With the rise of crypto prices comes an unfortunate trend: Kidnappings and extortion.
Recently, we’ve seen a surge in these events unfold.
There was the high-profile case of Ledger co-founder David Balland and his partner being abducted earlier this year, with the kidnappers seeking a ransom between five million and seven million euros (roughly $5.7 million to $8 million).
There was another case last month involving an Italian man who was allegedly extorted and kept for weeks inside a Manhattan apartment.
Two perpetrators have turned themselves in to the police, facing several charges.
While the news coverage of these events has faded for now, as crypto prices continue rising, particularly for those holding Bitcoin, expect more of these incidents to occur in the coming years.
Thus, there is an increasing demand for security services and bodyguards, which will grow as more newly minted crypto multimillionaires emerge.
Still, the risk of being kidnapped is only part of the problem. Another, more common issue that needs to be addressed is anti-money laundering (AML) and knowing your customer (KYC) regulations.
While broadcasting transactions on a permissionless (public) blockchain offers far more transparency than conventional ledgers, this comes at the expense of user privacy and places a larger onus on these exchanges, not to mention people needing to have faith in them safeguarding user data at all times.
However, we don’t live in an ideal world; as with many things, one bad egg or a lapse in concentration (e.g., the Bybit exploit in February) can ruin things for
https://t.co/evpIBMFvRW pic.twitter.com/f6UPdkL5R0
— Brian Armstrong (@brian_armstrong) May 15, 2025
most people.
Last month, criminals compromised someone who was contracted to work for Coinbase. They bribed this worker in exchange for customer data, including sensitive details such as addresses, phone numbers, etc.
This affected approximately 70,000 clients, and the perpetrators demanded a $20 million ransom from the exchange.
Following this, Coinbase CEO Brian Armstrong released a video saying that the company will relocate some of its operations and offer a $20 million bounty instead of paying the ransom.
Even with the most robust measures, there will always be a security risk, particularly when serious money is involved, as exchanges outsource (some) customer service jobs to countries with significantly lower wages and salaries.
That’s the unfortunate reality: you’ll get someone willing to give up sensitive data for life-changing money.
In partial defence of publicly-listed exchanges, they have shareholders to appease, and they’re replicating what most multinational corporations do across many sectors.
These events beg the following questions:
1) Have KYC AML regulations gone too far?
2) Do these cause more harm than good overall?
3) What are the alternatives?
Regarding the first question, I believe they’re beginning to.
While stricter ID checks make it significantly harder to make and launder illicit gains through (centralised) crypto exchanges, it poses security risks for unsuspecting law-abiding citizens who have amassed significant fortunes in this asset class.
Savvy cybercriminals take advantage of the transparency offered by public blockchains by noting transaction trails to determine how much BTC, ETH, or altcoins someone owns, making them targets for extortion.
Thus, regulators have underestimated the impact this has had on many people wanting to legally profit from this (still) nascent asset class. Many of these lawmakers have failed to account for information leaks and stolen funds from crypto exchanges, such as in the Coinbase case.
Before continuing, it’s important not to single out Coinbase. Several exchanges, big and small, have fallen prey to hackers. Ledger, which also had data leaks and a PR disaster in 2023, shared a timeline of crypto hacks involving centralised exchanges.
This is less likely to occur in other asset classes where user data is relatively more protected, i.e., not publicly available, at least not at an individual level for retail investors, unlike with crypto.
Do these cause more harm than good?
While many crypto investors welcome some regulations and monitoring, I’m worried we’re going from one extreme, of no regulations, as was the case in Bitcoin/crypto’s early days, to another.
Most law-abiding citizens need to bear the brunt of this regulatory overreach because of a small number of unscrupulous people.
For context, illegal activity represented about 0.4% of the total transaction volume of digital assets in 2023. This figure also includes stablecoins, which have accounted for more than half of this in recent years.
Some might argue that the increasing amount of KYC AML regulations in crypto means that there could be stronger consumer protections in the event of theft.
However, this defeats Bitcoin’s original purpose: many users want self-custody instead of depending on a de facto crypto bank. On the other hand, some couldn’t care less and are solely focused on making money from these digital assets.
Another cost of harming crypto investors can never be accurately quantified: the added stress associated with the risk of falling victim to a crypto scam or a potential extortion attempt.
What is currently a modest USD value of one’s digital asset portfolio could one day lead to a significant windfall…and heightened attention by blockchain sleuths.
Mind you, it’s a balancing act between being vigilant and obsessing over possible risks.
What are the alternatives to conventional KYC AML processes?
zk-SNARK (zero-knowledge succinct non-interactive argument of knowledge) technology is one of the most discussed privacy features across various networks that could be incorporated into doing user ID and related checks.
You might also know these as zero-knowledge proofs.
Put simply, it allows one party to confirm that they have a piece of information (for example, a password) without ever revealing it or communicating with the other party to verify this.
Check out this Where’s Waldo/Wally analogy from ChatGPT that provides a simple breakdown of the zk-SNARK ideas.
Could ZK proofs be the answer?
No, at least not yet. Unless we get a breakthrough in this aspect of cryptography, we won’t see ZK proofs deployed for KYC AML anytime soon.
Regarding this technology for verifying customer data, even if a zero-knowledge proof (ZKP) shows that this person is over 18, can demonstrate they’re a local resident (for tax purposes), and is not on a sanctions list, regulators often still need to see the actual data behind the proof for audits, law enforcement, or risk checks.
Moreover, ensuring compliance with state or national regulations is an ongoing process. ZK proofs are generally better for confirming one-off information than ongoing monitoring and establishing a data trail, among other shortcomings, as Forbes outlines.
Fortunately, with the rapid rise of machine learning and AI overall, which is advancing at breakneck speed, it could work with ZKPs to point out potential customer ID problems without keeping personal data for a long time.
For a deeper dive, I recommend this blog post from Zyphe, a compliance platform specialising in KYC, AML, and Know Your Business (KYC) across global markets.
What other measures could exchanges take?
For starters, I want to see an easier signup process, particularly for casual crypto traders. For example, I would like an alternative to doing a selfie check while holding one’s ID.
When I signed up for Swyftx, a popular Australian-based crypto exchange in 2021, it was the first time I noticed that it didn’t request a passport photo or a selfie holding an ID. All it needed was a passport number, my full name, and other details (I don’t remember exactly).
I don’t know if this has changed, but I haven’t been asked to display any ID since getting verified.
So, it has been possible to do KYC AML for years without revealing one’s face or scanning through important documents.
I acknowledge that exchanges have several tiers of customer verification, requiring the disclosure of varying amounts of personal data.
These centralised custodians will still need to gather and store some details, but I advocate a less intrusive process.
There is already comprehensive surveillance across (almost) every aspect of our daily life. High-res video cameras, biometrics, facial recognition technology, and data harvesting/phone tracking by government departments are some of the most prolific examples.
An asset class that was once the ideal alternative to traditional finance, particularly the banking system, has now become an increasingly regulated industry; too much, in many people’s eyes.
Regulated exchanges verify customer data with government departments across different countries: FinCEN (USA), FCA (UK), AUSTRAC (Australia), and internationally via organisations such as the FATF (Financial Action Task Force), which sets global standards on AML and counter-terrorism financing (CTF).
Furthermore, with blockchain analysis firms such as Chainalysis, CipherTrace, Crystal Blockchain, and Coinfirm, there’s no shortage of law enforcement and AML products for 24/7 surveillance.
By now, if a government wants to track you down, they’ll almost certainly find you, unless you’ve managed to escape to a nation that doesn’t have a bilateral extradition treaty or has no/poor relations with your host country, thinking of the US in particular.
Additional thoughts
Is it time to overhaul KYC in crypto?
Yes, at least from a consumer protection standpoint.
Governments should enforce strict penalties for crypto exchanges and other centralised custodians that leak sensitive details due to negligence, while ensuring adequate compliance with KYC and AML regulations to stop criminal activities and not burden law-abiding citizens.
Mind you, most of us are sceptical of the idea of (big) companies being held accountable. If anything, they’ll get a slap on the wrist, particularly if they’re on good terms with policymakers and elected officials.
A more practical system of checks and balances is ultimately better for these businesses and BTC/crypto holders.
Why? Because a sizeable portion of the population wants to buy BTC and altcoins directly (not via a spot ETF) without having to deal with self-custody.
I get it: Not your keys, not your crypto.
As a reminder, many, unfortunately, don’t care about this.
They want to have their cake and eat it.
If these individuals see that regulators are implementing sensible rules to scale back the sensitive data collected, improve consumer safeguards, and enforce harsh penalties for careless exchanges, they will be more inclined to get (further) involved in this asset class.
What else can you do to enhance privacy when transacting in Bitcoin?
For those who primarily or exclusively deal with BTC without using centralised exchanges, here are some tips on remaining safe.
It’s strongly advised not to reuse wallet addresses.
Why? Doing so makes it easier for hackers to work out your transaction history and link addresses to a particular wallet and person.
From a privacy perspective, having newly mined Bitcoin sent directly to a brand-new non-custodial wallet is ideal.
Unfortunately, this is much harder nowadays as the current Bitcoin block reward is 3.125 every 10 minutes, translating to 450 BTC mined daily, as opposed to 7,200 coins minted per day in its early years.
It will become increasingly difficult to obtain freshly mined BTC, also known as “virgin Bitcoin,” sourced directly from miners.
We’ve mined 94.6% of the max supply in 16 years. The remaining 5.4% will take another ~115 years to mine.
Affiliate link
If you’d like to purchase a Trezor product, please use the following link to help support my channel. I receive a small commission per sale at no additional cost.
You might also be interested in these stories:
Disclaimers
• This blog post is for informational purposes only. It is not financial, legal, or investment advice. You are ultimately responsible for your decisions.
• My opinions in this piece may not reflect those of any news outlet, person, organisation, or entity listed here.
•Please do your own research before investing in any cryptocurrency assets, staking, NFTs, or other products associated with this space.
Featured image from chajamp at Freepik.