Last week, a crypto launchpad doxxed 4,500 users it considered to be “bad actors.” A community manager posted the list of users and their private details on the company’s discord, alleging that the named users were ‘gaming’ their DAO’s airdrop.
This sort of doxing of users is clearly unacceptable. Any centralized platform requires some degree of trust, and this kind of careless behavior around user privacy only damages that trust at a time when the industry is already suffering from a dearth of it.
CoinList always strives to keep user information secure, regardless of a particular user’s account status. In light of this news, we wanted to reiterate why we KYC at CoinList, how this protects our users, and what we do with that data.
What is KYC?
KYC stands for Know Your Customer. It’s a set of processes for collecting identifying information about a user including their name, address, a selfie, and a picture of their ID. For businesses, this might also include documentation like articles of incorporation, details of the corporate structure, and information about company shareholders.
The premise here is that knowing your customers — performing identity verification, reviewing their financial activities, and assessing their risk factors — allows us, at times in cooperation with law enforcement, to prevent money laundering, terrorist financing, and other types of illicit financial activities.
Why we KYC
First and foremost, we KYC our users because it is required by applicable law. In order for any user—whether an individual or institution—to transact on CoinList they need to first go through our KYC and onboarding process. KYC is intended to prevent financial crime, identity theft, fraud, money laundering, and financing of terrorism. This is a common requirement for financial institutions in both TradFi and crypto.
KYC protects our users. The crypto space is rife with fraud, but requiring users to identify themselves helps to mitigate this and related risks on our platform. For example, community sales often attract fraudsters who try to create duplicate accounts to game our systems and others who buy fake accounts to increase their chances of winning an allocation. The KYC procedures are our primary tool in preventing individuals from creating hundreds of accounts and fraudulently transacting with our platform or other users.
KYC, however, is only one piece of the puzzle. Bad actors are constantly evolving their techniques and make great efforts to thwart our fraud detection systems. We aim to stay one step ahead of the fraudsters, responding quickly when new fraud patterns emerge to ensure that good, legitimate users are able to access a fair, rule-based platform and our token sales remain open to our community.
What we do with your data?
Your privacy and the security of your data is our highest priority. We use a collection of tools to run fraud and KYC checks on your information to meet our regulatory obligations, but we never release publicly or sell your personal data.
CoinList uses all of the security controls you would expect from a company dealing with sensitive data such as two factor authentication and hardware security tokens for access to systems, encryption of data, controlled access, regular security testing and more.
Finally, if you have any support-related questions, please submit a ticket here or DM us on Twitter at @CoinListSupport.
This blog post is being distributed by Amalgamated Token Services Inc., dba “CoinList,” or one of its subsidiaries. CoinList does not provide—and this post shall not be construed as—investment, legal or tax advice. This blog post and use of the CoinList website is subject to certain disclosures, restrictions and risks, available here.