Cryptocurrency

‘Kim Jong-Un’ gets approved for Gate.io crypto account

An account application under the name Kim Jong Un cleared Gate.io’s Know Your Customer (KYC) checks and was approved within minutes.

Gate.io’s KYC process comes under scrutiny

on-chain detective, Zach XBTattempted to test the hypothesis that crypto exchange accounts offer some degree of security in tracking stolen funds.

When stolen funds are sent to a cryptocurrency exchange, people assume there is a real person with a real identity associated with the account.

To expose this, he applied for a Gate.io account with the name and email address “not” Kim Jong Un.Lazarus.ZachXBT has taken a screenshot of the application approval, which indicates that they have passed KYC and are allowed to trade cryptocurrencies on the exchange.

In addition, the company’s “KYC-1” basic verification layer allowed account holders to withdraw up to 100,000 USDT daily.

It’s unclear if ZachXBT changed the identity document to get to this point. Nonetheless, the results highlight flaws in Gate.io’s application process, especially when it comes to checking names.

To underscore this point, ZachXBT describes the process as a fictitious name, a name on the Office of Foreign Assets Control (OFAC) sanctions list, and aharmony hacker” and “lazaruslover” – all approved – thus contradicting the idea that bad actors would be hesitant to use the exchange.

of Lazarus Group A group of hackers and scammers reportedly under the control of the North Korean government.

The group employs a number of tactics, including malware, such as those used in the 2017 attack. Want to cry ransomware attack. He also used social engineering, such as luring a senior Axie Infinity engineer to open a “jobs” file, after which the engineer’s computer was infected and multiple of his Axie nodes were seized.

know your customers

To meet Financial Action Task Force (FATF) compliance, crypto exchanges incorporate mandatory KYC requirements. ByBit Be the latest in line. The company announced that starting May 8, all users will be required to upload their ID.

Critics of KYC argue that the practice limits participation in cryptocurrencies. Furthermore, a malicious person has the means and know-how to easily circumvent the checks, making KYC irrelevant to him in terms of achieving his goal of stopping money laundering.

Also, as shown in ledger data breaches, July 2020, storing customer information provides hackers with additional avenues of attack. Ledger customers were intimidated and exposed after their contact information was made public.

CryptoSlate has reached out to Gate.io for comment on ZachXBT’s findings. No comments were available at press time.

Related Articles

Back to top button