Crypto exchanges and KYC: who can be trusted with a passport and home address


  • Crypto exchanges collect more than a dozen different data about the user

  • User data is encrypted with the most advanced encryption methods

  • Limited access to the data warehouse

International consortium of news organizations developing transparency standards.

For the second year in the cryptocurrency market, the controversy around the Fifth Directive, created with the support of the FATF, has not abated. It obliges users of digital currencies to go through the identification procedure. BeInCrypto editors figured out which exchanges reliably store user data.

The recent story with WhatsApp has raised another wave of controversy about the protection of personal information that users transmit to companies when they go through the KYC procedure. For cryptocurrency traders, this is a mandatory stage, without which they will not start working on a cryptocurrency exchange..

BISQ – Buy + Sell Bitcoin NO KYC, NO ID!

According to the International Organization for the Fight against Money Laundering (FATF), these measures will help prevent financial crimes and prevent sponsoring terrorism. However, by providing information about himself to crypto platforms, the user risks his own money, because in the event of a data leak or theft, fraudsters will have copies of a passport, a key to a crypto wallet and much more..

How To Buy Bitcoin Anonymously – No KYC or ID Check Required

Why do exchanges need to “know their client”

A few years ago, most cryptocurrency exchanges were completely anonymous and did not require users to go through the KYC (know your customer) procedure. At the same time, a huge number of cases of money laundering through cryptocurrencies were registered on the market, and a black market was actively developing, where with the help of digital coins it was possible to buy drugs, computer viruses, smuggled jewelry, illegal drugs and much more..

According to Chainalysis research, in 2020 about 1 million bitcoins were rotating in the darknet space, of which 300 thousand BTC are coins that were stolen from users’ wallets or crypto exchanges. For comparison, in 2017, this figure was 22% higher. The decline in the darknet market is largely due to the introduction of the KYC procedure, which became an integral part of the Fifth Anti-Money Laundering Directive (5AMLD), adopted worldwide on January 10, 2020.

It became much more difficult for crypto scammers to withdraw funds from exchanges or launder money using cryptocurrency, since the trading platform had the user’s personal data, including a copy of the passport or identity documents. If suspicions arose, supervisory and regulatory authorities could easily identify a potential criminal and bring to justice.

The introduction of the KYC procedure was initially not welcomed either by the users themselves or by crypto-exchanges, who claimed that identification was contrary to the nature of the blockchain – anonymity. Constant leaks of customer data add fuel to the fire. So, in December 2019, the Poloniex exchange announced a large-scale leak of users’ personal information. And at the end of 2020, hackers stole more than 1 million email addresses from Ledger..

How to go through the KYC procedure

In fact, there is nothing complicated in the KYC procedure, and you can go through it in just a few minutes, especially at the initial stages, if you are not going to withdraw large amounts from the site.

Despite the fact that each exchange has its own requirements, in general, the procedure is similar and fits into several standard steps.

  1. For a start, most likely, you will have to confirm that the user is over 18 years old, otherwise crypto trading will be completely banned.

2. Then you need to agree to the Privacy Policy and Terms of Use.

3. Select the country of registration and residence, as well as upload a copy of your passport or other identity document.

4. Then you need to take a photo from your phone or computer camera. Sometimes exchanges require you to photograph yourself with your passport.

5. Finally, agree to the processing of the data and submit it for review. Verification completed.

Consider the requirements of cryptocurrency exchanges for users and also analyze where and how trading platforms store information.


The largest cryptocurrency exchange Binance uses the KYC procedure in part. For example, traders on a spot platform can withdraw up to 2 BTC per day without going through identification. However, these rules do not apply to US citizens and residents.. 

To take full advantage of all Binance’s capabilities, customers must complete the KYC process and provide the following data:

  • full name and surname;
  • indicate nationality;
  • code of the country;
  • gender;
  • signature;
  • email address;
  • utility bills;
  • home address;
  • password;

Encryption technologies such as PCI scanning and multilayer secure socket encryption may be used to transfer and store your personal information. Binance also says that access to storage facilities and buildings where servers with user data are installed has a limited number of people in order to minimize physical contact with storage devices..


Bitfinex is one of the top 5 exchanges in terms of trading volume and is registered in the British and Virgin Islands. The site is confidently included not only in the list of popular, but also in the list of “best detectives of the year”, as it collects a huge array of customer data from various sources.

According to the “Privacy Policy”, the cryptocurrency exchange stores data such as personal data specified during registration, including data provided by the KYC procedure, transaction history, history of payments and purchases of the LEO token, correspondence with the support service and other exchange services, any messages created in Bitfinex Pulse.

In addition, the exchange collects IP addresses, browser type and version, time zones, operating system and modules type, platform visit date and time, all user actions, including page views, button clicks, mouse movements on the monitor screen, and much more..

At the same time, the company does not explain exactly how user data is protected from hacking and where it is stored. The developers only dryly explained that a limited number of people will have access to information..

“However, no information system can be 100% secure. Therefore, we cannot guarantee the absolute security of your information. In addition, we are not responsible for the security of information that you transmit to us over networks that we do not control, including the Internet and wireless networks, “- explained in the” Privacy Policy “.


Cryptocurrency exchange OKEX, with a daily trading volume of $ 11.5 million, made headlines after the arrest of one of the platform’s founders. As a reminder, the exchange froze withdrawals after OKEx founder Star Xu was arrested by law enforcement agencies. Note that Xu had access to the private keys of the wallets where the users’ funds were stored..

After the incident, the exchange intends not only to make copies of private keys, but also to tighten the requirements for using the platform. In accordance with the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act, the exchange collects and stores the following list of data:

  • E-mail address
  • Telephone number
  • Full legal name (including former name and local language names)
  • Nationality
  • Passport number or any government issued identification number.
  • Date of birth (“DOB”)
  • Proof of identity (such as a passport, driver’s license, or government issued ID)
  • Residence address
  • Proof of residence
  • Additional personal information or documentation at the discretion of our compliance team

The company also talked about information protection methods.

“We are taking various measures to ensure information security, including encrypting OKEx messages using SSL, two-factor authentication for all sessions, and others. Company employees have limited access to your personal data, ”the document says..

Crypto exchanges and KYC: who can be trusted with a passport and home address


KickEX, a cryptocurrency exchange with Russian roots, is licensed in Estonia and operates in accordance with all the requirements of the regulator. Exchange users must go through the mandatory KYC procedure when withdrawing funds up to 1000 euros. In all other cases, the user is obliged to indicate the full name and surname, country of residence and actual address, confirm his email address, and also provide scanned copies of an identity document (passport or other document).

The collected data will be stored in the European Economic Area (EEA) and can be provided to third parties only if the recipient country guarantees the safety and confidentiality of the information received.

In addition, the developers of the exchange paid special attention to the safety of data in order to prevent leaks. To do this, the company uses PCI scanning, Transport Layer Security (TLS) encryption technology, pseudonymization, internal restrictions on data access, and strict controls on physical access to buildings and files. This allows you to reliably protect user information from external hacker attacks.

“Now we have a simplified version of KYC on our exchange – users can conduct transactions and not go through KYC up to certain limits, and we see how users have become easier to relate to this. KYC is becoming an accepted measure and norm. Users understand that, first of all, it is their own safety. If they lose access or 2FA, with KYC they can confirm their account and restore it, “says KickEx CEO Anri Danilevsky. 


Following massive data breach, Poloniex founders pledge to improve data protection to minimize the likelihood of hacker attacks.

The updated Privacy Policy states that the exchange collects and stores information such as the user’s first and last name, email and postal address, date of birth, government issued ID, tax ID, identification information, photos, company name and password … In addition, the exchange may collect and store information about convictions, sanctions against a specific user, and more..

User information is stored on servers located in the United States, and a limited number of people have access to them. At the same time, little has been said about the methods of computer protection of information. The document states that the exchange uses encryption technology. No other details could be found.


If, nevertheless, the KYC procedure and the need to disclose your personal data bother you, you should pay attention to the StormGain platform. The cryptocurrency exchange team relied on decentralization and anonymity, refusing to collect user data. The creators of the platform claim that this approach is fully consistent with the ideology of the creator of the cryptocurrency Satoshi Nakamoto In 2009, someone (one person or a group of developers), hiding under the pseudonym Satoshi Nakamoto, revolutionized the digital … More and allows customers to guarantee complete privacy and ensure that their data does not fall into the wrong hands.

  • To start working on the exchange, you just need to indicate your phone number and email address.
  • No additional personal information and verification procedure is required. 
  • Refusal to collect personal data and document scans allows StormGain to ensure that intruders cannot access confidential information, including financial information of traders. 
  • The anonymity of the platform protects not only from hackers, but also from undue attention of regulatory authorities.

During the entire existence of StormGain, the security systems of the exchange have never been hacked, which confirms the effectiveness of the chosen strategy.


The KYC procedure requires the provision of personal data. Crypto exchange users need to take this as a fact and choose trading platforms that can minimize the amount of information collected and guarantee the protection of personal information in accordance with international and European standards..

What to look for when choosing a platform:

  • Amount of data required.
  • Information storage and protection technologies.
  • Liability of the exchange to users in the event of a leak.
  • Exchange hacking history.


All information contained on our website is published in good faith and objectivity, and for informational purposes only. The reader is solely responsible for any actions he takes based on the information received on our website..

Share Article

Crypto exchanges and KYC: who can be trusted with a passport and home address
Crypto exchanges and KYC: who can be trusted with a passport and home address
Crypto exchanges and KYC: who can be trusted with a passport and home address
Crypto exchanges and KYC: who can be trusted with a passport and home address

Best Crypto Exchanges Without KYC

Similar articles