Data is a valuable resource. Information helps manage people and their access to their assets. This is being taken advantage of by fraudsters that specialize in the crypto industry. Ever since the inception of the cryptocurrency market, plenty of coin holders have become victims of data leakages. Let’s explore the major cyber defense ruptures that brought data to the hands of fraudsters, as well as ways to protect it.
Major data leakages in the crypto industry
Throughout the crypto industry’s history, there were numerous data leakages. Some happened to be especially dangerous since they contained a lot of personal data. Let’s discover major data leakages in the cryptocurrency industry.
1. A-million-scale leak by Ledger
Ledger is one of the major hardware crypto wallet producers. In the summer of 2020, unknown persons hacked the company’s platform and stole personal data belonging to 1 million users.
Shortly after the data breach, victims reported receiving threats. Among other things, fraudsters used personal data, including data about their place of residency, to blackmail the company’s clients.
2. The BTC-Alpha Ransomware attack
In January 2022, the data from the British cryptocurrency exchange BTC-Alpha emerged on the Internet. The file that fraudsters tried to sell, contained 362,479 lines. In other words, the document included personal information of over 360 thousand users.
The BTC-Alpha data leakage
The BTC-Alpha team confirmed the data leakage. Representatives of the platform suggested that hackers might have gained access to the information by breaching the computers of several employees of the crypto exchange.
3. The database for whoever is wondering by CoinMarketCap
CoinMarketCap is one of the most popular data aggregators in the digital assets market. The project belongs to the major crypto exchange Binance. In October 2021, information emerged that a database with over 3.1 million user accounts fell into the hands of fraudsters.
The CoinMarketCap team could not provide the public with a precise answer on how the incident might have occurred. Representatives of the aggregator suggested that fraudsters collected data from third-party websites. But at the same time, CoinMarketCap’s team confirmed that the data indeed correlates with real data of the platform’s users.
At first sight, it might look like the data breach of the aggregator brought no serious threat. But that is far from the truth. Fraudsters can use any personal information related to members of the crypto community for theft. For example, in the case of the CoinMarketCap data breach, they could get information about cryptocurrencies used by each and every user of the platform.
4. “From hackers with love” to Binance
The owner of CoinMarketCap, Binance, also made this list. In 2019, the trading platform allowed a major personal data breach to happen. At first, the Binance team denied that the incident even took place. But after a file with verification photos of the platform’s users started to appear on the internet, they had to admit guilt.
Binance’s leaked user verification photos
As compensation, Binance offered victims lifetime VIP accounts. But the major crypto exchange’s database of user selfies and document photos are still at the disposal of fraudsters.
5. A 17GB gift by Pi Network
Pi Network is a popular application for crypto mining. In May 2021, the media got filled with personal data leakage reports concerning platform users and reported that fraudsters got access to a database weighing over 17 gigabytes.
Upon registration in Pi Network, clients were forced to fill in personal details, including ID document numbers, home addresses, phone numbers and emails. Such a data set is a perfect gift for all kinds of fraudsters.
What is wrong with collecting confidential data
The majority of crypto platforms are interested in operating in the white legal area without breaking any laws. Most commonly, the ground of “friendship” with regulators is built upon following KYC procedures during the registration process.
KYC stands for Know Your Customer and includes a set of procedures aimed at verifying the user’s identity. Most commonly, users provide platforms with ID scans & selfies.
Fully anonymous cryptocurrency transactions stand in the governing agency’s way. In their view, confidentiality in financial markets may lead to a spike in illegal activities. With the anonymous nature of such transactions, regulators will not be able to punish wrongdoers or investigate suspicious financial activity.
Working with KYC is a compromise that allows users to legally transact with cryptocurrencies and allows businesses to legally offer instruments to work with digital instruments. That being said, personal data leakages became the “other side of the coin” offered by regulators’ schemes.
How to safeguard your personal data
It is impossible to fully waive KYC procedures in the crypto industry. Should that happen, regulators will be forced to ban cryptocurrencies since anonymous transactions will be seen as a financial market security threat. At the same time, providing third parties with confidential data is indeed dangerous, especially in light of the industry’s history. The solution to this problem is offered by the Czech company Hashbon. The team developed the “anonymous KYC” scheme with its core element in the form of a digital document – the NFT passport Hashbon Pass. Here is how it works:
- The NFT passport Hashbon Pass comes in the form of a non-fungible token (NFT). All information about the digital asset is registered on the blockchain. A decentralized approach to data storage allows the technology to guarantee its authenticity.
- To get the NFT passport Hashbon Pass, users should provide the platform’s verifiers with all the necessary data for KYC. If all is good, the system issues the digital document to the user.
- After that, to pass KYC procedures on some platforms, it will be enough to use Hashbon Pass. The passport itself contains no personal information but your age, citizenship and nickname. Therefore, confidential data will never be in the hands of third parties. At the same time, the platform where the user registers will get all necessary confirmations necessary for verification purposes. Should it be needed, governing agencies can request the data directly from licensed verifiers listed by Hashbon.
Hashbon Pass’ interaction scheme
The NFT passport Hashbon Pass not only safeguards personal data from leakages, but also saves time. Now instead of going through registrations, again and again then filling in a captcha, it is enough to just register an account and pass verification with one click.
Opportunities provided by the NFT passport Hashbon Pass
Interesting! The NFT passport Hashbon Pass can be used not only within the crypto industry, it’s also well-suited for the world of traditional finance. In fact, a digital document is a universal ID token.
Hashbon’s offering is especially relevant for platform owners that ask users to follow KYC procedures. Integration of the project will increase business appeal by providing safety assurances.
The Hashbon Pass launch is planned for June 30, 2022. Follow the project’s updates and request a demo version of the service on the official Hashbon website.