I used to work at Vanguard, which has significantly more assets under management than Coinbase. Vanguard had special categories for people with a lot of assets, high net worth, ultra-high net worth, etc for people that had over $10M and $100M (iirc) in assets under management at Vanguard. Because its a traditional finance company all of the client information was stored (name, phone, address, email, etc). Now it was basically impossible for any employee to get access to this information without needing it. Even working in the tech side I could not just log into the DB and run a query for people's information, make trades, etc. Everything was logged, everything was tracked, and access was very specifically restricted to limit issues.

My point here is that Coinbase (blaming this on a "overseas" employee) and the TechCrunch founder are missing that traditional finance companies have already solved these issues. They are just immature and not serious companies.

Yes because crypto exchanges born out of the wild west like conditions don't want to actually do any KYC. So they do some whacky solutions.

> They are just immature and not serious companies.

Every company running on "Founder Mode" where the founder is banking on weak regulations and low competition instead of a solid product with customer safety guardrails will end up this way.

basically the entire space of so called AI:)

Is there a pattern for encrypting email, name, phone fields so db leak wont be valuable? Of course we should be able to login, send marketing emails etc.

Some of the quotes in the article try to blame some of the harm from Coinbase's data breach on "know your customer" regulations. It's such self-serving nonsense.

Society is within its rights to demand that financial institutions both (1) protect their customers' sensitive personal information and (2) fight money laundering, which AFAIK is impractical without KYC rules at institutions like Coinbase that connect crypto to the traditional monetary system.

It could also be that KYC is an immature rule that says "the data must be collected".

Maybe a more nuanced future KYC rule might need to both collect and protect customer data.

That's already the case, but greedy execs love cutting corners.

The linked article leans hard into blaming KYC, when clearly improper data handling and security by Coinbase is the true cause. This is something we've seen repeatedly with crypto exchanges: Abysmal data protections and security. Wealth is not new, and financial institutions have managed this information fine. There is an issue specifically in the crypto space with poor security practices.

Of course the tech industry's solution to the problem is to spend tens of millions in lobbying to get rid of the KYC regulation, rather than a few bucks upgrading their security systems to what banks of had for several decades.