Coinbase Data Breach Will 'Lead To People Dying,' TechCrunch Founder Says

An anonymous reader quotes a report from Decrypt: The founder of online news publication TechCrunch has claimed that Coinbase's recent data breach "will lead to people dying," amid a wave of kidnap attempts targeting high-net-worth crypto holders. TechCrunch founder and venture capitalist Michael Arrington added that this should be a point of reflection for regulators to re-think the importance of know-your-customer (KYC), a process that requires users to confirm their identity to a platform. He also called for prison time for executives that fail to "adequately protect" customer information.

"This hack -- which includes home addresses and account balances -- will lead to people dying. It probably has already," he tweeted. "The human cost, denominated in misery, is much larger than the $400 million or so they think it will actually cost the company to reimburse people." [...] He believes that people are in immediate physical danger following the breach, which exposed data including names, addresses, phone numbers, emails, government-ID images, and more.

Arrington believes that in the wake of these attacks, crypto companies that handle user data need to be much more careful than they currently are. "Combining these KYC laws with corporate profit maximization and lax laws on penalties for hacks like these means these issues will continue to happen," he tweeted. "Both governments and corporations need to step up to stop this. As I said, the cost can only be measured in human suffering." Former Coinbase chief technology officer Balaji Srinivasan pushed back on Arrington's position that executives should be punished, arguing that regulators are forcing KYC onto unwilling companies. "When enough people die, the laws may change," Arrington hit back.

Oh well

[registrations_suck]

If you can afford crypto to be worth going after, you can afford some guns to defend yourself.

Re:

[gweihir]

Unfortunately, it is not that simple. Even the rich depend on society being mostly non-broken and that includes abductions being rare.

Re:Oh well

[Mr. Dollar Ton]

Well, as the newest modern American curse apparently goes, "may you have the day you voted for". The cryptobruhs have traditionally opposed government regulations of their sector any kind, certainly those that deal with personal data.

It is quite obvious why, too, a lot of the "crypto" is simply tax evasion.

So now they are going to deservedly experience first-hand the results of the "industry-mandated" and "industry executed" measures that "protect" their identity.

Re:

[gweihir]

You do not get it. If society degrades or collapses, _you_ will be affected as well.

Re:Oh well

[coop247]

We want a currency that is free from government control and laws!

Also, government, please protect me and enforce laws!

Making Lemonade

[careysub]

... amid a wave of kidnap attempts targeting high-net-worth crypto holders... Arrington added that this should be a point of reflection for regulators to re-think the importance of know-your-customer (KYC), a process that requires users to confirm their identity to a platform

Due to this urgent danger to rich people rules should be changed so that they can move cash around anonymously. If they can use this "crisis" to push this through it will have been well worth it. On to the next crisis!

Re:

[Iamthecheese]

Anonymous movement of money is essential to liberty. What the rich want more than freer movement of their own money (they already have many ways) is a way to track yours.

Re:Making Lemonade

[careysub]

If you read the whole article it gets even better.

You see the problem is that these crypto companies don't want to collect this information and so can't be held responsible if they don't protect it.

I am dubious that "because If don't want to" is a valid legal doctrine to escape government regulations. It would seem most businesses everywhere would avail them of this protection immediately, if available.

Re:Making Lemonade

[Rinnon]

You see the problem is that these crypto companies don't want to collect this information and so can't be held responsible if they don't protect it.

Among other things they don't want to do, such as having to follow all the OTHER laws, like anti-money-laundering, anti-terrorism-funding, etc. that come along with "knowing your customer". It'd be so much easier to just do business with everyone equally. Don't ask, don't tell!

Re:

[dinfinity]

TRWTF is that we're still unnecessarily storing very personal information like addresses in duplicate across all kinds of locations where it isn't needed.

We should have already transitioned to a system where your national government stores your information (as they already do anyway) and passes the minimum amount of information required to an external party based on the authorization you have given, i.e. something like how you can give external applications access to specific bits of your Google account.

The

Re:

[JamesTRexx]

I'm all for this rule. Then I can anonymously declare that I am rich and never need to show ID for any site.

I already drop site memberships when they make ID mandatory. Just them saying they will never give out the information does not mean that information is (forever) secure. It's not even at supposedly highly secured companies what with the weekly or so high profile breaches everywhere.

If I was a high net worth crypto holder

[rsilvergun]

I would be far more worried about law enforcement getting a hold of that information.

I mean in America you can wander all the money you want thanks to November but I'm not so sure the rest of the world is going to be A-OK with that.

Can you laugh yourself to death?

[Anonymous Coward]

For the moment I'm ROFLMAO

Re:Can you laugh yourself to death?

[careysub]

Will no one think of the high-net worth crypto holders? Oh the humanity!

Re:

[TurboStar]

Will no one think of the high-net worth crypto holders?

Plenty of kidnappers are thinking this way, if the article is to be believed. IMO, anyone involved in crypto is 100% a criminal and shouldn't depend on society for protection.

Somehow, real banks manage

[sound+vision]

Somehow, KYC has never been a problem for real banks and their customers. (Excepting when those customers are also criminals, in which case it's a huge problem for them.) So either,

(1) Banks secure their customer data better than Coinbase, or
(2) Something about Coinbase or its holdings is significantly more attractive to the criminal element than cash money.

Probably both.

Notice how crime keeps turning up every which way you look when it comes to crypto? Funny...

Re:Somehow, real banks manage

[gweihir]

Banks are higly regulated and know that they must keep their customer data safe at any cost. No comparison to the slap-dash DeFi trash that runs the crapcoin universe.

Re:

[gander666]

Damn, and me without any mod points...

Re:

[gweihir]

Thanks. It is the thought that counts.

Re:

[CoolCash]

Technically DeFi is all done on the blockchain and doesn't require KYC. If it does it's to access the interface from another country, there are now services that can do KYC and then record the proof of KYC on your wallet that you do transactions. Then that service can query that hash as proof of verification. Attach a new wallet, and you have to go through the services again.

Re:

[gweihir]

And in the real world, KYC serves to reduce crime and terrorism financing, money laundering, tax evasion and other crimes. So legally, DeFi does require KYC, the law is just (as usual) slow to catch up.

Re:

[bill_mcgonigle]

> Somehow, KYC has never been a problem for real banks and their customers

Last I heard banks were being hacked to about $40B per year.

The money is transferred away digitally and the banks just cover it (or they have the Fed print more dollars to cover it).

Most crypto holders have a majority of their funds in self-custody so criminals will want to torture them for their keys.

Re:

[anoncoward69]

Real banks don't have as much issue as crypto because of how archaic it is. Everyone knows Elon Musk is worth billions. But you're not going to easily transfer 1 million out of his bank account without involving Elon himself and probably several high level people at the bank he uses. Crypto a transfer could be performed by a single person once a wallet has been compromised.

Re:

[Zak3056]

Somehow, KYC has never been a problem for real banks and their customers.

That's some fucking bullshit right there.

I tried to open a checking account for one of my kids. I've banked at that institution for decades. Kid in question has had a savings account at that bank for years. It took a fucking hour because of all the hoops that had to be jumped through. Lest you respond with "your bank sucks," my wife tried to open an account for another one of our kids at the bank she has used for decades. We left after 90 minutes, still no account set up.

The post 9/11 banking environme

Re:

[sound+vision]

Ok, did gunmen come by and force your son into a van? Because that's the kind of problem we were discussing.

If you want to discuss customer service instead, I've opened accounts with 3 different banks and never had to wait 90 minutes. And if it came down to it, I'd prefer the wait to someone else being able to open an account in my name.

I can't think of anything better...

[TheMiddleRoad]

Than a bunch of crypto assholes getting kidnapped and murdered for their funny money.

And that is a key difference in a real bank

[gweihir]

They know that their customer's data leaking will get people killed. They have laws and regulations that force them to be careful on top. There will be real penalties when they are careless. Crapcoins are just DeFi crap that makes all the old, tired, known mistakes again. The only sane move is to stay away.

Balaji Srinivasan is a bad person

[viperidaenz]

He's been one of the executives that could face jail time for their bad decisions that put their customers at risk.
Of course he's going to say it's the KYC laws that are bad, not the poorly designed systems he's responsible for creating.

Re:

[bill_mcgonigle]

> Of course he's going to say it's the KYC laws that are bad, not the poorly designed systems he's responsible for creating.

Which of these is actually possible: financial privacy through crypto or unhackable computer systems?

You need one or the other to avoid creating this murder situation.

Re:

[viperidaenz]

I don't recall the last time a bank was hacked where they got all the customers names, addresses, photos and account balances.

Re:

[Dragonslicer]

Which of these is actually possible: financial privacy through crypto or unhackable computer systems?

Why are you assuming that one of them is possible?

Shit take

[migos]

So the solution to Coinbase's shitty security is to remove KYC so that rich people can launder money better?

Regulators?

[quonset]

What does this guy mean by "regulators"? The entire point of crypto is to be unregulated. It's why these companies fought so hard and paid so many bribes to not fall under the same rules as banks, brokerage firms, and so on. They didn't want to be regulated and they got their wish.

If the people using these unregulated firms are now suddenly so worried they or their family members might be kidnapped or killed, perhaps they should have done their research to see what kind of security these unregulated companies have.

If we're supposed to feel sorry for these people or listen to what Arrington has to say, drop dead. You got your wish, now live with the consequences.

Smug Face

[drinkypoo]

Oh no!

Anyway,

Many lessons to be learned.

[Gravis Zero]

Here's one: if the amount of money you have is so obscene that people knowing that amount will put you in grave danger then are being insufficiently taxed.

Re:

[piojo]

Here's one: if the amount of money you have is so obscene that people knowing that amount will put you in grave danger then are being insufficiently taxed.

We don't have a wealth tax. For instance there is no tax that takes 10% of a rich person's money each year until they aren't rich anymore. That seems like it would be unjust, but even if you make the amount much smaller, it would disincentive keeping money in the US. Or it would have other effects you wouldn't want, for example it would be impossible to own a company unless you're also cash rich, since you'd have to sell your house or sell the company to pay the taxes. And being cash rich isn't great for th

Re:

[anoncoward69]

Taxes are usually paid on incoming money. Income from work, Income from sales, Income from dividends, Income from assets that increased in value and then were sold. If you have $1billion in cold hard cash just sitting in a vault you will NEVER be taxed on that money again. Unless you buy something with it. Sales taxes, die and have it transferred to someone, they'll have inheritance taxes on it.

Re:

[anoncoward69]

Also there technically is a way you having $1 billion in cold hard cash sitting in a vault gets taxed and that's inflation. Your 1 billion will always be 1 billion but 50 years from now that 1 billion will almost 100% certainly have less buying power than it has now.

Re:

[hjf]

depends on the country. We argentinians pay property tax on everything we own. including cash. 0.5% a year. 2.5% if it's held in an account abroad. we already paid tax when we earned that money (usually, if you are "rich enough" to pay property tax, you have been paying the 35% income tax already). and then you have to pay more every year.

and recently they introduced a "one time" rich tax, but since it was so popular with poors "yeah eat the rich" they were thinking of making it yearly too.

Re:

[Gravis Zero]

We don't have a wealth tax. For instance there is no tax that takes 10% of a rich person's money each year until they aren't rich anymore.

Sounds like a problem.

even if you make the amount much smaller, it would disincentive keeping money in the US.

Kinda sounds like there should be a conversion tax for money that exceeds are certain amount.

Or it would have other effects you wouldn't want, for example it would be impossible to own a company unless you're also cash rich, since you'd have to sell your house or sell the company to pay the taxes.

Someone might have to sell their $100M mansion? Oh, no!

And being cash rich isn't great for the economy since some of that money would be better invested in non liquid assets.

If it were actually invested, rather than the farce that is the stock market, then you might be right but alas, you are not.

Re:

[aaarrrgggh]

It is much more complicated than that. Some people have high liquid net worth and others have high total net worth. Even relatively modest retirement accounts are a pretty easy bullseye of liquid assets. Many things come down to the 2% hit rate of mail order marketing IMO. If you have easy access to data on 10,000 targets, crafting an attack that will make that 2% rate is trivial and can easily net the perpetrators $200 million.

Re:

[Gravis Zero]

crafting an attack that will make that 2% rate is trivial and can easily net the perpetrators $200 million.

OK, clearly the top 2% are insufficiently taxed.

We lose some crypto bro's ... we can cope

[butt0nm4n]

.... get a real job, make a contribution to society rather than scamming it.

This is not a KYC issue

[mysidia]

Nothing about KYC requires the companies to fail to adequately secure the information.

Nothing about KYC requires you to connect your system to the internet that holds custody of customers' account opening info.

Naturally Coinbase et all need the information to identify their customers, but there have to be ways for corporations to absolutely prevent info from leaking out of their systems en masse.

Is Michael Arrington a Stinking Liar?

[BrendaEM]

To make such an assertion, he might be.

People die every day...

[newbie_fantod]

"don't be so sentimental"

Just sell your magic beans

[js_sebastian]

If you're worried about being kidnapped for your huge amount of crypto holdings, just sell it all and put it in normal investments that are not as easily and irreversibly stolen by somebody applying a 5 dollar wrench to your knee until you give them access.