TL;DR:
- On-chain researcher ZachXBT described KYC as one of the least useful data types for investigations and threatened to publish methods to bypass it.
- ZachXBT warned that KYC tends to benefit attackers when a company is hacked, as user data gets exposed and executives face no consequences.
- Cryptographer Matthew Green described how age verification can become mass surveillance infrastructure linked to users’ real identities.
The on-chain researcher known as ZachXBT described KYC —Know Your Customer— as one of the least useful types of data for investigations in the crypto industry. His statements included a direct warning: if the situation keeps worsening, he could begin publishing on-chain methods to bypass excessive surveillance.
According to ZachXBT, KYC tends to end up benefiting attackers rather than users. When a company is hacked, the collected identification data gets exposed while the company’s leadership faces no legal responsibility for the theft of its customers’ funds. He also questioned why governments effectively force people to pay around one hundred dollars on the black market just to access basic levels of privacy.
Honestly this topic may radicalize me into publishing onchain techniques to evade bs.
KYC is one of the most useless types of data in crypto cases.
Only benefits threat actors when a company is breached and leadership is never held legally accountable for user thefts.
Why…
— ZachXBT (@zachxbt) June 23, 2026
KYC Is a Gateway to Total Surveillance
ZachXBT’s statements came in response to a post by Erik Voorhees, founder of ShapeShift, who warned that KYC could eventually be required even to use a computer. ZachXBT also shared an analysis by Matthew Green, professor of cryptography at Johns Hopkins University, which described how age verification is being incorporated into nearly every new regulatory proposal.
Green argued that the real issue is not age but identity. Under the argument of protecting minors, governments and platforms would be building infrastructure capable of linking a person’s real name to their online activity.
The Scenario Nobody Is Seeing
Green described a gradual process unfolding in stages: first, age verification would be introduced for certain content, with systems collecting identification documents. Then the question would be under what conditions security agencies could access that data and how anonymous activity could be linked to a real identity. That would require adjusting privacy technologies so they track the user’s identity every time they visit a site.
Access to that data would start by requiring a court order, then become available through a simple request, and eventually be integrated into mass scanning systems. Green also noted that these measures would not achieve the stated goals of combating grooming or child abuse, as they have historically shown no evidence of reducing such harms.
