I’m disappointed in Coinbase.. Sorry for the rant.

Long time user of 8+ years and admittedly a strong former advocate of Coinbase on their sub. I’ve been a part of many data leaks in the past, nothing new. But this one in particular isn’t sitting well with me. Photo ID’s, account balance information, masked socials and bank information including account numbers, transaction history, home addresses, and phone numbers – all floating around on the dark web as a result of their eagerness to cut corners and outsource/offshore customer service and handling of sensitive information. The real price of cost cutting at the end – your users personal privacy, safety, future financial well being. KYC should be outlawed. It is one of the most dystopian, discriminatory, and privacy invasive practices that exists in our country, especially biometric KYC. And Coinbase especially, has one of the most aggressive applications of KYC.

When presented with the option to pay a ransom to prevent public disclosure of sensitive customer information, they chose to cover their own ass and not pay the ransom at the expense of exposing their users sensitive information. Oh look, they've setup a relief fund for pig butchering scam victims. Great. But what about the long term impact of the leaked data? For those affected by the leak and never engaged in any scams, practiced good online security hygiene, you are now essentially compromised for life. The consequences of this are far reaching and will cause long lasting harm. Just because funds, passwords, and seed phrases weren’t accessed doesn’t lessen the gravity of the situation. Social engineering scams aren’t the only form of identity theft. With the information that’s been leaked, bad actors now have the resources available to open accounts/credit lines in your name, gain access to current bank accounts, gain control over mobile service, or worse – they have available the perfect target list of mid to high net worth individuals and their place of residence complete with their photo ID, funds available, list of bank accounts and home addresses. And the special bonus – you get to look forward to non-stop spam texts, calls and emails.

For the first time in eight years, I made a decision to move my USD/USDC balance and portfolio off of Coinbase, and I’d imagine I’m not the only one. Not because I fell for any scam, or fear of more data leaks (hell, they’ve already leaked basically everything), but because I have a DEEP mistrust in their ability to guarantee withdrawals during a bank run event. If you’re storing a large USD balance on Coinbase, consider the publicity shit storm that's ahead. Apart from the SEC investigation involving falsely reported user metrics, there are now various (I counted six) class action law firms pointing their crosshairs at Coinbase as a result of the leak. I don't know what type of teeth they have in their user agreements to protect them against class actions, but I’d rather be on the safe side and pull funds now, than find myself in a situation similar to those who experienced the FTX, Celsius, etc. debacle.

Sorry for the long rant. I’m frustrated that time after time these companies overreach in their data collection and blatantly end up mishandling that data, having it fall in the hands of some third world hacker group that will sell it to the next highest bidder and so forth. If they’re going to enforce KYC, they should also be required to store sensitive data and employ customer service representatives domestically, and be required to report leaks the moment they happen (not four months later). Companies that ask for KYC and end up compromised should be held accountable, executives should be criminally charged.