A major Coinbase insider scandal has exposed the personal data of 70,000 users, reigniting debates over whether Know Your Customer (KYC) rules are doing more harm than good in the crypto space.
What Happened?
In December 2024, hackers bribed Coinbase’s overseas customer support agents to steal sensitive user information—including government IDs, home addresses, and selfies. The breach was only disclosed in May 2025, raising serious concerns about centralized exchanges’ security practices.
The Flaws in KYC Systems
KYC was designed to prevent fraud and money laundering, but in reality:
-
Fake IDs easily bypass checks (AI-generated passports can fool verification systems).
-
Darknet markets sell pre-verified accounts for pennies.
-
Hackers target exchanges’ weak points (like bribing employees).
In 2024, blockchain investigator ZachXBT demonstrated how he bypassed Gate.io’s KYC using a fake "Kim Jong-Un" identity in minutes.
Victims Speak Out
Lisa Loud, an executive at Secret Foundation, believes her data was compromised in the leak after receiving multiple phishing attempts:
Can Zero-Knowledge Proofs Fix This?
Some argue ZK-proofs could replace KYC by:
✔ Proving identity without revealing personal data.
✔ Reducing repeated verifications across platforms.
But adoption is slow due to:
✖ High computational costs.
✖ Regulatory hesitation.
Will KYC Disappear? Unlikely.
Despite its flaws, cybersecurity expert Ilia Kolochenko (ImmuniWeb CEO) predicts:
How to Protect Yourself
If affected:
-
Enable 2FA everywhere.
-
Change compromised phone numbers/emails.
-
Monitor for phishing scams.
The Bigger Picture
This breach highlights a critical conflict:
Is decentralized identity verification the future? Or will KYC keep failing users?
