“Kim Jong-Un” gets Gate.io crypto account approved

Gate.io’s account verification has come under scrutiny after ZachXBT tested its KYC process.
An account application by a person named Kim Jong-Un passed Gate.io’s Know Your Customer (KYC) check and was approved within minutes.
Gate.io KYC Process Under Review
On-chain detective Zach XBT sought to test the assumption that crypto exchange accounts offer a level of security when it comes to tracking stolen funds.
“When stolen funds come into a cryptocurrency exchange, people like to assume there’s a real person with a real identity tied to the account”
To debunk this, he applied for a Gate.io account named Kim Jong-Un with an email address “not lazarus.” ZachXBT captured a screenshot of the application approval, showing that he had passed KYC and was approved to trade cryptocurrencies on the exchange.
Additionally, the company’s “KYC-1” basic verification layer enables account holders to withdraw up to 100,000 USDT per day.
It is unclear whether ZachXBT altered the ID documents to achieve this. Nonetheless, the results highlight flaws in Gate.io’s application process, particularly when it comes to name checks.
To underscore the point, ZachXBT repeated the process, using fictitious names and email addresses listed on the Office of Foreign Assets Control (OFAC) sanctions list, such as “harmonyhacker” and “lazaruslover,” all of which were approved, thus contradicting the idea that bad actors shy away from using the exchange.
Lazarus Group refers to a group of hackers and scammers reportedly operating at the direction of the North Korean government.
The group has employed a number of tactics, including malware used in the 2017 WannaCry ransomware attack, as well as social engineering, such as luring a senior Axie Infinity engineer into opening a "job opportunity" file, which subsequently infected the engineer's computer and caused multiple Axie nodes to be taken over.
Know Your Customer
Cryptocurrency exchanges have been incorporating mandatory KYC requirements in order to meet Financial Action Task Force (FATF) compliance, with ByBit becoming the latest to do so. The company announced that starting May 8, all users will need to upload IDs.
KYC critics argue that the practice limits participation in cryptocurrencies. Furthermore, bad actors have the means and expertise to easily bypass checks, making KYC meaningless in achieving its goal of preventing money laundering.
Additionally, storing customer information provides hackers with additional attack vectors, as shown by the July 2020 Ledger data breach. Ledger customers were threatened and harassed after their contact information was made public.
Gate.io was contacted for comment on ZachXBT’s findings. No comment was received by press time.