This week, Celsius Network published a large document containing all customer account balances.
The move is part of the company’s ongoing restructuring process after it filed for Chapter 11 bankruptcy earlier this year. The document reflects user balances as of July 13, 2022, when the company began restructuring, and customer transactions that occurred in the 90 days prior to Chapter 11 filing, according to the company Frequently asked questions.
It’s no surprise that the release of such detailed customer data, including balances, transactions and names, has caused uproar above Twitter. That information can not only shed light on each user’s financial information, but also allow observers to analyze the blockchain and anonymously delete addresses on the chain, as the amounts and dates of transactions are stated. details in the document.
Summing it all together, it’s clear that users’ privacy has been compromised and their security compromised. But fret not (yet); This article reviews why this happens and what can be done to mitigate some of the threats if you are among the doxxed users.
Why is Celsius making this document public?
As mentioned before, this document part of Celsius’ reconstruction. Celsius is obligated to disclose customer information as part of its restructuring, based on the necessary transparency required by US law. While that usually only applies to company assets, since Celsius has seized customer assets, they are also affected.
According to one court documents, Celsius has submitted a request to have its customers’ personally identifiable information (PII) cut down through a pre-publication correction process. The lender submitted three arguments.
First, Celsius argues that a large database of consumer information is too valuable for the company to be public. Doing so would “significantly reduce the value of the client listing as an asset in any potential future property sale,” the company stated.
Second, Celsius makes the argument that, if a customer’s PII is disclosed, they could become the target of “identity theft, extortion, harassment, stalking, and deception,” according to the document. court data.
Finally, the crypto lender argued that since many of its clients reside in different jurisdictions around the world, disclosing their PII could “reveal [Celsius] for potential civil liability and substantial financial penalties. The document specifically notes the UK General Data Protection Regulation (UK GDPR) and the EU GDPR.
The US trustee, on the other hand, argued that Celsius “does not and cannot rely on any exception to the general rule that bankruptcy proceedings should be open, open, and transparent” and has given ” nothing more than vague statements supporting their claim” to redact confidential information.
They also argued that the PII that Celsius had sought to edit “was not confidential or commercial information.”
In addition, “The United States Trustee considers that the information is not truly commercial because the Debtor did not seek to redact the names and identifying information of all creditors and instead requested that identifying information is redacted only for certain creditors,” but respect information for another group will be fully disclosed because of where those creditors live. ‘”
In terms of international law, the US trustee also argued that, under US bankruptcy law, bankruptcy proceedings should be public, and that these proceedings would take precedence over the UK GDPR UK and EU GDPR.
Finally, and most shockingly, “The People’s Committee of the United States of America said that [Celsius’] argues that creditors may be subject to abuse if their identities are revealed as anecdotal evidence, which does not increase to the level of evidence needed to overcome the presumption of public and open bankruptcy . “
In response, Celsius announced another movement, seeking to implement a complete anonymization process so as not to reveal user details. That went beyond the original plan submitted, which required the ability to contact the US customer’s home and email addresses as well as the customer’s name, home address, and email address. UK and EU.
The court ruled against a majority of Celsius’ claims. It dismissed the distinction between US and UK/EU customers based on the arguments above and allowed the company to just recompile home and email addresses. It completely negates anonymous movement.
Here’s What Doxxed Users Can Do
There are many choices one can make if they find themselves exposed in Celsius documents, but none of them can erase the past. The closer we get to that, in the event that releasing those data points has the obvious potential to harm the person, they can legally rename it as a (extreme) last resort. . One could also move to a different address, but since the court has allowed Celsius to redefine the home address, it may not be a big deal to try and mitigate. It is worth noting, however, that the “U.S. Trustees, and advisors to the Commission, and any interested parties” may have access to unresponsive versions of the records; Moving can still be done.
Users can also take measures to mitigate some of the threats in the digital world. When it comes to on-chain addresses that observers can anonymously delete by looking at the blockchain and the information disclosed in the document, good privacy-focused tools can solve the problem.
The simpler alternative is CoinJoin funds. While that won’t delete the user’s transaction history, if done right it will let users enjoy good privacy in the future. This means that a spend from that point on will not be clearly detected as a transaction coming from a doxxed user. (Similar to how a bank knows when you’re withdrawing cash at an ATM but can’t get the details of what you’re spending afterwards.) Users can get their hands on other security tools, like PayJoinsthat also breaks heuristics that bad actors use to infer information from on-chain data.
But perhaps the most important thing a user can do is take a low time priority approach and avoid using centralized services that collect user data. Financial services companies around the world, in crypto and beyond, need to comply with your customer (KYC) and anti-money laundering (AML) rules. Although such rules may have good intentions, their effectiveness is disputed and the downside is obvious –– as in this case of C.
In the information age, data is the most valuable commodity and as such, companies collect large amounts of data that become hard drives, becoming the target of cyber attacks when hackers and other people seek to monetize that information.
While world governments do not realize this huge problem in the 21st century, users are encouraged to do what they can to take ownership of their data and reclaim their privacy. As the status quo pushes people to share as much of their lives as possible, privacy should not be seen as something law-abiding citizens do not need but rather the right to allow all the others.