New Zealand-based crypto exchange Cryptopia was likely in breach of its compliance obligations in the run up to being hacked, according to local press reports.
The details come as part of the liquidation process, with liquidators Grant Thornton filing evidence before a court in Christchurch showing numerous significant failings at the exchange, the New Zealand Herald reported.
According to the evidence, the exchange was routinely failing to discharge its compliance obligations for anti-money laundering regulations with new customer accounts, requiring only limited information from customers to create new accounts on the platform.
Liquidators David Ruscoe and Malcolm Moore said their investigations revealed serious concerns about the way Cryptopia opened new customer accounts: “[We] have given careful consideration to the limited personal identification information available because, in our view, it raises various issues including anti-money laundering compliance.”
The liquidators said they were currently working with law enforcement in New Zealand alongside the Department of Internal Affairs in its investigations into business practices at the firm.
The investigation revealed some 933,000 user accounts without adequate identifying information on file, with only usernames and email addresses present.
A selection of 100 customers who had traded over NZ$500,000 (US$323,232) had been required to send pictures of themselves holding their photographic ID, as well as statements explaining the source of their funds.
Addresses were then verified internally by reference to Google Maps, though liquidators have identified a large number of addresses that appear to be in remote, unpopulated locations. In some instances, user addresses were unable to be traced by the liquidators.
According to the evidence filed, there were some 44,000 users holding assets worth NZ$23 million (US$14.87 million) which were not verified at all,