‘Horrendous’ KYC risks on show as website detailing Celsius users’ losses goes live
Celsius users could be at risk of violence and robbery following the public release of personal data as part of the firm's bankruptcy process.
Angel investor Stephen Cole labeled a website providing searchable data on Celsius users’ losses “a perfectly horrendous illustration of the risks of KYC.”
CeFi lender Celsius filed for Chapter 11 bankruptcy on July 13, following liquidity problems triggered by the Terra ecosystem implosion. It later emerged that the firm was engaged in high-risk trading strategies, resulting in heavy losses.
As part of its bankruptcy procedure, the firm recently filed a 14,000-page document listing creditors’ details, including information on its users. The document has since been removed.
In response, many in the crypto community blasted the move, with some accusing the CeFi lender of intentionally doxing users.
The outcry has extended to a discussion around the reasonableness of complying with Know Your Customer (KYC) requirements.
U.S. bankruptcy procedures
Under Chapter 11 bankruptcy rules, a “Creditor Matrix,” or list of creditors’ names and addresses, is required for public record. The court uses this to send notices and claims data for an open and transparent bankruptcy process.
In respect of Celsius users, the document showed names, coin quantity, and coin value, among other details. However, addresses were redacted at the company’s request.
Nonetheless, some pointed out that the information could be cross-referenced with details from the Ledger leak to identify and target specific crypto holders.
Celsius x Ledger leaks are great for anyone looking for easy $5 wrench attack targets
Export 14k pages of names from the Celsius, then match names with 250k names from the Ledger leak
You now have a full name, address, email, phone number, and financial info of a LOT of people
— fbslo (@fbsloXBT) October 7, 2022
In December 2020, data belonging to Ledger hardware wallet customers was leaked to a hacking website. The data included names, postal addresses, phone numbers, and emails. At the time, some victims reported being threatened via phone and email.
Fears are Celsius users could face the threat of violence and robbery following the “doxing” and the subsequent rollout of a searchable website showing balances held with the firm.
https://t.co/xGOP9tUhIU pic.twitter.com/TYDVMukpbK
— Jesse Peltan (@JessePeltan) October 7, 2022
How accurate is the website?
Twitter user @charlestrussel posted a screengrab of the top 10 most considerable balances held with Celsius – it showed that the most significant individual loss was $40.7 million.
holy moly pic.twitter.com/Fnao3UY2V7
— chortly (@charlestrussel) October 9, 2022
Interestingly, according to the website, former Celsius CEO Alex Mashinsky was shown as losing $15,000, a relatively small sum given the scale of losses.
However, @former68w chimed in to say, having searched himself, it appears the website is not accurate. He concluded that either the documents filed with the court were fraudulent or there was an error in the compilation of data on the website. Another explanation is that Celsius’ records are not up to date.
This website isn't accurate. I had a Celsius account in 2018. Closed the account years ago. Website says I lost a few hundred $? Cannot be accurate.
Either Celsius filed fraudulent documents to the court or the website operators used the wrong data.
— deprecated (@former68w) October 9, 2022
Others have expressed similar inaccuracies, which casts doubt on the precision of the creditor payout process.