Security expert demonstrated how KuCoin and Huobi unexpectedly failed the KYC test

CipherBlade founder Rich Sanders tested KYC procedures on Kucoin and Huobi mega-exchanges. His research has shown that these processes on exchanges are more of a formality than a real effort to stop scammers.

“Know your client” or one-man theater

However, as cryptocurrency markets have developed, some major exchanges that operate as fiat platforms have recognized the need for strict KYC and AML programs to appease authorities and ensure that attackers cannot take advantage of their platforms.

Others, however, seem to use the KYC procedure simply as a formality. Blockchain analysis firms such as CipherTrace, Chainalysis and CipherBlade have a detailed understanding of the blockchain ecosystem, and it is their teams that are best equipped to understand not only the movement of cryptocurrencies, but also the security practices on various exchanges.

A recent CipherTrace report found that 56% of global crypto exchanges have weak identification protocols. The report says that despite existing crypto-AML regulations, many countries continue to accept virtual asset service providers (VASPs) with insufficient KYC. CipherTrace reports that in 2020, 56% of VASPs worldwide have weak or porous KYC processes, meaning that money laundering individuals can use these VASPs to deposit or withdraw their illegally obtained funds with or without minimal KYC.

More transparent VASPs which allow deposits and withdrawals with minimal or zero KYC, run the risk of encountering traditional money laundering tricks such as structuring.

High level of security

and submitted photos of himself in the image during the KYC process.

And he successfully went through the procedure in both cases.

Rich Sanders commented on all this as follows:

“KYC is just one of several aspects of the compliance program. Saying this is important may give the impression that I am a proponent of increased KYC requirements, which is largely incorrect. However, if you are going to develop a compliance program, it is important to do it correctly.

Signaling the virtue of KYC is more destructive than not having it at all. For example, ICO in the 2017 era were notorious for enforcing the rules of virtue. They simply collected all the identity documents sent by people and performed a visual inspection. Instead of spending money on Onfido (an identity platform), they had a community manager with zero compliance experience who looked at IDs.

As you can see, this is still happening now on major exchanges. Just amazing. Many in our industry criticize banks, and rightly so. How are we going to replace the banks if I can do this trick?

I’m trying to emphasize that, both in AML programs and in everything else — just taking these exchanges at their word won’t work. Exchanges such as Huobi and KuCoin say something like “we take compliance seriously”, but in reality this is far from the case”.

Source: https://news.bit.team/security-expert-demonstrated-how-kucoin-and-huobi-unexpectedly-failed-the-kyc-test/

Official website: bit.team