Blockfi sent emails to customers today stating “On Friday, March 18, 2022, one of BlockFi’s third-party vendors, Hubspot, confirmed that an unauthorized third-party gained access to a portion of their client data, including certain BlockFi client data housed on their platform”.
While Blockfi emphasized that client funds remain safe, this type of data leak is not reassuring for a company holding users’ bitcoin.
BlockFi ensured passwords, social security numbers and any government issued IDs number were never stored on Hubspot. However, this leak included customers’ names, email addresses and phone numbers.
This leak comes after a string of recent leaks on other centralized exchanges/services including Swan Bitcoin and Unchained Capital.
Swan Bitcoin’s leak included: names, email addresses, account type, phone numbers and company names. While Unchained Capital included: names, usernames, email addresses, whether accounts were active or inactive and IP addresses.
“You may also imagine a scenario where this data is leaked to the public. This opens up the risk of theft and extortion.”
I can imagine leaks like this to continue into the future, especially as bitcoin’s price continues it’s ascent.
The issue with KYC in bitcoin is that it forces the user of a decentralized bearer-asset to trust the safety of their data onto a third party. However, this issue isn’t only limited to forced KYC. Excessive marketing is also at fault here. Bitcoin companies use services like Hubspot to remonetize existing customers through email marketing.
Further, we have mentioned poor practices by Blockfi in the past. Aside from being a centralized honeypot and having their data leaked previously, their risk strategies for generating yield should also be scrutinized. They have also censored coinjoined bitcoin.
Overall, the stakes are much higher in this space and we should be mindful about giving our data up to honeypots. We will continue to explore improving privacy practices and best practices with bitcoin here on this site.