Topic: When is it safe to give our KYC/AML info? (Read 475 times)

Be careful with whom you register your identities ---> they may be being used to commit felonies.

New indictments in the United States Russian sponsored election hacks has alleged a cryptocurrency connection which utilizes accounts at American based financial gateways using fake and stolen identities to transmit and monitor cryptocurrency transactions associated with the funding of the infrastructure utilized to carry out the election hacks.

(Pg 3, Count 1, Paragraph 8 )

More specific details located on pages 21 - 24 (count 10) in the indictment sourced below.


This is just the tip of the iceberg!  The midterm elections will introduce brand new details --> pay attention, read between the lines.  Is the government's Blockchain Analytics Software more sophisticated than perceived and is your identity already being used to open accounts on exchanges, cloud services,...etc to launder transactions without your knowledge?

Indictment PDF: https://assets.documentcloud.org/documents/4598895/DOJ-Russia-DNC-Hack-Indictment.pdf
Alternative format: https://apps.npr.org/documents/document.html?id=4598895-DOJ-Russia-DNC-Hack-Indictment

So, here's the problem ---> https://www.wired.com/story/russian-trolls-identity-theft-mueller-indictment/

The Know Your Customer (KYC) trend blanketing the cryptocurrency space introduces serious security flaws that are more significant then assumed on its face.

I first became seriously concerned after investing into this project, based in Moscow, which was endlessly being advertised all over the place on every platform I visited: https://www.youtube.com/watch?v=33stmvDgm74   (ANN THREAD HERE: https://bitcointalksearch.org/topic/annico-global-marketplace-storiqa-2233274 )  I read all the documentation, diligently researched the project, and invested an amount I thought was worth the risk.  There was no mention of a KYC requirement or I would not have invested.  After the $25 million hardcap was reached, the ICO closed.  At that point, I inquired about the time frame for token distribution but I was told that I would not receive the token, nor would I be refunded, if I did not give them all of the KYC information they requested.  At first, they were requesting my Social Security Number which caused me to accuse them of identity theft.  That got me kicked out of their Telegram and got my IP blocked on their live support so I had to take the problem to the forums in vain ( https://www.reddit.com/r/Storiqa/comments/7u1hal/kyc_how_about_kyst_know_your_storiqa_team/dti92wm/ ).  I have refused to give my identity but it seems that I am in the minority: https://bitcointalksearch.org/topic/m.29706760

I strongly believe that this ambiguous practice of requiring KYC is a serious threat to the security of cryptocurrency markets.  And, in light of the recent "information warfare" (<---Russian's words) declared on the West by the Kremlin, I believe things are going to start unzipping soon because there's no doubt in my mind that the blockchains will be involved in this conspiracy.

TLTR SUMMERY:  The Russian government is stealing identities, people are falling for it, and the United States government is preparing to come down on the Russians which will probably have a significant affect on the cryptocurrency markets.  And, I think we need to come together as a community to educate the newbies on this matter before we get educated ourselves.

Yah, me too...."Lifelock."

I think that the problem will poke its head out in a more significant manner in the future.  I believe sharing our personal information with foreign entities may prove to be a little more complicated than just putting our personal credit histories in jeopardy here.  For example, the recent identity theft scam of the FCC's public comment section on the question of Net Neutrality comes to mind.  Millions of false accounts, financed by a foreign government, were set up to manipulate the discourse in favor of overturning Net Neutrality. (https://www.npr.org/2017/12/14/570262688/as-fcc-prepares-net-neutrality-vote-study-finds-millions-of-fake-comments)   I will leave the obvious concern over voter fraud alone here because it's too hot of a subject, but there are significant collateral concerns that will affect the value of the distributed decentralized p2p networks in the future if these practices continue....

ive sent the required kyc documents to coinbase, bittrex and Gemini. poloniex will be next.

i figure anything i upload will get leaked and sold at some point. thats just the way it is. computer security at most places is a joke.

i already had my info stolen from equifax so no big deal for some more stuff to be out there. i just put a credit freeze and placed a fraud alert at the 3 credit agencies.

I don't think it's ever safe. There's ridiculous amounts of KYC info on the DNMs and it has to come from somewhere. I have a hard time believing that the bulk of it would come from phishing and think it's safe to at least suspect a potential breach of trust by KYC "collectors".

Just like emails, addresses and phone numbers are being sold I'd assume KYC/AML info is up for sale.

I'm not really sure how this problem could possibly be addressed either, since even without the people that we may or may not trust our info with selling it directly, there's a very real risk of their servers getting hacked or socially engineered.

Once you've been around long enough you'll learn that the exchanges with the most significant liquidity are those which are more compliant with the regulatory agencies.  Of course, small players trading on shady exchanges with low volume have nothing to worry about.  Consequently, the recent trend in regulatory compliance has stirred interest into the crypto-assets which has added to their credibility and led to increased marketcaps.  So, while KYC/AML compliant financial markets are beneficial to the those with more significant holdings, the confusion and ambiguity associated with the regulations has opened the door for identity theft attacks.  I was hoping this thread would attract knowledgeable contributors to help out those who might not quite understand the current state of the markets.

Here's are some current trends affecting the markets:

https://www.coindesk.com/bitcoin-crypto-us-senate-hearing-february-2018/

https://techcrunch.com/2018/02/06/virtual-currencies-oversight-hearing-sec-cftc-bitcoin/

https://www.lawfareblog.com/understanding-chinas-crackdown-bitcoin-and-icos

This is exactly the reason I never used a centralized exchange. I only use software called Bisq for P2P trades.
I would never trust a company with such information, no matter what they do.

Thanks for the contribution.  Yes, it's becoming a big problem.  One of the US exchanges I use goes through a third party to verify identities and I am pretty sure that it's a government sanctioned entity.  What I am witnessing is that these ICO's are requesting KYC information in an attempt to appear more legitimate, but then they request that the information be sent to their cloudflare proxy so there's no way to verify their credentials. The problem is that non-assuming investors are aimlessly trusting these guys, and at times, aggressively vouching for their credibility due to the very fact that the ICO is requesting KYC documents. This guy on youtube is even helping them mine for identities: https://www.youtube.com/watch?v=C-D1qSUZDoA

It's not good and people need to be educated.  I am hoping that this thread could become a source of reference for those who are searching for answers on this topic.

I talked to a lot of KYC/AML "providers" on BtcMiami conference. They are all pitching their cool solutions (some of them really cool - such as apps with face recognition, connected to driver licenses db in US, etc). $3-$10 per person.

Hardest questions noone of them could answer:

- what guarantee you have that your solution is compliant? There are none, because noone has these guidelines/policies to match. There are AML regulations for financial institutions, but they are totally different

- they store your data on their servers, no certification of security compliance and probably illegal in most countries due to collision with their privacy terms

- where and how they obtained blacklists / databases of private personal data? I bet there is no way DB for face recognition of US citizens can be given to a "blockchain" company

Hopefully it helps.

And to answer (2) - if your project passes Howey and has all ingredients of utility, such as immediate use in platform - you actually dont need KYC/Aml. But it's still a gray area, because it's not a black and white test, and all depends on wording and experience of your legal team.

My experience investing in ICO's has brought something concerning to my attention.  Due to increased scrutiny of cryptocurrency by regulatory agencies and the crack down on ICO's in China, an increased number of ICO's have been requesting KYC/AML information. Some have even been collecting investments, then holding those investments ransom until the investors submit their sensitive personal identification information. (https://www.reddit.com/r/Storiqa/comments/7u2y5d/storiqaa_kyc_pdf_document_created_after_ico/) and (https://bitcointalksearch.org/topic/m.29706760)  Not to mention the Bittrex debacle in which they held our assets ransom until we submitted our documents....even those with small amounts of assets.

There seems to be quite a bit of confusion around this subject and the practice of collecting KYC/AML seems to be an exploit by which unregulated entities are collecting a large number of identities for nefarious purposes.  I think that we should, as a community, attempt to clear up the confusion for those whom are newly entering the crypto-economic sphere; the small number of voices currently speaking out on the subject are being drowned out by shills collecting referral commissions and an influx of new adoptors who are still unaware of the dangers.

Some of the questions that need to be addressed are:


1) When is it safe to give personal identity related information?

2) When is it required and in what form?

3) Who can we trust with our identities?

4) Are there trusted third parties that we can use to handle our KYC/AML identities for us?


I think this subject requires our attention.  I believe that constructive contributions on this topic would benefit the community greatly.