Could KYC (Know Your Customer) Practices Be Making Crypto Merchants Susceptible to Hacks?
It is common for many cryptocurrency holders to get the false assumption that their digital assets are safe in their wallets provided that they have the 2FA system in place. Many reason that it is not possible for a third party to gain access to their tokens as the two-factor authentication system often relies on the use of random codes that are changing all the times.
But this may not be the case if the discussion taking place on Reddit holds any merit. The post appearing on the discussion forum states that hackers have devised new ways of gaining access to a crypto holder’s wallet. How do they do this? By manipulating the Know Your Customer practices.
Almost all exchanges dealing in, or trading cryptocurrencies have put in place strict KYC practices that all clients ought to abide by. Some of these procedures involve the use of documents that can be used to identify a wallet holder. Identity documents in almost all cases often involve the use of selfies, passport photos, utility bills, and ID photos.
An exchange can request for a combination of any of these documents. Where selfies are required, one needs to take a clear picture of themselves holding an identity document that can include any of the documents mentioned above.
Enter the Dark Web
Once these documents have been uploaded online, their value instantly increases. This is particularly the case when dealing with passports. For those not well-versed with the Dark Web, it is essential to note that you can buy or sell anything here. For instance, a normal passport scan will typically cost you around fifteen dollars on the Dark Web.
If this passport is to be accompanied by proof of identification, e.g., a utility bill or a selfie, its price instantly increases to sixty-two dollars. According to Comparitech’s editor, Paul Bischoff, the reason the price varies is that one is required to provide multiple identification documents if they are to pass the proof-of-identification and proof-of-address checks that have been placed on such sites.
The purpose of putting these measures in place is to help an individual regain access to their accounts in case they forget their log-in details. One is required to furnish all this information before they can be allowed to reset their passwords and regain control of the cryptocurrency wallet or crypto trading account.
Gamm86, a Reddit user posted on the thread stating that it is very possible for hackers to bypass the two-factor authentication system. A hacker looking to do this will only need to report to the exchange claiming that they lost access to their 2FA, which is common whenever a person loses physical access to their mobile devices.
Once contacted, the exchange will typically request the user to provide proof that they are who they claim to be–the hacker will only need to use the documents they purchased from the Dark Web to provide this proof. When the documents are sent to the exchange, they will either remove the two-factor authentication system or reset the codes. This means that the hacker will now have an opportunity to access your wallet and your funds.