In the aftermath of the BitMEX data leak, a lawyer raised a question of whether it was necessary to conduct Know Your Customer (KYC) verifications as they expose user data to hacking and ID theft.
Do KYCs expose user data?
Blockchain firm Compound’s general counsel and lawyer Jake Chervinsky raised the question of whether KYC was worth exposing user data to hacking and other illegal activities.
In a Twitter, post-Chervinsky asked that although KYC allows regulators to monitor user data Chervinsky, KYCs expose users to criminal activity. At the end of the post, he stated that it was high time to debate whether the “trade-off is worth it.”
Chervinsky admitted that he is not acquainted with how BitMEX processes user data. Almost every platform has a unique process of identity verification, with BitMEX being no exception. However, each platform uses an “account-based model” that is “KYC in and of itself.”
He then addressed the issue with this kind of data storage. He stated that large amounts of data on centralized servers are highly risky, especially if it is Personally Identifiable Information (PII). He said that data stored on centralized systems have a single point of failure regardless of the amount of data it contains. This means that in case of a system breach, all of the user data is exposed to the attacker. This type of storage is cost-efficient but in no way safe or reliable.
BitMEX and Binance prove that KYCs expose user data
Crypto exchange platform BitMEX had a rough day when it accidentally leaked user emails by a simple mistake in email format. The company used the ‘to’ field instead of the ‘blind copy’ field while sending out a mass email. This exposed the emails of other users to recipients of the mail.
Previously Binance became the victim of one such accident when KYC documents were leaked by a third party that processed user data. These incidents show that although they improve regulations KYCs expose user data.
Featured image by Pxhere.