My latest experience of being scammed once the identity information is submitted, data leakage is only a matter of time.

Once identity information is submitted, data leakage is inevitable.

BlockFi bankruptcy withdrawal, KYC data leak. Believe me, this story is very close to everyone.

The original article “To submit, or not to submit” was written by Dana J. Wright and translated by Odaily Star Daily jk.

Intuition is an incredible tool for humans. We encounter many things in our daily lives that are so profound and complex that we cannot fully understand them at our current stage of cognitive development.

Online data collection is a perfect example. When you register for an application or service, you have no concept of what will happen to your name, email address, location, biometric data, and any other information you submit.

• Battle for AI Talent Frenzy at the Beginning of the Year, Confusion at the End
• A different approach, friend.tech may be the community artifact for NFT artists.
• Official publication of ‘The Musk Biography’ How does the book describe Dogecoin?

However, you are always making decisions.

When you enter a create account page, contact form, or enter payment details page, you consciously or unconsciously assess how much you trust this company or platform, then weigh how much you want after the data collection step, and decide whether to submit.

Just a few days ago, I encountered such a situation myself.

Here is a quick review of my decision-making process, what my intuition told me, why I decided to do this, and the consequences of making the wrong choices in these situations.

The story starts with this email

In November 2022, as the entire FTX empire collapsed, BlockFi .US ceased operations after purchasing its controlling stake, prohibiting customers from withdrawing and declaring bankruptcy.

My assets in BlockFi are not large, but they are not completely negligible. After understanding the bankruptcy process of other crypto companies that have gone bankrupt, such as Celsius and Voyager, I didn’t have much hope of recovering these funds.

So, this email was a pleasant surprise for me. (At least at the time.)

Withdrawal request

BlockFi’s second email: Withdrawal request received.

Withdrawal seems simple.

I selected the assets to transfer, entered the amount and my wallet address. At first, I only entered a small amount to test and ensure that everything went smoothly, which was a habit I developed after experiencing many painful lessons.

Shortly after, I received an email confirmation with the summary of the withdrawal, but I did not receive the funds in my wallet. It is not uncommon for transfers from centralized exchange platforms to take a long time, so I wasn’t too worried about it and continued with my daily life.

“Shotgun KYC”

BlockFi’s third email requesting identity verification.

A few hours later, I received another email from BlockFi, stating that I needed to submit identity verification in order to complete the withdrawal request.

This scam is known as “shotgun KYC” in the crypto community.

It is when a trading platform allows you to easily deposit a large amount of funds into your account with minimal resistance, but when you attempt to withdraw the funds, you are faced with a cumbersome identity verification process that can take a long time.

Users of various exchanges have reported that KYC processing can take several months, and sometimes accounts are frozen indefinitely.

By the way, the term “shotgun KYC” was coined by Odell in 2019.

To submit or not to submit

Identity verification form from BlockFi’s third-party KYC provider.

Without beating around the bush, I submitted.

I submitted six sensitive personal identification information, my official ID, and a biometric check (biometric facial scan).

In hindsight, the reasons are as follows:

• In this case, there is a reasonable reason for identity verification besides financial monitoring, which is that the law firm may need to verify that the claimant is the legitimate holder of the claim;

• The email said that the withdrawal process could take up to 90 days, and I know it could actually take several months, so I wanted to get in line as soon as possible;

• For me, the amount of funds to be recovered is worth taking the risk.

Different people assign different monetary values to their data. If you are a billionaire, then you need to fully undergo KYC and bear the compensation required to mitigate these risks, which could be millions or not worth it at all.

For me, the threshold is much lower.

It is important to understand that you should set a “premium” on your identity data.

Over time, the probability that the platform will sell information to third parties or be attacked by hackers is almost 100%, so you need to be compensated for this.

Consideration of risks and benefits

The email from BlockFi told me that identity verification helps protect his account and assets. That is a complete lie.

When I read that statement in the BlockFi email, I rolled my eyes. I fully understand that this is a harmful lie. Submitting KYC (Know Your Customer) information exposes individuals to various attacks they have never had to worry about before.

Specifically, the following points:

• If your account is hacked, the information contained within it is enough for thieves to not only steal your funds but also your identity. Depending on your net worth and the amount you have stored on the exchange, your KYC information may be worth more than your funds. Once hackers gain access to your account, all this information is usually available for direct download from the settings menu, usually located under privacy settings.

• If a trading platform is hacked, customer data becomes an increasingly attractive target. Once a trading platform loses customer funds, it immediately faces legal, reputational, and financial disaster, but not customer data. I have not seen any company directly compensate customers for data lost due to a hack.

• If an exchange shares your data, the possibilities of where your data can end up are endless. This is the most concerning point because exchanges do indeed provide your data to analytics firms, other financial institutions, and government agencies. Nowadays, most exchanges outsource the entire KYC process to third parties. For example, this company claims to store KYC data from over 1000 platforms. (I didn’t even know there were 1000 cryptocurrency platforms.)

Once these third parties have your data, you completely lose control over it and give up any right to claim it when the data is leaked.

And these data will definitely be leaked, it’s just a matter of time.

Hacker attacks

BlockFi emailed me for the fourth time to notify me that my data was hacked.

On August 24th (just seven days after the first email was sent), I received an email from BlockFi stating that their KYC provider had experienced a data breach, and unauthorized third parties gained access to a large amount of customer data.

It’s really frustrating.

Based on the timing, I believe the attackers may have already entered the relevant systems.

They may have just been waiting for BlockFi to open withdrawals and force tens of thousands of people to submit their data. And then strike.

These hackers are usually experienced.

Final thoughts

In hindsight, would I still submit my data if I knew it would be leaked immediately?

Actually, yes. My KYC data has been hacked multiple times. If it weren’t for that, maybe I would have different considerations, but the reality is that I no longer care.

However, for those who haven’t had their biometric data and official ID collected and traded on the dark web multiple times, it is crucial to understand that submitting KYC is an extremely dangerous act.

At best, this greatly increases the risk of identity theft. Worst of all, it is a tool used for mass financial surveillance. All three-letter agencies have backdoors and use this data in crazy ways that you may never agree to.

The bottom line is: your data is only safe when it has never been collected.

So the next time you stare at these forms, be aware of how important the information being requested is, trust your instincts, and walk away if the reward isn’t worth it.

We will continue to update Blocking; if you have any questions or suggestions, please contact us!