During the last few weeks, several vulnerabilities affecting ICOs have been revealed including rumours of KYC data breaches and phishing attacks that have led to losses of millions of dollars. Token purchasers’ concerns when participating in ICOs is increasing exponentially. Identity and money are two of people’s most sensitive concerns because theft can lead to serious economic and legal problems.

At SelfKey, we work to make identity transactions and onboarding to financial, immigration and cryptocurrency related services, faster, hassle-free, more private, and more secure.

We aim to make the aforementioned problems a thing of the past. Our solution is a digital wallet with which users can control and manage their personal data and transact with service providers safely and with certainty.

The SelfKey Identity Wallet mainly allows users to access their identity documents on their device and share them with service providers to apply for a broad range of products and services listed in the SelfKey marketplace.

Not only that, the SelfKey Identity wallet is also a cryptocurrency wallet with which you can send, receive, and store ETH and any ERC-20 token, just like Myetherwallet or Metamask.

The marketplace will be formed by several market verticals that will be launched periodically, and the first area to be released will be ICOs.

This means that, from the same application, you will be able to conduct all required actions to participate in ICOs: go through KYC, send ETH, and receive the brand-new ERC-20 tokens you have purchased. All of this, without the need to worry about phishing attacks or KYC data breaches.

Phishing attacks

There is no way to impersonate an ICO within the Identity wallet.

Since it is a desktop app stored and run locally, attackers won’t have the option to clone a website and ask you to send funds to a given ETH address.

Even if they use Telegram or a phishing email, if you use your SelfKey wallet to participate, there won’t be any risk that you are sending funds to a pirate.

The SelfKey wallet will allow you to complete the entire ICO participation process with the certainty that you are not being scammed by a phishing attack.

KYC data breaches

KYC processes involve sharing identity documents, such as passports or identity cards, with service providers to prove that you are who you claim to be and are not a politically exposed person or a bad actor such as a sanctioned person.

Data protection laws are supposed to protect consumers when sharing this sensitive information, but when it comes to ICO’s doing KYC — what happens to that KYC information, and how it’s protected, is largely unknown.

The solution is something called verified claims. This concept allows for a person to prove something is verified by a trusted party without having to reveal the information itself. For instance, a person can prove they are American, without revealing the passport or ID itself. By sharing the claim only (instead of the document) the entire process becomes much safer.

Blockchain technology allows for these verified claims to be shared in a decentralized manner, without a central issuing authority, who would likely store the data in a large database that can be hacked.

In fact, a decentralized identity makes a poor target for hackers because the effort, time, and costs involved would exceed the reward — for example, finding that you are not a citizen of a specific country and no other information to go along with it is not worth a hacker’s time.

One of the reasons we created SelfKey was to plug the gaps through which personal information can leak and offer a solution in which it is unnecessary for documents and personal information to be retained by a third-party.

With SelfKey, your information is not held on a blockchain, in a centralized database, or anywhere else other than your personal device in an identity wallet.

In the SelfKey wallet, you can pass KYC once and have your identity verified. These verified claims are reusable attestations that can be used to participate in ICOs or sign up for financial and cryptocurrency related services without having to share your all your information repeatedly.

Essentially, you share your verified claims, or attestations, not your digital identity.

KYC and AML regulations exist to protect companies from being taken advantage of by criminals or terrorists, and data protection laws exist to keep your information safe. However, the latter differ greatly between jurisdictions, with some being more robust than others.

Clearly, there needs to be consistent, secure, and robust data protection for your information when participating in an ICO. Sharing attestations rather than documentation is obviously a far safer method of participation.

At SelfKey, we aim to provide the necessary tools for individuals to find more freedom. We understand that being free is not to involuntarily delegate the control of our identity to third parties that could misuse our most sensitive data. It is ourselves and ourselves alone that should truly own our identities.

If you wish to know with more details the SelfKey proposition, we invite you to read the whitepaper and our previous blog posts. If you have doubts, questions or just want to chat about it with the SelfKey core team, we invite you to be part of our Telegram community. To stay up to date on the latest news and announcements, join our announcement channel or subscribe to our mailing list.