In Celsius Network’s recent court filing, the billion-dollar centralized finance (CeFi) platform exposed more than 14,000 pages of customer identity and on-chain transaction data without user consent — a prescient reminder that privacy absent decentralization is no privacy at all.
As part of its bankruptcy proceedings, CeFi lending giant Celsius Network disclosed names and on-chain transaction data of tens of thousands of its customers in an Oct. 5 court filing. While Celsius’ user base complied with standard Know Your Customer (KYC) procedures in order to open personal accounts with the CeFi platform, none consented to nor could have anticipated a mass disclosure of this scope or scale.
In addition to doxxing the multi-million dollar withdrawals of Celsius founder Alex Mashinsky and chief strategy officer Daniel Leon just before Celsius’ bankruptcy announcement, the disclosure directed tens of thousands of CeFi users to reconsider what resolute privacy protections entail and how systems that incorporate any degree of trust or centralization stand to compromise those protections.
To protect privacy, any degree of centralization or specialized authority that exchanges use in the future must eschew the bungled Celsius model. Otherwise, privacy will be rendered yet another false promise teased out in the fine print.
While unsavory, at the very least, Celsius’ mass data dump points to more than an outright distrust of authority and opaque organizations. As per usual, at the intersection of on-chain finance and law, there’s a lot of gray area.
An emergent and nascent industry, the blockchain space has already spun up a mess of unprecedented conflicts and disputes that neither existing legislation nor established case law has developed a reliable methodology to navigate. Even in the heavily nuanced legal environment of 2022, courts are not adequately prepared to uphold established legal principles in the on-chain domain.
In defense of their customers, Celsius’ legal representatives allege that they issued requests to redact private customer data from their disclosures. However, their requests were ultimately rejected by the court on the grounds that all Chapter 11 Bankruptcy proceedings require a complete and transparent “Creditor Matrix.” Obviously, such a bankruptcy rule was penned and passed several eras before the emergence of distributed on-chain lending protocols; a time when financial institutions did not have 14,000 pages worth of supposed creditors.
To make matters more unclear, Celsius legal officials have also claimed that, as per Celsius’ terms of service, all user funds deposited in the platform essentially belong to Celsius. Thus, as a self-regarded de-facto owner of all customer deposits, Celsius’ public release of customer transaction data treads further into hazy legal territory as to the parameters that define ownership — and, therefore, privacy protections — in the on-chain space.
Whatever the case, Celsius’ customers have permanently lost their privacy. The only sure verdict is that there can be no certainty in depending on an unprepared legal system to uphold privacy rights in fluid and uncharted territory.