Crypto app denies it leaked 17GB of KYC data, points to third party

Vietnamese users of a small-time crypto app Pi have been warned to be on the lookout for fraud.

In Vietnam, investigators linked a cache of stolen KYC data to a local crypto app, reports VnExpress.

The trove of sensitive info — 17GB in ID card data tied to 10,000 Vietnamese citizens — was recently discovered on online hacker community RaidForum. 

A cybersecurity researcher contacted the seller, who claimed to have lifted Know-Your-Customer data from crypto platform Pi Network.

  • Names, faces, phone numbers, home and email addresses were included.
  • Seller asked for $9,000 worth of Bitcoin or Litecoin.
  • Stolen KYC data shows up regularly on RaidForum.

The cybersecurity squad of Vietnam’s Ministry of Public Security (MPS) is reportedly still confirming exactly where the leak originated.

MPS chief of staff To An Xo told Hanoi Times: “More seriously, the personal data could be used by criminals to fraudulently appropriate property, forge documents to impersonate, and open a bank account.”

Third party Yoti leaked the KYC data, hints Pi

On social media, Pi Network — which says it’s based in Palo Alto — denied the data had been stolen from the company. 

Pi Network’s Justin Wu told Cointelegraph they’d run an internal check and failed to uncover evidence of any leaks. No Vietnamese ID cards were even kept on Pi Network’s servers, Wu said.

Instead, they noted Pi Network uses London-based third-party Yoti, which reportedly manages KYC processes and data for dozens of entities.

There’s currently no word on other Yoti clients potentially affected by leaks, crypto or otherwise.

Cointelegraph highlighted that Pi Network’s app rewards users with logging in and clicking a button for PI tokens.

Ads for leaked and stolen data often ends up on RaidForum.

[Read more: Data dump exposes Ledger users to fraud]

Pi Network calls this process “mining,” however employs no blockchain consensus algorithm (like Bitcoin’s Proof-of-Work). Instead, users can increase yield by bringing others onboard.

PI does not trade on any crypto exchange and is essentially worthless in its current form.

Update 11:33 UTC, May 29: A Yoti spokesperson has since contacted Protos to deny the company was responsible for the data leak.

Subheader has also been modified to clarify that Pi Network didn’t explicitly state that Yoti was responsible, and instead only deflected blame.

Prefer to listen to your news? The Protos Podcast delivers the week’s top stories every Friday.

Join our newsletter and get crypto news in your inbox

Newsletter

© 2021 Protos