Bittrex Leaks Passports, Shows User Data Over Unsafe Connections

Everyone wants in on Bitcoin. But the KYC processes represent one weak spot, which recently spouted a leak through the procedure of Bittrex.

Owning Bitcoin for retail investors is not an anonymous affair. Going through an exchange entails a KYC process taking passport data and other sensitive information. Now, a Russian telegram channel revealed leaked passports, due to a haphazard back office process in which manual user verification sent passport data and compromised users' confidentiality.

Users have complained about slow verification, but now it turns out it is also unsafe:

The messages about Bittrex are still hanging in the Russian telegram chat, with a screenshot of visible passport attachments seen. A user who tried to get verified on Bittrex also received passport data for several other users going through KYC.

"Do you want to see something insane? Bittrex mixed up its manual user verification of accounts. Right now, I am seeing the passport of one Nourbek, and his selfie."

At least if the screenshot is real, this means that KYC procedures may be way more troublesome. With passport data being sent here and there for ICOs and exchanges, a major data leak may be a matter of time.

The regulations for account verification are also one avenue for catching scammers. While stealing Bitcoin is a possibility, exchanging it in any significant amounts requires a detailed process. At the moment, it is possible that the data of the "John Dass" thief who took away 300 BTC and 300 BTG may be available in a small exchange, waiting for a legal order to hand over the information.

The other major issue with KYC processes and passport verification is that citizens of several countries may be disproportionately targeted, in a veiled ban on Bitcoin free usage and exchange. The regions that have reported singling out for a more difficult verification include Turkey, Russia, Syria and Iran.