Jake Chervinsky, general counsel and lawyer at Blockchain startup Compound Finance, sent a tweet on November 1 asking the crypto community to reconsider the ramifications brought by know-your-customer (KYC) requirements. His sentiments came in the aftermath of crypto exchange BitMEX’s accidental data leak.
As the (self-inflicted) BitMEX data breach shows, KYC requirements are a double-edged sword, both:— Jake Chervinsky (@jchervinsky) November 1, 2019
– empowering law enforcement to track illicit activity, and
– exposing the public to hacking, phishing, ID theft, etc.
It's about time we reconsider if the trade-off is worth it.
As described by Chervinsky, KYC requirements act as a double-edged sword. He noted that while it helps regulators and law enforcement agencies to track illicit activities, it also compromises public data, making them vulnerable to hackers, phishers, and identity theft.
In his tweet, he questioned whether the benefits brought by KYC requirements are enough to compromise the users’ private information. He also pitched that after the unfortunate incident at BitMEX, the policymakers must reconsider the pros and cons of such standards.
Last week, BitMEX accidentally shared a list of customers’ email addresses with other users. Though the crypto exchange had been quick to claim that it encountered a software issue, an industry analyst warned that users must be wary of potential phishing attempts as well as emails from the exchange’s competitors in the future. Meanwhile, BitMEX guaranteed its clients that all the funds are safe.
While Chervinsky admitted that he has no sufficient knowledge about BitMEX’s identification procedures, he claimed that the exchange is relying on an account-based model, which, in one way or another, is a form of KYC.
I'm not sure what procedures they have in place, but using an account-based model is a form of KYC in and of itself.— Jake Chervinsky (@jchervinsky) November 1, 2019
Chervinsky further explained that keeping massive amounts of Personally Identifiable Information on centralized servers poses serious threats to data security. He also questioned whether the mass collection of information and storing them in single points of failure is worth the cost.
However, BitMEX is not the only company that has experienced a KYC-related data leak this year. In August, major crypto exchange Binance was contacted by a third party vendor who had processed the exchange’s KYC documents, as well as its clients’ face photos. The unidentified individual was demanding 300 BTC to keep the data private.
After conducting an investigation, Binance released an official statement, revealing that the leak happened in February 2018. According to the report, the firm hired a third-party vendor to handle the massive volume of KYC verification requests around that time.