KYC is a process known as “Know Your Customer.” It is needed to ensure the customer exists and has the ability to assess potential risks of illegal intentions for a business relationship.
A lot of projects running a crowdsale require KYC and you must pass before you are allowed to invest into the project. A lot of exchanges also require your information before allowing you to take action on their site.
With all the high profile exchange hacks happening in 2019 already, I think it’s best to bring this article to light (all discovered documents, both stolen and dumped, have been sent to the respective exchange fraud teams).
The following is a key example of why you should be careful with your information.
https://miro.medium.com/max/700/0*4JJmqjC36BXO5_uG
Be careful when handing over your information.
I was recently forwarded a crypto project to investigate after it was discovered that the team photos on their website were faked — for example, their CMO named Rizwan Gray is represented with a picture of a Professor at Fairleigh Dickinson University named Dr. Jonathan Schiff.
My contact did some good initial investigation, and I had some time, so I confirmed their findings and tried to find anything else to warrant a blacklist across the lists I manage.
What I found was disturbing.
The project is running on WordPress — which inherently isn’t that bad — but WordPress isn’t the pinnacle of security, and is especially bad for a project running an ICO which requires KYC documents.
I browsed the directory that stores the WordPress uploads… and over 15,000 KYC documents were listed.
15,000 documents listed publicly.
15,000 documents available for all.
Keep in mind that this project is still in the pre-sale stage, so I’d expect there to be more than 15,000 documents once the project opens the sale to the public. The first ID document was uploaded to the server on 2018–08–29.
Let’s go through what was listed (a rough list — I haven’t looked through all ~15k documents):