KYC doesn’t just put your data at risk; it puts people at risk.
Hackers recently demanded $20 million in Bitcoin from Coinbase, threatening to leak sensitive customer data.
While no passwords or private keys were accessed, the attackers obtained full names, addresses, contact details, partial Social Security and bank account numbers, and identity documents. This is the kind of data that can be weaponised for identity theft, fraud, or worse.
This is exactly the kind of risk I raised on the compliance panel at the Financial Times Digital Assets Summit last week. While KYC and compliance frameworks are presented as security features, they often do the opposite. They create massive, centralised honeypots of personal data that can and do get breached, sold, or exploited.
We’ve seen what can happen when that data gets into the wrong hands. Earlier this year, David Balland, the co-founder of Ledger, was kidnapped along with his wife. His captors cut off one of his fingers and sent it to a business associate to demand crypto ransom. He was rescued by French special forces, but the message was clear: real-world consequences are now linked to digital identity exposure.
We need better solutions that don’t force users to sacrifice privacy and safety for access.
Compliance shouldn’t come at the cost of security.
Susie / Susie Violet
npub1hw…503sg
2025-05-16 10:37:08
Author Public Key
npub1hwgw0uznr49t4gullpgfz4m5xnakl5a0l88m3k382xv7ys0tfmlsd503sgPublished at
2025-05-16 10:37:08Event JSON
{
"id": "82b426f274dbc412aed3c3b1b989a9f17f6b0b44e233727d6217ecf22c167669",
"pubkey": "bb90e7f0531d4abaa39ff85091577434fb6fd3aff9cfb8da275199e241eb4eff",
"created_at": 1747391828,
"kind": 1,
"tags": [],
"content": "KYC doesn’t just put your data at risk; it puts people at risk.\n\nHackers recently demanded $20 million in Bitcoin from Coinbase, threatening to leak sensitive customer data. \n\nWhile no passwords or private keys were accessed, the attackers obtained full names, addresses, contact details, partial Social Security and bank account numbers, and identity documents. This is the kind of data that can be weaponised for identity theft, fraud, or worse. \n\nThis is exactly the kind of risk I raised on the compliance panel at the Financial Times Digital Assets Summit last week. While KYC and compliance frameworks are presented as security features, they often do the opposite. They create massive, centralised honeypots of personal data that can and do get breached, sold, or exploited.\n\nWe’ve seen what can happen when that data gets into the wrong hands. Earlier this year, David Balland, the co-founder of Ledger, was kidnapped along with his wife. His captors cut off one of his fingers and sent it to a business associate to demand crypto ransom. He was rescued by French special forces, but the message was clear: real-world consequences are now linked to digital identity exposure.\n\nWe need better solutions that don’t force users to sacrifice privacy and safety for access. \n\nCompliance shouldn’t come at the cost of security.\nhttps://blossom.primal.net/ac486e1dd87c2d3cb7de7f212911db32b4562b13e1faae0038e875e8b7183f4d.mov",
"sig": "acfce235d3737db79dbf2a0419b742d34940508ab81b0ea25918c51b434c4566cb04e0cb8494841e11b89545144f0c8b07adf58ffbf943fdcf1286a87178a358"
}