Is KYC Putting Crypto Exchange Users at Risk of Hacks?

Reading Time: 2 minutes

You might think that your data is safe when you use it complete crypto exchange know your customer (KYC) processes. However, new evidence has come to light, which shows that it could actually put you at a greater risk of having your cryptos stolen. All crypto exchanges have humans during at least one phase of the KYC process – and as history shows humans are corruptible.
According to, for a few dollars you can get your hands on illegally obtained scans of passports. While for a few more dollars even an ID card with a selfie could fall in your direction. This could make you think twice about using a KYC-enabled crypto exchange in the future.

Hackers Can Access Your Personal Information

If there is a KYC process, it means there is a centralized system in place. The greatest issue with centralized systems is that they are hackable – meaning your data is in danger. If a hacker is motivated enough – usually paid well by malicious parties – then they can divert their time and resources to stealing databases of personal and sensitive information from crypto exchanges. It’s as simple as placing a malicious piece of code in a random email sent to staff. If the staff member clicks a compromised link or downloads an infected file, its game over for your data – as the entire network has just been breached.

Using This Data to Bypass 2FA

Once the malicious party has your ID card and passport information, they can hop onto live chat with the exchange and say that they lost access to their 2FA. The exchange will then ask for these ID card selfies or passport scans to verify they are who they say they are, and will then give them access to your account on the exchange. You can then say goodbye to any cryptos you had stored on the exchange.

Scam ICOs Could Also Be a Backdoor

Now, you’re probably thinking about who has access to your ID card and passport. Consider how many sites have asked you for this over the years – quite a few, right? A seemingly innocent ICO could request these to verify you as an investor, but it could actually be a scam designed to steal this information. On top of this, people often use the same email and password combination for every site – a very dangerous habit by the way – meaning these scam ICOs not only have the money you sent them, but also access to your email accounts, crypto exchange funds, and plenty else. This is one of the main reasons we are so cautious and hesitant about the recent Initiative Q project.
Next time you’re thinking about signing up to an ICO – think twice. Perhaps use a new password and only send an ID card with a picture if you’re 100% sure that it’s legitimate. As for the risk with crypto exchanges being hacked, there isn’t much you can do to protect yourself. This responsibility comes down to the exchanges themselves, but there are steps you can take to mitigate risk.
The number one rule for using crypto exchanges is never leave your cryptos on the exchange. This means that even if a hacker has access to your account, there is nothing at hand to steal. It’s better to be safe than sorry, especially in the crypto world.