoin sellers to start requesting KYC on these de-fi methods of trading to prove the transactor is the bank account holder to use as evidence that there was no false transfer. thus avoid this drama of accusation

then malicious people using the kyc request ' new norm' experience people had to go through.. started requesting KYC and then selling the data to others on the darknet

and then those identities were used for nefarious purposes

yep
this is why many banks disliked bitcoin traders in the years 2013-16 of localbitcoins
this is why when the kyc stuff started up in 2016+
this is why many users stopped using local bitcoins more recently
this is why localbitcoins closed down even more recently

you will find the 2020 new "de-fi" crap will cycle through the same experience as localbitcoins
scamming for value. KYC to protect traders.. then scamming for identity. then people disliking and losing faith in the latest versions of de-fi

Not really, but I can understand why many people are still using centralized exchanges a lot, maybe when they are exchanging larger amount of money and they want to buy/sell lot of Bitcoins.
I am all for P2P trading and decentralized exchanges like Bisq, but let's be realistic and say that we can't expect everyone to use DEX especially if they are companies or financial institutions.
Identity and documents can be stolen anytime if they are sent for any verification, so I would suggest regular people to stay away from CEX like Coinbase, Binance., etc, or at least be aware of the risks and use them sparingly.

The lawyer's suggestion to change his name is the worse idea. Because that would add up again to another suspicion from the police as to why he changed his name.  I think he just has to bring papers every time proving he was cleared of the car and boat theft.

Yep, this could happen to any of us who have submitted all the documents to ICO projects or CEX. Very alarming that if it happens to you in one country, it could also happen to any country you will visit.

Indeed, not all decentralized exchanges have liquidity. However, you can always search on CoinATMRadar for a cash-in / cash-out crypto ATM in your area. These ATMs are (supposed to be) anonymous, although their fees are not small... As an alternative, you can also try peer-to-peer transfers.


Indeed, the subject of OP did not have any connection with crypto. However, as I wrote also inside OP, this is not the point. The main subject is to understand what you may live once your identity is stolen. Then I explained that such thing may happen if you use centralized exchanges.

---

Indeed...


No, this information was not published...


Indeed, my dear 1miau. This is why we have to do everything we can to ensure that our personal information remains personal.


Really? I would not expect something like that from a country like Germany... Wow!


Hehe, good to know!

The biggest crypto heist in the bitcoin history...

1. Mt.Gox
2. Linode
3. BitFloor
4. Bitfinex
5. Bitgrail
6. Coincheck
7. Kucoin
8. PancakeBunny
9. Poly Network
10. Cream Finance
11. BadgerDAO
12. Bitmart
13. Wormhole
14. Ronin Network
15. Beanstalk
16. Harmony Bridge
17. FTX

All these exchanges have been hacked at various times and have robbed people of billions of dollars. Not only billions of dollars have been stolen but also the information of various customers has been stolen. To all of you, always be careful when using centralized or decentralized exchanges. Your personal information can be stolen at any time.

Full details here: https://cointelegraph.com/explained/the-biggest-crypto-heists-of-all-time

I limit using CEX to insure my assets. I would like to ask everyone here who doesn't have a bank account, who doesn't have a citizen ID?...and many services in daily life we have to use citizen ID. If we all did it, it means our identity was exposed or sold before we used the centralized exchange. Don't blame CEX when our identity is sold, but many other cases. Apart from bitcoin, everything in this world is centralized, and we are using them every day, from our place of residence, school, and work... they all hold our identity. Our identities have long since ceased to be private.

Wooowww, really sounds scary as shit.  

Is it known where his data and which data was stolen?

I can believe once such data is gathered in DarkNet spaces and combined from other hacks / leaks, it might get pretty dangerous for people which data got leaked. KYC on centralized exchanges is very risky and we should avoid it.
But not limited to KYC, look at how many people were affected from Ledger's hack and received scary letters in their (physical) mailbox at home. And Ledger downplayed these hacks...


Most often, it's about to save costs. Shady, insecure and often fraudulent verification processes are offered. Computer science experts have warned about it multiple times but nobody listens...
In Germany, many banks are even deliberately ignoring BaFin (German SEC) standards and are getting away with it...

And, as you've said, some centralized exchanged are deliberately selling data to make more profits. Such exchanges engaging in such criminal busines, endangering customers, should face massive legal consequences.



Anyways, Mannheim has a veery nice park. 

---

+1

From Facebook to Google gates and this story as well as other stories, KYC is extremely dangerous - and useless

It annoys me when gambling sites and online casinos request mandatory kyc from users. As bitcoiners we can easily point centralized exchanges as the problem but also note in the story our character used his google tracker as alibi. It shows how centralized the world today really is. You do not own your data in today’s world, it’s always in the control of a third party whom you have shared that data with. The banks, big tech and government agencies own your data and can do with it as they please. I hope people can learn from this sorry and be more concerned about data ownership and data protection.

As much as possible I wanted to avoid using CEX but the problem lies on where I can exchange my cryptocurrency since not many of them are listed on DEX'es and/or don't have liquidity but only on centralized exchanges.  Aside from that database leak is not only on CEX but also on the poor security of the government websites like the one in my country where the official site of the list of voters where breached

I bet the person's identity information stated by @OP was leaked by other sites and not by centralized exchanges.  Though I agree that some exchanges such as Coinbase which is rumored to be selling data to a third-party company.  This article[1] stated that Coinbase is selling geo-location information to ICE.

---

[1] https://www.coindesk.com/business/2022/06/29/coinbase-is-reportedly-selling-geo-location-data-to-ice/

Using the centralized exchanges is as worse as placing your entire life private information on the internet for anyone to use against you, if dome people might have known the repercussions or risk associated in using them some would have avoided them long ago, aside the fact that centralized exchange are not secured enough because they can share ones private data provided through KYC to a third party, they can be hacked, they can also serve various vulnerabilities which includes the promotion of shitcoins on their exchange and they convinced people to invest more on alts they promoted.

Generally, there are other possible means by which an individual's personal information can be stolen. There are some phishing sites that most individuals log on to that get their personal data compromised, and some uncommon mistakes could also lead to identity compromise. Similarly to the story of this Romanian, a guy in my country got caught on CCTV while he stole a paper from the trash can in the bank. The paper he stole contained the bank verification numbers of that bank's customers. I can't remember the whole story, but this guy was arrested by the police, and he confessed that he usually goes to different banks and tries to steal people's BVN, then sells it to a guy who has a site that enables them to get every piece of information about the person who has the bank verification number, and they use the information to carry out fraudulent activities.

Data is invaluable and is our digital representation, which can be used with malicious intent as well.

People fail to see the danger of exposing their data, maybe cause they do not see themselves as celebrities and are not public figures, so their identity is mostly unremarkable. But this does not matter to hackers at all and anyone can be a victim.

To put it into perspective, when asked to prove our identity on an exchange we present certain documents, those documents if in the hands of the wrong person can be used to represent us as well and we would panic if an important physical ID is lost and hurry to get it repaced, neither would we leave it in possession of anyone, but can freely give out the digital version.

- Jay -

What you will read below is the real story of a Romanian citizen which happens to live a nightmare everyday, after his identity was stolen. It didn't happen after using a centralized exchange, yet he lives the same thing as one which had his identity stolen by hackers from a centralized exchange or from any other source. This article is a cautionary tale. All those using centralized exchanges must be aware that at any time the exchange can be hacked and risk not just their funds but also face the risk that hackers steal also their personal information and use it against them. Or, even worst, hackers sell their personal information on dark web where criminals buy it with 1-5$ and they can always make a visit to those people...

---

A recent article from Romanian newspaper Adevărul tells the story of C.T. (36 years old), living in Germany for the last 8 years.

While his main job is to be a driver in Mannheim, C.T. also acted as a vlogger and it seems that thieves of personal information became interested about his name.

The nightmare started in 2018 when he was driving home (towards his home from Romania) and he was arrested in Hungary after he stopped for a Police casual check, being informed that he was part of a network of thieves which were stealing cars. Apparently, his name appeared in Police database with a theft of a 22.000 EUR car. Obviously, the man protested and tried to explain he is innocent. He was told to contact the Tribunal of a city where he was never before.

Months later, while being in Germany, Romanian Police contacted him for informing him that his personal information was stolen. They said they knew the guy but they needed C.T. to come to them for some declarations. The man went to Romanian Police and, excepting the paperwork, they also got his fingerprints, took photos of him, measured him and had him go through a lie-detector test.

Since then, somehow, his problem became worst. Each time he was driving to Romania he was stopped at Customs Office. Each time he felt humiliated as they were looking at him like at a criminal. Each time he had to repeat the entire story, because he appeared as international fugitive.

After a while Austrian Police informed him that the thief which stole his personal information was finally caught and convicted.

Yet in February this year he had another incident with German Police. One day, at 6am, when he was at work, a neighbor told him that Police is at his door, looking to arrest him, because he stole a 38.000 EUR boat. C.T. believed that his personal information was now used by another thief. This new criminal investigation was conducted by Augsburg Police. He went there and he observed they had a dossier with all his data, but with a photo of someone else. They asked him where he was during a certain day of 2022 and he proved them with his phone, with his Google account, by accessing his location history.

Lawyers suggested him to change his name, yet the man does not want to make this move. At the end of article he describes how afraid he is of finding out that a bank loan was made on his name or of getting arrested wherever he goes.

---

All of the above is an impressive story. It does not really matter how those thieves managed to obtain this individual's personal information. What matters is that such theft can always occur if you are using centralized exchanges. Hackers may steal your data. Even the exchanges may sell your data, as it was the case of Coinbase. So we're not talking about a shady exchange from a third world country, but about one of biggest exchanges worldwide. Yet this exchange was caught selling customers' data.

So are you still willing to use CEXs?

Topic is self-moderated for avoiding spam.

---

---

Translations (in chronological order):

• Română: Ce se întâmplă când îți este furată identitatea – caz real || Evitați CEX-urile!, translation by GazetaBitcoin
• German: Was passiert wenn die Identität gestohlen wird, wahre Geschichte | Vermeide CEX!, translation by AHOYBRAUSE
• Filipino: Ano ang mangyayari kapag ang iyong pagkakakilanlan ay ninakaw -- totoong kwento, translation by jeraldskie11
• Russian: Чтo бyдeт,кoгдa вaшa "личнocть yкpaдeнa"?, translation by FP91G
• Pidgin: Real Stori--Watin you go see wen person theft ur identity ||Comot hand from CEXs oh, translation by MeCsc
• Polish: Co stanie się, gdy Twoja tożsamość zostanie skradziona - historia prawdziwa ..., translation by cygan
• Bengali: কি ঘটে যখন আপনার ব্যক্তিগত পরিচয় চুরি হয়?, translation by DYING_S0UL
• French: Que se passe-t-il lorsque votre identité est volée ? || Évitez les CEX, translation by iwantmyhomepaidwithbtc2