Original article "To submit, or not to submit", by Dana J. Wright, translated by Odaily Planet Daily jk.
Human intuition is an incredible tool. We encounter many things in our daily lives that are so profound and complex that we cannot fully understand them at our current stage of cognitive development.
Online data collection is a perfect example. When you sign up for an app or service, you have no idea what will happen to your name, email address, location, biometric data, and any other information you submit.
Yet, you are always making decisions.
When you enter a create account page, contact form, or input payment details page, you consciously or unconsciously quickly assess how much you trust the company or platform, then weigh how much you want something after the data collection step, and then decide whether to submit.
Just a few days ago, I encountered such a situation myself.
Here is a quick review of my decision-making process, what my intuition told me, why I decided to do it, and the consequences of making the wrong choice in these situations.
The story starts with this email
In November 2022, as the entire FTX empire collapsed, BlockFi.US ceased operations due to the purchase of its controlling stake, prohibiting customer withdrawals, and filing for bankruptcy.
The amount of my assets in BlockFi was not large, but it was not completely negligible. After learning about the bankruptcy process of other unlucky crypto companies like Celsius and Voyager, I did not have much hope of getting back these funds.
So, this email was a pleasant surprise for me. (At least at the time.)
Withdrawal request
BlockFi's second email: Received withdrawal request.
The withdrawal seemed straightforward.
I selected the assets to transfer, entered the amount and my wallet address. I initially only entered a small amount to test and ensure everything went smoothly, a habit I developed after many painful lessons.
Shortly after, I received a confirmation email containing a summary of the withdrawal, but I did not receive the funds in my wallet. It is not uncommon for transfers from centralized exchanges to take a long time, so I was not too worried about it and continued with my daily life.
"Shotgun KYC"
BlockFi's third email requested identity verification.
A few hours later, I received another email from BlockFi, stating that to complete the withdrawal request, I needed to submit identity verification.
This scam is known as "Shotgun KYC" in the crypto community.
This is when a trading platform allows you to transfer as much funds into your account with as little resistance as possible, but when you try to withdraw funds, you are plagued with cumbersome identity verification processes that can take a long time.
Users of various exchanges report that KYC processing can take several months, and sometimes accounts are frozen indefinitely.
By the way, the term "Shotgun KYC" was coined by odell in 2019.
To submit, or not to submit
Identity verification form from BlockFi's third-party KYC provider.
Without beating around the bush, I submitted.
I submitted six sensitive pieces of personal identity information, my official ID, and a biometric check (biometric facial scan).
Looking back, the reasons are as follows:
In this case, there is a reasonable reason for identity verification besides financial monitoring, namely, the law firm may need to verify that the withdrawer is actually the legitimate holder of the claim;
The email said that the withdrawal process could take up to 90 days, and I knew it could actually take several months, so I wanted to get in line as soon as possible;
For me, it was worth taking the risk to get back a significant amount of funds.
Different people assign different monetary values to their data. If you are a millionaire, then you may need to undergo full KYC and bear the compensation required for these risks, which may be in the millions, or not worth it at all.
For me, the threshold is much lower.
It is important to understand that you should set a "premium" on your identity data.
Over time, the likelihood that platforms will sell information to third parties or be hacked is almost 100%, so you need to be compensated accordingly.
Consideration of risks and benefits
Blockfi's email told me that identity verification helps protect their account and assets. This is a complete lie.
When I read this in BlockFi's email, I just rolled my eyes. I fully understand that this is a harmful lie. Submitting KYC (Know Your Customer) data exposes individuals to various attacks they have never had to worry about before.
Specifically, there are several points:
If your account is hacked, the information contained in it is enough for thieves to not only steal your funds but also steal your identity. Depending on your net worth and the amount you have stored on the exchange, your KYC information may be far more valuable than your funds. Once hackers gain access to your account, all this information can usually be downloaded directly from the settings menu, usually located in the privacy settings.
As exchanges lose customer funds due to hacking, they immediately face legal, reputational, and financial disasters, but not so with customer data. I have not seen any enterprise that has lost data due to a hack directly compensate customers.
If the exchange shares your data, the possibility of where your data may ultimately end up is endless. This is the most worrying point, as exchanges do provide your data to analytics companies, other financial institutions, and government agencies. Most exchanges now outsource the entire KYC process to third parties. For example, this company claims to store KYC data for over 1000 platforms. (I didn't even know there were 1000 cryptocurrency platforms.)
Once these third parties have your data, you completely lose control over it and waive any right to recourse when the data is leaked.
And this data will definitely be leaked, it's only a matter of time.
Hacker attack
BlockFi's fourth email notified me that my data had been hacked.
On August 24th (just seven days after the first email was sent), I received an email from BlockFi stating that their KYC provider had suffered a data breach, and unauthorized third parties had obtained a large amount of customer data.
It's really laughable and exasperating.
From the timing, I believe the attackers may have already gained access to the relevant systems.
They may have just been waiting for BlockFi to open withdrawals and force tens of thousands of people to submit their data. Then they struck.
These are usually seasoned hackers.
Final thoughts
In hindsight, if I knew my data would be leaked immediately, would I still submit?
Actually, yes. My KYC data has been hacked multiple times. If not, perhaps I would have had different considerations, but the fact is I no longer care.
However, for those who have not had their biometric data and official ID collected and traded on the dark web multiple times, it is crucial to understand that submitting KYC is an extremely dangerous act.
At best, it greatly increases the risk of your identity being stolen. Worst of all, it is a tool for large-scale financial monitoring. All three-letter agencies have backdoors and use this data in ways that you may never agree to.
The bottom line is: your data is only safe if it has never been collected.
So the next time you stare at these forms, realize how important the requested information is, trust your intuition, and walk away if the reward is not worth it.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
