Leaked Exchange Customer Data Land on Dark Web Markets

Obligatory KYC means exchanges or screening companies now own sensitive data, including passport information.

As know your customer (KYC) and anti-money laundering (AML) screening procedures become the norm for most exchanges, the information collected has been put in danger. Reports suggest some of the KYC data may have been leaked and are being traded on dark markets.

KYC on exchanges can be very thorough, requiring even passport scans. The most recent report, initially appearing on CCN, suggests that a hacker has been selling the scanned information in batches in the past few months.

Reddit users have expressed skepticism, saying this may be simply fear-mongering as doubts about user data getting leaked have surfaced in the past.

Real cases of leaked passport information have happened before, especially during peak times of interest in trading digital assets. One example was Bittrex, where a system overwhelmed with requests sent sensitive data over an insecure connection, exposing passports, names, and other information.

Binance, which only recently started KYC tracking, has been swamped with requests but claims to have the process under control. Leaked personal details may be used to create fake accounts, as well as perpetrate identity theft.

The mass gathering of data picked up pace in 2018, when digital asset trading was seen as a potential way of financing terrorism or hiding funds. In the past, some exchanges allowed fully free trading and withdrawals without KYC, but standards were tightened to get new traders on board. Additionally, markets closed off access to a list of countries considered to be posing the risk of attempted terrorism financing, as well as countries under trade embargoes.

With extensive data storage, either by the exchange or by third parties, the potential for information theft increases, as explained by experts:


In the crypto sector, various forms of KYC screening have been applied to initial coin offerings (ICOs) as well to limit the access of certain buyers to the token sales. In a rare attempt to legitimize a cryptocurrency, Electroneum (ETN) tried to roll out built-in screening into its mobile wallet.

KYC and AML procedures usually consume time and resources, previously prompting exchanges to give up on certain regions.

Reading now