Cryptocurrency lender Celsius is once again in the spotlight, this time for revealing the names and recent financial actions of its users in public court documents.
Twitteratti has wrongly labeled this revelation as doxing, some going to the extent of saying the information “will lead to many robbed & killed.”
I am no fan of companies collecting all sorts of personally identifiable information (PII) about their users and then employing the cheapest means available to secure them. However, the Celsius data doesn’t fit the traditional narrative of a data leak.
In fact, I believe the 14,532-page document, which has no identifying details besides names of individuals, crypto wallet IDs, transaction types and amounts, which services the customer had used, and the types and quantities of tokens held has served its purpose well.
Privacy advocates are needlessly muddying the waters, and in their criticism are ignoring the bigger picture. Granted, the details can be dangerous in the hands of people who know how to exploit them. But then again it wouldn’t be hard for these people to get their hands on these details in any case. In fact, Celsius had already accidentally leaked customer email addresses back in July.
However, if the court had agreed to redact the name of the customers then no one would have figured out that the Celsius top-brass withdrew millions of dollars before closing withdrawals for everyone.
The bigger takeaway from the court documents is that they provide concrete proof of how lack of privacy was one of the core principles of Celsius’ business model. Furthermore, they show the extent the company went to in order to game the system. This is why in order to avoid being regulated as a bank, Celsius chose to identify its customers as creditors, instead of depositors, eventually robbing them of protections granted by bank secrecy laws, and instead exposing them to creditor disclosures.
According to reports, Celsius asked the court for permission to redact the names and addresses of its users. But this wasn’t granted based on US Trustee William Harrington’s objections that redacting names would set an unfavorable precedent for future bankruptcy proceedings, not just for crypto but for other sectors as well.
For me, there are two big takeaways from the document, which have somehow been missed in all the hoopla about the breach of privacy. Firstly, the document lays bare the dangers of centralized crypto services, and how they go against all tenets of the decentralized finance (DeFi) ecosystem they allegedly operate in.
Secondly, the case helps further strengthen the call to bring such operators under stringent regulations, pretty much like the formal financial sector. Creditor disclosures weren’t designed for workarounds such as those employed by Celsius, which is why it’s high time the regulators form sensible, sector-specific regulations to protect crypto investors.
