Reported by David Balaban

In March 2024, European Parliament committees approved a ban on anonymous digital asset transfers. If the EU Council and Parliament adopt these laws, they will take effect in three years. Some cybersecurity and cryptocurrency experts believe that mandatory user verification (KYC) could compromise personal data security.

The Security Risks Introduced by KYC Protocols

Ledger, a hardware wallet maker, launched a new service that allows for the recovery of private keys through KYC procedures, addressing a perceived need among beginner investors. The service, named Ledger Recover, works by splitting the seed phrase into three encrypted parts, which are then securely stored with external custodians.

Ledger identifies a key issue with self-managed cryptocurrency storage as the challenge of recovering seed phrases. Many users today either do not control their private keys or compromise their security by relying on less secure, complex methods for non-custodial storage and protecting their seed phrases.

The crypto community has had mixed reactions to Ledger Recover. Experts in the field argue that the service undermines the security model of hardware wallets by incorporating an API that could potentially reveal the seed phrase. Additionally, there is a concern that government authorities could subpoena the custodians holding the encrypted seed phrase fragments, potentially gaining access to users’ funds.

This is not the only risk associated with verification services: showing your passport to regain access to an account means that attackers could potentially do the same.

KYC and cryptocurrency inherently clash, both philosophically and technically. In traditional finance, people use documents to prove asset ownership, such as to claim inheritance or contest unauthorized transactions. This approach does not align well with the decentralized and anonymous ethos of cryptocurrency.

In the blockchain world, once a transaction occurs, it is permanent; a hacker’s withdrawal cannot be reversed. Practically, KYC may actually provide more opportunities for theft than it does for asset recovery.

The negative sentiment towards KYC in the crypto community is largely due to its reliance on third parties. Experienced crypto users often dislike KYC not because they seek to evade taxes or launder money but because it means losing control over their personal data. There is uncertainty about how securely services store personal information, and there have been numerous incidents of data breaches.

Read full report: https://www.forbes.com/sites/davidbalaban/2024/04/28/user-verification-in-crypto-a-path-toward-or-away-from-security/?sh=5e30636739b6