Idelto

Cryptocurrency news website

KYC

A Look at Facebook’s Diem Wallet- Token Sale Accepts 3 Cryptos, Strict KYC, Hefty Data Collection

by

A Look at Facebook's Diem Wallet- Token Sale Accepts 3 Cryptos, Strict KYC, Hefty Data Collection

During the last two years, there’s been a lot of interest in Facebook’s cryptocurrency diem (formally libra) and rumors of a nearing launch date went viral last November. Now the social media giant is advertising the crypto asset’s pre-sale heavily on the platform, as people can now purchase diem with U.S. dollars and three different cryptocurrencies.

Facebook Is Selling Diem Coins for Bitcoin, Ethereum, and Bitcoin Cash

Facebook is in the midst of the company’s token sale where individuals can invest funds in order to purchase the social media firm’s upcoming cryptocurrency. Last November, news.Bitcoin.com reported on the launch date rumors, and following the discussions, Facebook rebranded “Libra” and called the project “Diem.”

Now the crypto asset was expected to launch in January, but it seems the company is now planning to sell tokens for the next 18 days into February. Facebook has also been advertising the token sale on the social media platform regularly, in order to entice users to get in on the sale.

“We are offering a pre-sale discount for early investors,” the Diem project web portal details. “You can participate in the birth of diem and be one of the first buyers. Buy diem coins now with cryptocurrencies like bitcoin, ethereum, and bitcoin cash.”

In order to give our readers some inside perspective on the token sale, news.Bitcoin.com fired up a wallet from the Diem Association or projectdiem.io web portal. At the time of publication, 18 days until the sale ends a single DIEM is selling on the platform for 0.62 USD. It seems they are using this pre-sale period in order to gradually build the network. One very interesting fact about the Diem pre-sale is the three cryptocurrencies Facebook is willing to accept for the new coin.

Identity Verification and Data Collection

In order to purchase the token, a user needs to leverage either bitcoin (BTC), bitcoin cash (BCH), ethereum (ETH), and they can also pay with U.S. dollars. So an order of 1,000 DIEM today will cost a touch over $600 or roughly 0.019 BTC. The front page of the projectdiem.io also reveals that the company is planning to accept litecoin (LTC) too, although the option doesn’t seem to be available at the time of writing.

The deal sounds ok but people who want to purchase Diem must not only accept the fact that KYC is required, but also Facebook or the projectdiem.io tells the buyer that they “may collect information” on various things the user does.

“We may collect certain information automatically when you use our website, such as your Internet protocol (IP) address, mobile device identifier, browser type, operating system, Internet service provider, pages that you visit before and after using the website, the date and time of your visit, information about the links you click and pages you view within the Website, and other standard server log information,” the Diem terms of service (ToS) agreement states.

After a payment is successful, tokens appear in the wallet and the Diem project administrators stress that people shouldn’t abuse the system. “If we suspect you are abusing this system your account will be suspended,” the projectdiem.io wallet ToS notes. Currently, there is a 5% bonus that will end on February 15, 2021. Of course, the company also wants users to join a referral-program so early Diem participants can pass the information about Diem on to family, friends, and colleagues.

An ERC20-Compliant ‘Permissioned’ Network ‘Backed by a Basket of Currencies and Assets’

Facebook’s Diem team details that people who invite friends and such will get a bonus of “15% of the value of the contribution.” Another interesting thing to note about the Diem wallet is that the wallet address is ERC20-compliant and users are given an Ethereum-based address. “You can receive DIEM tokens to this address,” the wallet description highlights. Projectdiem.io also reveals there will be a “softcap” for 103 days for 30 million and the token “hardcap” will be 100 million.

The Diem network is a permissioned network as transactions are handled and “cryptographically entrusted to the Diem Association.” The association is made up of 27 different entities in the tech industry, telecommunications, nonprofits, and other types of organizations. Essentially, the Diem chain works by leveraging validator nodes like many centralized and permissioned blockchains. Each member of the Diem Association runs a validator node but over time the team hopes the network will build-out in a permissionless manner.

“As the network grows and becomes more self-sustaining, the Diem Association will work to gradually transition to a permissionless mode of operation,” the projectdiem.io page explains.

It is hard to say how this crypto asset will do among the 7,500+ crypto assets currently in existence. Facebook and its subsidiaries (Whatsapp, Instagram, Messenger) capture a massive user base worldwide. During the second quarter of 2020 statista stats indicate that Facebook is the largest social network globally with “2.7 billion monthly active users.” Moreover, the projectdiem.io web portal highlights that diem coin is a reserve-backed cryptocurrency.

“Unlike the majority of cryptocurrencies, diem is fully backed by a reserve of real assets. A basket of currencies and assets will be held in the Diem Reserve for every diem that is created, building trust in its intrinsic value,” the website emphasizes.

What do you think about the Diem project and the token sale? Let us know what you think about this subject in the comments section below.

Thai Financial Watchdog Asks Local Crypto Exchange to Fix Issues After Three Massive Outages

by

Thai Financial Watchdog Asks Local Crypto Exchange to Fix Issues After Three Massive Outages

The Securities and Exchange Commission of Thailand (SEC) issued an order against a local cryptocurrency exchange to temporarily stop its operations. Bitkub has been in the headlines since the start of the year due to several outages suffered in their systems.

Crypto Exchange Suffered Three Massive Outages Since the Beginning of 2021

According to Bangkok Post, the financial watchdog gave the exchange five days, starting January 20, to solve all the technical issues. Mainly, their desktop trading platform suffered three outages since January 2.

The other incidents happened on January 3 and 16, said the local media outlet. One of the reasons behind the rising number of outages is the spike in crypto prices, specifically in bitcoin (BTC). In consequence, Bitkub couldn’t handle trading volumes, stated a source quoted by Bangkok Post.

However, after being inactive for 16 hours since the SEC’s order to temporarily shut down, Bitkub re-opened its mobile application platform for trading purposes. As of press time, Bitkub’s desktop platform remains with its operations halted.

After receiving “heavy complaints” from users about the constant interruptions in the services, the SEC reportedly decided on asking the crypto exchange to shut down.

The SEC’s board met on January 18 to discuss passing a resolution requiring Bitkub to submit the rectification plan and amending issues.

Bitkub’s Crypto Market Share in Thailand

Bangkok Post states that Bitkub is considered the most popular crypto exchange in Thailand. In fact, they have a 97% share of the market based on the volume of accounts and daily trading.

The company reported on January 7 that they have about 800,000 active trading accounts. However, an anonymous source told the media outlet there are just 300,000 – 400,000 accounts. By quoting the person familiar with the matter, Bangkok Post explained:

The discrepancy in figures suggests there are still plenty of new accounts that have not yet been verified through the know-your-customers (KYC) process and are thus unable to be used for trading on the platform.

What do you think about the SEC’s order on the Thai crypto exchange? Let us know in the comments section below.

Russian Crypto Exchange Shuts Down Amid Accusations of Exit Scam

by

Russian Crypto Exchange Shuts Down Amid Accusations of Exit Scam

The Russian cryptocurrency exchange Livecoin has shut down amid accusations that it has pulled an exit scam. Customers are unable to withdraw their funds and have been asked to provide extensive identifying information which they fear would lead to identity theft. The exchange claims that it was hacked in December.

Livecoin Crypto Exchange Closes Down

The Russian cryptocurrency exchange Livecoin announced Saturday the decision to close down its platform.

The exchange claimed in December that it was hacked. As news.Bitcoin.com reported, hackers supposedly manipulated the prices of several major cryptocurrencies, including bitcoin whose price shot up to $500K on the platform. Since the incident, users have been trying to get their funds out of the exchange with no success, which has led many to believe that the platform’s operator pulled an exit scam.

The announcement, posted on the Livecoin website in English and Russian on Saturday, reads:

Our service has been damaged hard in technical and financial way. There is no way to continue operative business in these conditions, so we take a hard decision to close the business and paying the remaining funds to clients.

‘Suspect’ Requirements to Get Money Back

To receive a refund, customers have been asked to send a request with their name and registration date to an email address provided by Livecoin. Users have two months to file a claim, and March 17 will be the last date that requests will be accepted.

Once customers email the initial request, the exchange says they will receive “detailed instructions” on how to verify their claims. Livecoin stated that payments will only be sent after customers pass a “verification procedure.” While some users insist that Livecoin never replied to their emails, those who received an email back have shared the verification procedure on social media, which has seven steps for customers to complete in order to qualify for a refund.

The first is for users to provide details of their first deposit on the exchange. One user argued, “My account is from 2017, it is impossible to know my first deposit.” Many others share the dilemma, emphasizing that they can no longer log into their Livecoin accounts.

In addition, customers must provide a “high resolution scan” of their passport or identity card, proof of address, detailed information of the device used to log into the Livecoin account, as well as details of the origin of their funds. Furthermore, the exchange also asked for a “Selfie with opened passport of identity card” and a video verification.

Russian Crypto Exchange Shuts Down Amid Accusations of Exit Scam
Livecoin’s “verification procedure” shared by a user on Twitter.

Users Cry Exit Scam and Possibly Identity Theft

One user tweeted to Livecoin: “I got [the] email but why [are] you asking [for] too much documents like you want to open a bank account with my name. I can’t understand why you are doing this.”

Another voiced the same concern, asking Livecoin, “Why do you collect so much data for a refund?” adding that with such data anyone can take out large loans. A third opined, “they ask too much and some unnecessary info which is suspicious.” A fourth user wrote:

This information they ask for is suspect, virtually no user will be able to recover their funds with this information.

Livecoin’s customers on Twitter are angry and worried that they will not be able to get their money back from the exchange. Furthermore, adding insult to injury, Livecoin’s notice warns: “In case of abuse and threats in conversation, the claim can be declined.” One Twitter user concluded:

They exit scammed … our money is gone forever and they want our identities too, to get loans with those.

Do you think this exchange is pulling an exit scam? Let us know in the comments section below.

Crypto Exchange Owner Sentenced to 10 Years in Prison for Multimillion-Dollar Scheme to Defraud Americans

by

Crypto Exchange Owner Sentenced to 10 Years in Prison for Multimillion-Dollar Scheme to Defraud Americans

The U.S. has sentenced a cryptocurrency exchange owner to 10 years in prison. He “knowingly and intentionally engaged in business practices designed to both assist fraudsters in laundering the proceeds of their fraud and to shield himself from criminal liability,” the Department of Justice alleges.

Crypto Exchange Owner Sentenced to 10 Years in Prison

The U.S. Department of Justice (DOJ) announced Tuesday that a bitcoin exchange owner has been sentenced to 121 months in prison “for his role in a transnational and multimillion-dollar scheme to defraud American victims.”

Following his conviction in September last year, Rossen G. Iossifov was sentenced “for conspiracy to commit a Racketeer Influenced and Corrupt Organizations Act (RICO) offense and conspiracy to commit money laundering.”

Crypto Exchange Owner Sentenced to 10 Years in Prison for Multimillion-Dollar Scheme to Defraud Americans

The DOJ explained that the 53-year-old Bulgarian national owned and managed a cryptocurrency exchange headquartered in Sofia, Bulgaria, called RG Coins. Allegedly, he “knowingly and intentionally engaged in business practices designed to both assist fraudsters in laundering the proceeds of their fraud and to shield himself from criminal liability.” The Department of Justice claimed that at least five of his principal clients “were Romanian scammers, who belonged to a criminal enterprise known in court records as the Alexandria (Romania) Online Auction Fraud (AOAF) Network.”

Iossifov and his co-conspirators “engaged in a large-scale scheme of online auction fraud that victimized at least 900 Americans,” the DOJ detailed, adding that once victims sent payment:

The conspiracy engaged in a complicated money laundering scheme wherein domestic associates would accept victim funds, convert these funds to cryptocurrency, and transfer proceeds in the form of cryptocurrency to foreign-based money launderers.

“Iossifov was one such foreign-based money launderer who facilitated this final step in the scheme,” the DOJ noted.

The Department of Justice further alleged that “Iossifov designed his business to cater to criminal enterprises by, for instance, providing more favorable exchange rates to members of the AOAF Network,” elaborating:

Iossifov also allowed his criminal clients to conduct cryptocurrency exchanges for cash without requiring any identification or documentation to show the source of funds, despite his representations to the contrary to the major bitcoin exchanges that supported his business.

According to the DOJ, Iossifov laundered nearly $5 million in cryptocurrency for four scammers in less than three years. He also defrauded over $7 million from American victims and made over $184,000 in proceeds from these transactions.

What do you think about this case? Let us know in the comments section below.

A Commentary On FinCEN’s Proposed KYC Requirements

by

Policy Division

Financial Crimes Enforcement Network

P.O. Box 39

Vienna, VA 22183

FinCEN Docket No. FINCEN-2020-0020, RIN 1506-AB47

January 4, 2020

Dear Sir or Madam,

The proposed regulations on currency transaction reports and record-keeping seem to require that banks and money services businesses (MSBs) be able to prove that an identified counterparty to a transaction indeed owns one or more particular cryptocurrency addresses, when that counterparty uses an unhosted wallet and the transaction is over $3,000 in value. (The $3,000 mark would invoke the record-keeping requirement, while the $10,000 mark would also invoke the currency transaction report requirement.)

The proposal makes no explicit distinction between withdrawals and deposits, so I assume that the aforementioned proof of ownership requirement would apply to both types of transactions if they exceed $3,000 and involve a counterparty with an unhosted wallet. 

From here on out, I will call any procedure or measure that attempts to prove the ownership connection between a counterparty’s identity and one or more cryptocurrency addresses, as an “address verification procedure.” I will refer to the general process itself as “address verification.” 

In my country of residence, the Netherlands, the central bank rushed through address verification last fall for those transactions from exchanges and custodians which involve withdrawals to an unhosted wallet. By contrast to your proposal, address verification is required in the Netherlands on withdrawals in these cases regardless of the transaction value. Address verification is not a requirement for deposits from an unhosted wallet. 

As a long-time consultant and educator within the cryptocurrency ecosystem, I have given extensive consideration to the practicality and desirability of address verification in light of the measures that have recently been taken by the Dutch central bank (De Nederlandsche Bank NV). And I want to share with you my thoughts on these matters.   

Overall, my conviction is that address verification is unlikely to be very productive in fighting financial crime, and that it carries significant costs to commerce and innovation, and customer privacy and security. 

In this letter, I would like to set out why I am so skeptical of the practice of address verification and why I deem your proposal unworkable and disproportionate. Before starting, I would like to make three comments regarding the scope of my critical feedback. 

First, neither from your proposal nor from any additional commentary on your part have I been able to ascertain exactly what types of measures you propose for address verification. I would assume, however, that you have in mind similar procedures as those that are currently recommended by the central bank in the Netherlands to our custodians and exchanges.

Hence, I will take its suggested procedures as a guideline for formulating my criticisms of address verification. These suggested procedures are as follows:

  • For customers to take screenshots of their wallets with the destination address
  • For the customer and the business to video conference during the transaction
  • For customers to digitally sign the destination address with the associated private key 
  • For customers to return a little of the bitcoin they have received to the exchange or custodian
  • For the business to supply the customer with an address (presumably by possessing an extended public key of the former)

Second, I will limit my examples to cases in which money is withdrawn to an unhosted wallet. The same criticisms can be leveraged against the case in which money is deposited from an unhosted wallet. In fact, address verification is an even bigger practical problem in the case of deposits, as cryptocurrency transactions typically involve multiple unspent transaction outputs as their inputs (meaning that you would have to connect an identified counterparty to multiple addresses, not just one). 

Third, your regulation also proposes address verification in cases where the counterparty’s wallet is hosted, but the bank or MSB of which the counterparty is a client is located in certain foreign jurisdictions. I only restrict my commentary to cases in which the counterparty uses an unhosted wallet. 

Unproductive In The Fight Against Financial Crimes

The proposal intends for address verification to combat a wide variety of financial crimes. In the executive summary, for example, the proposal states:

As explained further below, U.S. authorities have found that malign actors are increasingly using CVC to facilitate international terrorist financing, weapons proliferation, sanctions evasion, and transactional money laundering, as well as to buy and sell controlled substances, stolen and fraudulent identification documents and access devices, counterfeit goods, malware and other computer hacking tools, firearms, and toxic chemics. In addition, ransomware attacks and associated demands for payment, which are almost exclusively denominated in CVC, are increasing in severity, and the G7 has specifically noted concern regarding ransomware attacks ‘in light of malicious actors targeting critical sectors amid the COVID-19 pandemic. 

I cannot possibly discuss address verification procedures with regards to all of these crimes. So, instead, I will just limit my discussions to some financial crimes that are at least a major part of the concerns with these proposed regulations: money laundering, terrorist financing and sanctions evasion. 

These are structurally very similar crimes, even though they differ in terms of their legal underpinnings and substances. And address verification procedures are going to have little effect on combating them for the same reasons, in my opinion. 

Suppose, for example, that the customer of an exchange is intent on laundering money for a drug cartel via bitcoin, and that the exchange implements address verification by having customers take screenshots of their wallets. How exactly would this stop the customer from participating in money laundering activities? 

The customer could easily circumvent the requirement in the following manner: 

  • Create an address in their own wallet and take a screenshot. After the exchange confirms the transaction and the customer receives the bitcoin, they can transfer them to the criminal organization. 
  • Receive an address directly belonging to the criminal organization and incorporate it into a watch-only wallet. The customer takes a screenshot of this watch-only wallet and the destination address. The exchange confirms the screenshot, and directly transfers the bitcoin to the criminal organization. The customer never has access to the bitcoin. 
  • Receive an address directly belonging to the criminal organization and create a fake screenshot, such as with the Bitcoin Wallet Screenshot Generator. The exchange confirms the customer’s screenshot, and sends the bitcoin directly to the criminal organization. The customer never has access to the bitcoin.

Sometimes customers are tricked into being money mules, rather than intentionally supporting a criminal organization. Even for such customers, however, it would not really change much about my reflections above. If a customer can be tricked into becoming a mule for a criminal organization, it is unclear how a screenshot might help prevent their stupidity.

And these conclusions can be made more generally about most other address verification procedures. I didn’t just cherry pick the screenshot implementation of address verification. Many other practical implementations — such as making digital signatures or sending back some of the funds — would experience a similar level of fecklessness. 

Overall, address verification procedures really seem to offer no additional tangible benefits with regards to combating money laundering, terrorist financing and sanction evasion when standard customer due diligence and transaction monitoring procedures are in place. 

I am not much convinced that address verification fights other types of financial crime well either, at least not in any way that could not also be done in a less invasive manner. I believe the comments above are enough to show the types of effectiveness problems address verification will experience in practice. 

The Costs Of Address Verification Procedures

Address verification also comes with significant costs. Precisely what these costs are will depend on the exact measures taken by the banks and MSBs that have to implement it. But I want to emphasize two major concerns that, to different degrees, will probably apply to some extent for any practical implementation of address verification.    

First, address verification procedures present a hurdle to commerce and innovation. 

Suppose, for instance, that an exchange required all counterparties to draw a connection between their identity and their cryptocurrency address(es) on an unhosted wallet via a digital signature over the address(es). (I set aside for the moment the concern that this would be an ineffective proof of anything.) 

Most customers have no idea how to make digital signatures and this will create an overload of customer complaints and requests. It would also require customers to obtain software and hardware that could relatively safely allow them to make these digital signatures. A lot of business will probably be lost as a consequence of the chaos of implementing such an address verification procedure. 

Some possible implementations of address verification, of course, might be slightly less invasive to commerce, such as a screenshot of a wallet (again setting aside the concern that this would be ineffective proof of anything). But even here, we have to recognize that some costs or complications to commerce and innovation will materialize. 

For instance, as cryptocurrencies are programmable, you can also send them to addresses governed by decentralized protocols, not human beings. While these decentralized protocols are largely experimentation at the moment, they may prove to have very interesting and valuable use cases. 

But how exactly could these decentralized protocols fit into the proposed address verification requirement? 

In my view, the proposed regulations cannot accommodate this kind of use case: decentralized protocols do not have identities or physical addresses after all. So, even a relatively simple measure to implement address verification by a bank or MSB, such as a wallet screenshot, will have negative consequences to commerce and innovation. 

Second, address verification is likely to hurt customer privacy and security. I will just run through a couple of the possible implementations to make the point. 

To start, a screenshot reveals what type of wallet a customer is using and potentially further information, potentially about the type of operating system or device. A video conference will reveal even more about the customer’s personal storage arrangements. 

This type of information is very dangerous in the wrong hands. We do not ask customers of precious metal merchants where they store their gold and silver. So why do this with bitcoin customers? 

While I recognize that bitcoin is much more liquid and introduces additional risks with regards to financial crimes, the higher the risks for customer privacy and security are in my opinion not proportionally weighed with address verification procedures. 

Another likely candidate for address verification is making a digital signature over the counterparty’s address. It is a well-established best practice within the Bitcoin industry that you only reveal your public key when making a transaction (hence, why you should only use an address once). This type of measure would directly contravene industry best practices. 

Conclusion

In conclusion, I am doubtful that address verification procedures, as required for those contexts prescribed by these regulations, will make any real contribution to fighting financial crimes. At least, I have not really seen any sound implementation of them that would make me think otherwise.

In addition, address verification procedures come with costs to commerce and innovation, and customer security and privacy. Surely these costs depend on how exactly you implement them. But costs they will have, at least in any way that I can envision their implementation.  

I, therefore, urge FinCEN to stop moving with this proposal in its current form. Any revised proposal must in my opinion answer three key questions:

  1. How exactly will address verification have to be implemented by banks and MSBs? 
  2. How exactly will those procedures for address verification combat the wide variety of financial crimes mentioned in the proposal? 
  3. What exactly will be the costs to commerce and innovation, and customer privacy and security of those address verification procedures?

Sincerely,

Jan-Willem Burgers

The author would like to thank Daan Kleiman for his critical feedback on an earlier version of this letter.

This is a guest post by Jan-Willen Burgers. Opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.

The post A Commentary On FinCEN’s Proposed KYC Requirements appeared first on Bitcoin Magazine.