KYC Requirements Are Making ICOs Riskier, Not Safer
Once upon a time, the offerings of initial coins were open to all. That was last year and since then access to country offices has become increasingly difficult. In response to SEC regulatory attention, crypto startups have started doing due diligence on budding investors. Due to expensive KYC requirements, the pendulum has rocked in the opposite direction, offering hackers an additional price – data from tens of thousands of investors.
The requirements of KYC are an accident waiting to happen
To simply be considered for a symbolic sale, it is now common for an individual to submit a passport scan, a bank statement and various other documents and to answer a series of questions about his origin and origin. of their cryptocurrency. Legolas, for example, asked investors to "provide as much detail as possible about the origin of BTC". Being whitelisted for a symbolic sale is also not a guarantee of participation. The oversubscribed IBOs like Arcblock returned the ether to hundreds of participants who had not contributed in time or who were deemed to have "cheated" using the prescribed gas limit. Twitter traders are now encouraging investors to submit KYC to as many promising ICOs as possible, in case they decide to participate later.
Data leak in progress
With the OIC now holding passports and other identification documents of thousands of cryptographic investors, as well as their e-mails and their addresses wallet, hackers have an additional interest in targeting the crowdsales.advance address, the raw data of tens of thousands of crypto-holders are a meaningful value honeypot in their own right.A portion of this honey was stolen from The Bee Token , whose database was consulted and used to send phishing emails that collected more than one million of dollars.  59009]
This week, Sentinel ICO failed even more after the leakage of passport data from its users. In a Post Middle the startup has admitted that a website vulnerability had allowed another user to access the downloaded files. To compound the problem, the user who discovered the flaw then claimed to have been reported to the police by Sentinel for his actions, although he did nothing wrong.
KYC: Good for ICO, bad for investors
It is difficult to quantify the success rate of whitelists of the OIC, although it is likely to be less than 50%. At least half of the time, in other words, participants submit personally identifiable documents in exchange for nothing, whether due to a whitelist overhead or congestion of the network that prevents them from contributing in time. The probability of leakage of these data is low, but cumulatively, during dozens of KYC applications, these probabilities begin to accumulate. It just fails to expose an individual's data once and for all. E-mail and wallet addresses can be changed. passports and driving licenses are permanent.
Obtaining permission to participate in pre and public sales is now considered by many ardent participants of the ICO as a game. The admission price is the time that It is necessary to complete the KYC registration process and the chance that none of the innumerable ICOs to which they are applying will suffer a catastrophic data breach. As if investing in ICOS was not risky enough, KYC's requirements ironically made crowdsales even more dangerous.
Do you think that KYC's requirements for ICOs are excessive or necessary? Let us know in the comments section below.
Images published with the kind permission of Shutterstock.