Pages:
Author

Topic: Why KYC is extremely dangerous – and useless (Read 5994 times)

legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
However I think kYC verification is very important in terms of  crypto wallet so as to enable your assets to be secured, and it will be very heard for scammers to access your wallet.
I'd like to address this misconception. Securing a wallet is possible without any KYC at all. The platform simply can give you options which depend on non-personal data. For example, a one-time password generator is not problematic privacy-wise (think open source alternatives to Google Authenticator). Things like email or telephone verification are not necessary for account recovery, any way to communicate is possible, so for example also a decentralized solution, something like Bitmessage, ZeroNet, Mastodon or Nostr could be used for that task.

There's a twist though: If the scammer gets all your access data, then he can access your account and your coins or data. You may believe that if you then show that you are the "legimate" owner, providing state-issued ID documents for example, you could access your account again.

But that's also not strictly necessary. If all normal access data is captured by the imposter, but one single additional code is used for recovery and only for that purpose, stored completely separately (e.g. on paper or metal) and you can show it to the service, then your proof that you're the legitimate account owner is exactly as convincing as if you provide them a state-issued ID.

By the way, the OP was prophetic:
Quote from: 1miau
After all, it is only a matter of time before a major KYC scandal makes the general public aware of how dangerous and useless KYC actually is
Chivo wallet (_all_ KYC data of almost all Salvadoran adult population exposed) is perhaps such a major KYC scandal. It's of course not good that it happend just to a crypto-friendly state, but it is what it is.
full member
Activity: 1638
Merit: 167
Buzz App - Spin wheel, farm rewards
We can only consider KYC dangerous_and useless, only when the platform that you're ask to complete your KYC verification happens to be fake.
you are wrong here, many platforms enforce KYC but they are big platforms, not fake platforms, what is discussed in this topic is what will happen when the privacy data of users who register using KYC is exposed by irresponsible parties, still remember In the case of Facebook where user data was leaked, they were immediately summoned by the US authorities

However I think kYC verification is very important in terms of  crypto wallet so as to enable your assets to be secured, and it will be very heard for scammers to access your wallet.
what is feared happening with CEX is not only wallet hacking but also manipulation carried out by the CEX itself, such as the FTX case, they manipulate liquidity which causes many investors and traders to suffer big losses and lose their assets
sr. member
Activity: 658
Merit: 441
We can only consider KYC dangerous_and useless, only when the platform that you're ask to complete your KYC verification happens to be fake. However I think kYC verification is very important in terms of  crypto wallet so as to enable your assets to be secured, and it will be very heard for scammers to access your wallet.

Your reply is really surprising and I guess you didn't read the whole topic. You probably skimmed through it or responded based on the title. Op has taken time to explain why KYC is dangerous and why you should avoid it at all cost. I'd like you to take some time to read it for your own good. Also, incase you're not fluent in English language, at the footer are translations in other languages.
member
Activity: 210
Merit: 36
We can only consider KYC dangerous_and useless, only when the platform that you're ask to complete your KYC verification happens to be fake. However I think kYC verification is very important in terms of  crypto wallet so as to enable your assets to be secured, and it will be very heard for scammers to access your wallet.
legendary
Activity: 3906
Merit: 6249
Decentralization Maximalist
Recently there was another case highlighting the importance of that subject: KYC data of 5 million people were leaked in El Salvador in early April. The culprit unfortunately was the Chivo wallet - it was already suspected before but yesterday the hackers also released the Chivo source code, confirming the suspicion. The data included photos and addresses, so it very much was one of the biggest desasters you can imagine.

I support the Salvadoran Bitcoin policy, but the implementation of the Chivo wallet seems to have been really problematic. There should at least have been a no-KYC option for those not wanting the Bitcoin "airdrop".
hero member
Activity: 2212
Merit: 670
Signature designer - start @$10 - PM me!
They've a way of exploiting virtual cameras to bypass KYC and one of such ways is the use of AI assisted tool known as deepfake, which was touched upon in the article.
There is also another AI tool "OnlyFake"[1], it seems to be a complete package tool to help pass verification up to VIP 100x level. OKX exchange is one of the “victims” of this tool.
Unfortunately I haven't found the official site of this tool, I think they were taken down or actually don't operate on sruface web.
Quote
404 Media reported on Feb. 5 that it successfully bypassed the KYC verification of crypto exchange OKX using a photo of a British passport the outlet generated with the site, where the ID appeared to be laid on a bedsheet as if a picture of it was taken.

1. https://cointelegraph.com/news/ai-generated-fake-ids-pass-crypto-exchange-kyc-onlyfake
sr. member
Activity: 1008
Merit: 262
20BET - Premium Casino & Sportsbook
I don't want to believe that criminals can pass KYC requirement with stolen identity, if you believe that this is possible please share how they can maybe I can learn from you, any KYC requirement that's not live on camera it is not a strong one, and yes criminals and hackers can use stolen identiies to pass KYC on such platforms. .

You shouldn't doubt it, criminals have taken their scheme to a new level. They've a way of exploiting virtual cameras to bypass KYC and one of such ways is the use of AI assisted tool known as deepfake, which was touched upon in the article. However, If you want to know more you can read the article below and watch the Youtube video.

Nice article, artificial intelligence is making is taking another new dimension which could be a disaster in the feature if things are not modified. I have seen videos on how scammers are using different AI apps to generate videos and identy cards to present to there clients to synphone money from them. We need to be aware of various scams techniques so that we don't fall victim.
Exchanges too are making efforts to make sure that such attempt of fake KYC by users are prevented. This might be a serious concerns to exhanges during KYC.
hero member
Activity: 1106
Merit: 912
Not Your Keys, Not Your Bitcoin
I agree that KYC can be extremely dangerous. specially if it is done in the platforms where the money is involved.. But I think there are some legit businesses also who ask for KYC because they also have no other choice. they are forced by govt law inforcement agencies for that. IF they don't do KYC and don't provide required details to govt their services will be shut down.

This is so wrong of you to say, because Binance has mandated all his customers to do KYC doesn't mean there are no other places to use. We still have some centralized exchanges that offer no KYC accounts and can trade peacefully without any restriction. Government involvement in crypto is not a good deal for everyone because of personal reasons and political reasons, it becomes a conflict of interest when the government get involved in anything, you don't want an Irak person's account to be closed because the US don't like him or because they suspected him of anything that threatens their national security, US is not the only species on this planet right!

Quote
I think consumers should avid doing KYC in multiple and unkown places. and minimize that as much as possilbe. for example by sticking with just one crypto exchange. using Non Custodial wallets, using DEX instead of CEX.

If there is any way to turn back the hands of time, the centralized exchanges where I have done KYC I will remove them and close the account completely but it is too late for that because even if I deactivate my account, they have my details already and it will remain in their company forever, so it's like trying to live a plant that you have already killed, it is not possible to do that again. I still don't like the idea of centralized KYC platforms but if you are cool with it, don't encourage others to do the same because privacy remain the number one thing everyone should keep to their self, not for the public.
member
Activity: 994
Merit: 14
I am never a fan of kyc, matter of fact I find it really annoying whenever I am asked for kyc. Because I do not know exactly who is at the other end having access to my personal information and I do not have any control over it immediately I upload these information.
I quite agree with the OP, it really is a dangerous thing releasing your personal to the public under the guise of doing a kyc.
member
Activity: 238
Merit: 59
    I totally agree with you because your privacy is compromised and any body can easily use your personal official information to open fake account using your names and details to transfer (millions of money or investments) through an outside party to conceal the true source,  through fake crypto exchange accounts.

   KYC is determining identity of stealing specifically and a dishonest way to make money by deceiving people because create wider data base,and they assist scammers to be undetected which made an hacker  to buy KYC data and use it in verifying host of different cryptocurency exchange accounts  without being identified since the IP is hidden or obscured, it also helps in changing of accounts.
Making use of any KYC/AML service is a privacy threat today and future threats seriously .
   To avoid it ,it is better to make use of decentralized crypto exchangers instead of intervening to your privacy.
full member
Activity: 280
Merit: 110
Eloncoin.org - Mars, here we come!
I agree that KYC can be extremely dangerous. specially if it is done in the platforms where the money is involved.. But I think there are some legit businesses also who ask for KYC because they also have no other choice. they are forced by govt law inforcement agencies for that. IF they don't do KYC and don't provide required details to govt their services will be shut down.
I think consumers should avid doing KYC in multiple and unkown places. and minimize that as much as possilbe. for example by sticking with just one crypto exchange. using Non Custodial wallets, using DEX instead of CEX.
hero member
Activity: 2520
Merit: 783
I have read a lot of comments in the section and I am not surprised that everyone are saying the same thing about KYC verification, I have personally passed many KYC verification on exchanges myself and I don't regret doing it.

I am someone who likes looking at things from both sides, just because I don't like KYC verification doesn't mean it is nonsense, I am currently staying away from giving up my identity to any centralized exchanges but how about we think this way instead?


Well expect majority will agree to the risk about this KYC since there concern is really valid. There are lots of scams happening that's why a lot of people are so skeptical about undergoing on this process.
But so for many years of doing this I also don't encounter any issue so we can assume that we are fine here as long as we choose those reputable platform and we are totally safe for any huge risk that people are talking about.

The most important thing here is we should not submit our documents to any platform like Airdrop or any other centralized exchange which doesn't have any good reputation so that we will not put ourselves on any unimaginable risk that we don't want to happen to us in future.
sr. member
Activity: 532
Merit: 420
Fine by Time
I have read a lot of comments in the section and I am not surprised that everyone are saying the same thing about KYC verification, I have personally passed many KYC verification on exchanges myself and I don't regret doing it.

I am someone who likes looking at things from both sides, just because I don't like KYC verification doesn't mean it is nonsense, I am currently staying away from giving up my identity to any centralized exchanges but how about we think this way instead?

If there were an alternative to avoid KYC please share it here we are all ears. Because in my country it is impossible to avoid KYC unless it is a physical P2P transaction deal. Dont make it sound like we all are saying KYC verification is so bad. In as much there are disadvantages of it there are still advantages of KYC. But for me i feel like it has more of the disadvantages and that is why OP has shared it here so that people who are not aware would be aware of the dangers of KYC and play safe.


OP, this is for you, have you put yourself in the position of running a platform yourself? That can't do without regulation like running a casino? Or running a crypto exchange like Binance? Can you do away without asking your customers for KYC verification? Can you advice them to avoid passing KYC because its not safe? I will love to hear people's opinion.

Perhaps OP, is still busy enjoying the New year season. Let me jump into these questions.

Yes, i just did. And i understand that the main reason why they made KYC mandatory is because they prioritize user's security and also respect   government regulations on cryptocurrency in the respective countries. Now this second reason is what i find uncomfortable with. Am curious to know what are the data they are sharing with the government and the tax authorities?

Like i said before if there was a means to bypass or avoid completing KYC it would have been better. User's information is important and it's a criteria to so many people to protect their privacy because they love to stay anonymous.
copper member
Activity: 2114
Merit: 1814
฿itcoin for all, All for ฿itcoin.
OP, this is for you, have you put yourself in the position of running a platform yourself? That can't do without regulation like running a casino? Or running a crypto exchange like Binance? Can you do away without asking your customers for KYC verification? Can you advice them to avoid passing KYC because its not safe? I will love to hear people's opinion.
This is not addressed to me, but I also have a counter question. If platforms like eXch.cx have done it (not asking for KYC from their customers) for years, then why not?
It's not impossible to do. The biggest problem is actually greed. Most of those platforms start out good with a lot of incentives including promising their customer no KYC but after accumulating lots of money and looking to get more, they start squeezing their clients.
sr. member
Activity: 798
Merit: 364
I am someone who likes looking at things from both sides, just because I don't like KYC verification doesn't mean it is nonsense, I am currently staying away from giving up my identity to any centralized exchanges but how about we think this way instead?

OP, this is for you, have you put yourself in the position of running a platform yourself? That can't do without regulation like running a casino? Or running a crypto exchange like Binance? Can you do away without asking your customers for KYC verification? Can you advice them to avoid passing KYC because its not safe? I will love to hear people's opinion.

If I may ask, do you mind reading the original post from the beginning to end? There are convincing reasons in the post to stay away from the KYC compulsory exchanges. I definitely understand your point as well and in as much as we condemned KYC, we can not completely stay away from it. KYC is not only unique to crypto, it's a common practice in the financial industry and it is used for some purposes. If you manage to escape in the crypto space, you won't escape it in the banking sector.

Actually, there are take home points in the post but truth be told, there's no balance of justice as regarding the KYC. The poster focuses on the negative aspects of KYC and reasons it should be totally discourage. KYC must surely have its own advantage in some cases but perhaps it was overlooked by the poster because the dangers overwhelm whatever advantages it has.

It's now a thing of choice. If you are still comfortable with it, you can go ahead. The post is not about preventing people from using it but rather enlighten them on the risk and danger associated with KYC. Your privacy is in your hands and you can choose what to do with it.
sr. member
Activity: 728
Merit: 388
DGbet.fun - Crypto Sportsbook
I have read a lot of comments in the section and I am not surprised that everyone are saying the same thing about KYC verification, I have personally passed many KYC verification on exchanges myself and I don't regret doing it.

I am someone who likes looking at things from both sides, just because I don't like KYC verification doesn't mean it is nonsense, I am currently staying away from giving up my identity to any centralized exchanges but how about we think this way instead?

OP, this is for you, have you put yourself in the position of running a platform yourself? That can't do without regulation like running a casino? Or running a crypto exchange like Binance? Can you do away without asking your customers for KYC verification? Can you advice them to avoid passing KYC because its not safe? I will love to hear people's opinion.
sr. member
Activity: 532
Merit: 420
Fine by Time
I want to tell you that AI is now doing the opposite of what we think.
On security wise i would agree with you have said but based on functionality i will disagree with you on what you have said. AI has been improving in various aspects of life rapidly of which the main reason Ai was introduced is being fulfilled. Of, course i believe you know that AI was introduced to support humans in whatever activities we want to do. It makes it easier and faster for Humans to achieve something when they use AI.

Now the question is who programmed AI? Yes, it is we Humans. So definitely it will follow the prompt, instructions and command we give to it unless it is out of its reach or range. What am saying in essence is that AI is literally doing what it is made to do, but the programmer, user of the AI is who command the AI to the opposite. A tool is being used properly but when it falls into the wrong hand it will be used for bad things.

Let us talk about the cybercrimes, hacks and other crazy things people use AI for. It was not basically designed to do those things. It’s always different though, when each one of us get to use the AI. We all have different intentions of which some are good, and some are bad. So we chose what we want to use the AI for, and when we chose to use it for the wrong purpose it's just like power falling into the wrong hands.

I don't want to believe that criminals can pass KYC requirement with stolen identity, if you believe that this is possible please share how they can maybe I can learn from you, any KYC requirement that's not live on camera it is not a strong one, and yes criminals and hackers can use stolen identiies to pass KYC on such platforms. .

You shouldn't doubt it, criminals have taken their scheme to a new level. They've a way of exploiting virtual cameras to bypass KYC and one of such ways is the use of AI assisted tool known as deepfake, which was touched upon in the article. However, If you want to know more you can read the article below and watch the Youtube video.

This is a typical example of what am saying. I heard this news one certain time last year. Perhaps the AI should be down by now. Also heard about the Bitcoin flashing AI for Coinbase and Trust wallet. Infeed these criminals are going extremely mile to suck the wealth out of every careless individual online and they adopt to every new technology of which AI is not an exemption.
hero member
Activity: 952
Merit: 552
I remember when I was just starting out with crypto, I have no form passing any KYC requirement until I had no choice and I use my older brothers national ID card and it was successful, but fast forward to today I can't do such again because they are all live KYC requirement, where you can't upload any pictured identity, you are only left with using live video by camera to take picture straight away into the exchange.

I want to tell you that AI is now doing the opposite of what we think. I was going through a Tiktok posts about some AI app that can give you voice cover and video of with any type of face you want but the App was a paid version befpore anyone can utilized it. It has a first time free use and the author actually did test this app to give you how to impersonate people and to be honest with you, people are using such bank apps to scam people and byepass some security checks even verify some banks account, now tell me how this cannot be used again to do wrong KYC verification.

Quote
I am in support of avoiding KYC by all means but its a matter of choice, if FTX SBF was running a decentralised exchange where no KYC is needed he can still pull his action on the customers one way or the other, this is the problem I have with Dex and anonymous way of getting crypto, if they decide to go bad they will go down hard on people.

I don't want to say I'm in support of FTX but more than half of crypto investors don't value privacy a bit because look at the number of traders and users on centralized and decentralized exchanges, we more of them on centralized exchanges. So if FTX has been decentralized exchange, it wouldn't have people like that as compare to centralized exchanges despite the not your keys or your coins that is been warned all the time.

If FTX has been a decentralized exchange, SAM FRIED BANKMAN wouldn't have been able to pull that stunt he did because a decentrantilized means the keys to coins belong to the customers and not in the hands of the exchange and according to what happen to FTX exchange, they used customer's fund meant to be held in their hot and cold wallet and that was how they went illiquid after enriching the politicians, his girlfriend and the circle of his friends.
sr. member
Activity: 658
Merit: 441
I don't want to believe that criminals can pass KYC requirement with stolen identity, if you believe that this is possible please share how they can maybe I can learn from you, any KYC requirement that's not live on camera it is not a strong one, and yes criminals and hackers can use stolen identiies to pass KYC on such platforms. .

You shouldn't doubt it, criminals have taken their scheme to a new level. They've a way of exploiting virtual cameras to bypass KYC and one of such ways is the use of AI assisted tool known as deepfake, which was touched upon in the article. However, If you want to know more you can read the article below and watch the Youtube video.

sr. member
Activity: 812
Merit: 315
Vave.com - Crypto Casino
Its left for every crypto platforms to upgrade their KYC requirement tool, I don't want to believe that criminals can pass KYC requirement with stolen identity, if you believe that this is possible please share how they can maybe I can learn from you, any KYC requirement that's not live on camera it is not a strong one, and yes criminals and hackers can use stolen identiies to pass KYC on such platforms.

I remember when I was just starting out with crypto, I have no form passing any KYC requirement until I had no choice and I use my older brothers national ID card and it was successful, but fast forward to today I can't do such again because they are all live KYC requirement, where you can't upload any pictured identity, you are only left with using live video by camera to take picture straight away into the exchange.

I am in support of avoiding KYC by all means but its a matter of choice, if FTX SBF was running a decentralised exchange where no KYC is needed he can still pull his action on the customers one way or the other, this is the problem I have with Dex and anonymous way of getting crypto, if they decide to go bad they will go down hard on people.
Pages:
Jump to: