Celsius data leak: How KYC becomes a personal risk

The insolvent crypto company Celsius is to blame for a data leak that makes all users of the service and their assets public. Once again, the state-mandated KYC measures are to blame for the event. Why identification is always a personal risk.

Table of Contents

Celsius: User data leaks to the public

In July, the Celsius Network filed for bankruptcy . The crypto lender speculated during the ongoing bear market. Now the New York company is once again in the public eye.

During the court proceedings surrounding Celsius’s bankruptcy, the company sent a PDF file, which was then made public. The Internet Archive , where the leak was available until a few hours ago, has since removed the file for privacy reasons.

It shows the names of tens of thousands of Celsius customers. Each individual name is stored with the exact systems and activities within the crypto lender. In addition to normal users, there are also well-known names.

You can get a glimpse of the investments of Celsius founder Alex Mashinsky , who has been ridiculed in the crypto scene since his company went bankrupt.

KYC to blame for data leak

In order for the sensitive data to become public in the first place, they first had to be collected. This has been done on behalf of KYC since 2016. The identification process is a government-mandated measure that gradually engulfed all centralized crypto exchanges.

KYC is intended to combat terrorist financing, money laundering, tax evasion or cybercrime such as fraud and hacking. The fact that this identification process can be detrimental to the user is not new knowledge.

There have been repeated data leaks over the past few years. Since KYC combines the customer’s date of birth with their email address, home address and a personal photo, the process can quickly become a momentous danger.

If unauthorized persons gain access to KYC data, the data often ends up on the dark web . There they are sold in marketplaces and used for identity fraud. The associated risks are then borne by the victim, who had to share their data with a crypto exchange.

How bad is the Celsius data leak?

In the case of the Celsius data leak, the situation is not quite as bad. The company removed the home address of all customers in advance. In addition, there are no portraits or moving images, which are also necessary for KYC.

Unauthorized persons cannot use the Celsius customer data alone to carry out identity theft. Nevertheless, people can be injured by the leak. Great fortunes are thus unearthed that may previously have been unknown.

Criminals can always benefit from this knowledge. A specific incident shows that people who are in the public eye can also experience damage to their reputation.

Investments by crypto YouTuber Lark Davis , for example, who had a mixed relationship with Celsius in the past, have become known. Subscribers report that Davis has long been an opponent of the lender.

Eventually, Davis changed his mind. Apparently due to a joint deal. The YouTuber then recommended the service to his followers.

According to the document, Davis made a $2.5 million payout from Celsius in June. This happened just days before the service halted all withdrawals.

The temporal proximity of both events gives many of his viewers the feeling that this is an internal collusion . Davis only warned his followers of a possible bankruptcy a few days later. For many investors, a withdrawal was already impossible.