FHEeSIM answered me!

In 2024, major data breaches reported publicly around the world caused at least 47.16 billion data breaches, an increase of 354.3% from 10.38 billion in 2023. The most terrifying thing is that the growth is still not stagnant, which means that every personal information we have been KYC has been repeatedly associated on the black market and is naked. This is no longer a problem for us to change our passwords frequently, because privacy data is naked. When the data leaks to a certain extent, it is no longer possible to trace the data leakage of which Internet service provider ISP. Therefore, vicious criminal cases caused by privacy leakage occur frequently around the world, and even the crime of actively leaking data is difficult to trace. The AML and KYC policies are useful but not ideal. All innocent people are KYC, and criminals are still at large. It is time to sound an alarm for Internet users around the world. Who is the current KYC and AML policies convenient for? Who else can we believe? Is there any way we can protect our identity and privacy?

1. Data leakage is the root cause of SIM card exchange attacks in the

encryption field

The crypto market is always associated with telecom fraud, criminal networks, hacking and other illegal activities. Due to AML and KYC policies, the crypto market is indeed adequately protected, but the chances of cybercriminals to succeed have not decreased, and the losses caused by the crypto market using leaked data are still increasing every year. In 2024, the personal data of nine cryptocurrency exchange users was leaked, and the incident affected more than 500,000 customers and collected a large amount of sensitive data including: complete usernames; credit card numbers; email addresses; IP addresses; various authentication data. In December 2024, Byte Federal, a US Bitcoin ATM operator, disclosed a data breach. Hackers used GitLab vulnerability to hack the system and leaked data from 58,000 customers. This is a very small event of leaking data, but these leaked data directly cause SIM card exchange attacks. The process is as follows:

(1) Target determination and information collection: Attackers first determine the target and usually choose those who own cryptocurrencies, such as V God and CZ, have not escaped the attack. They will collect personal information of the target through purchasing leaked data, such as name, date of birth, ID number, phone number and other information required by KYC.

(2) Contact the operator as an impersonator: After collecting sufficient information, the attacker will impersonate the victim to contact his mobile service provider. They may fabricate emergency or reasonable scenarios such as claiming to have lost their phone, damaged SIM card or need to upgrade to a new device, etc., to request transfer of the victim's phone number to the new SIM card.

(3) Operator's SIM card exchange operation: If the attacker successfully convinces the operator's customer service representative, the operator will associate the victim's phone number with the new SIM card controlled by the attacker. At this point, the victim's original SIM card will be deactivated and the attacker's new SIM card will take over the phone number.

(4) Obtain SMS and Phone: Once the attacker has controlled the victim's phone number, they can receive all SMS and Phones sent to the number, including verification codes for two-factor authentication. This allows the attacker to bypass SMS 2FA, gain account permissions, and perform further attacks and asset theft.

Judging from this black industry chain, KYC is necessary for a zero-trust network environment, but KYC data has also become the source of criminal crimes.

2. The crypto world proves that your means are so fragile, and the means

are so convenient.

In 2023, the collapse of Axie Infinity, a blockchain game once known as a tool for poverty alleviation, shocked the world. At its peak, the “play and earn” game attracted more than 2.7 million Filipino players (40% of their global user base) who earned their daily income through in-game tokens. However, when token value plummeted, many people found themselves unable to convert digital assets into fiat currencies because the KYC requirement of centralized exchanges could not be passed. This underscores the existence paradox of Web3: the anonymity that empowers its utopian vision becomes its fatal weakness in the face of real-world compliance. The crisis exposed the core dilemma of Web3: anonymity gives freedom, but sacrifices identity sovereignty; compliance requires verification, but deprives privacy. Today, over a billion people around the world lack traditional identity credentials and are trapped outside the digital economy because “proving you are you” still relies on phone numbers, ID cards and bank accounts. With the support of today's artificial intelligence and large language model technology, KYC data is extremely costly to forge faces, voices, ID documents, etc. that verify identity. Technology does not have effective services to prove itself and protect anonymity, but can be maliciously exploited by technology to seize sovereignty. This is the current situation that supports Web3 's identity verification. How ironic.

3. The new regulatory era of KYC and AML is about to bring

As we all know, criminals use currency mixing tools such as Tornado Cash to evade supervision and complete the currency laundering process. Mixed coins in recent years have helped criminals launder money, and the real world has pointed the anchor at Tornado Cash and confiscated the founder in 2022.

In 2024, more than US$2.2 billion in digital assets in the digital cryptocurrency industry were stolen by hackers. On February 21, 2025, the hackers successfully stolen digital assets worth more than US$1.5 billion, which is the best in the history of cryptocurrencies. Fortunately, Tornado Cash founder Alexey Pertsev, however, in February 2025, the Dutch court approved the suspension of his pre-trial detention. Although this is not true freedom, Ethereum co-founder Vitalik Buterin retweeted the news and expressed support. In March 2025, the U.S. Treasury Department deleted Tornado Cash and several related digital wallet addresses from the OFAC's Specially Designated Nationals (SDN) sanctions list, which brought hope to the era of KYC-free regulation. This judgment marks the tilt of the balance between privacy protection and government regulation. For individuals: The legal status of privacy rights is improved, and the risk of using privacy tools is reduced. For the government: It is necessary to seek a more refined balance between KYC requirements and technological neutrality and promote the upgrading of regulatory tools. In the future, privacy protection may shift from "confrontation of regulation" to "compliance innovation", becoming a critical period for the joint evolution of civil rights and national security in the digital era.

To commemorate this critical moment, the Privasea team wrote this article to pay tribute to this moment, and we announced that KYC is not a way to protect crypto investors, and the best way is to convert "your existence" into mathematically verifiable crypto objects. The original FHE KYC technology converts biometrics into immutable privacy protection credentials, anchoring to the web2 world through anonymous identity devices (anonymous telecommunications SIM cards, anonymous credit cards and other digital world connectors), allowing personal information to be invisible; we are not just upgrading infrastructure - we are launching a paradigm shift in digital identity sovereignty, we see the urgency of privacy protection, and Privasea will become a staunch defender of privacy protection and autonomous identity.

4. FHE+KYC's anonymous SIM card anchors digital identity to the web2

world

(1) FHE has achieved impossible things in terms of authentication

User protection: Biometric information and files remain end-to-end encrypted to eliminate the risk of leakage.

Compliance: Service providers use accurate matching plaintext methods to perform biopsy, age verification, etc.

Regulatory balance: "Share of regulatory keys" can achieve legal decryption in extreme cases (such as criminal investigations), thus taking into account privacy and security.

(2) What is FHE
Fully homomorphic encryption (FHE) has long been regarded as the "crowned gem" of cryptography, and it solves a 30-year puzzle: compute encrypted data without decryption.

Limitations of traditional encryption: Standard encryption (such as AES) protects data at rest. Any calculation (such as identity checking) needs to be decrypted, exposing the original data – which is the root cause of Facebook data breaches.

FHE's Breakthrough: Imagine a locked safe (encrypted data). FHE allows external parties to sort, count or perform complex operations on their content without unlocking. The data remains encrypted, but the results are verifiable.

(3) ImHuman: Redefining the evidence of human existence

ImHuman’s innovation lies in transforming biometric verification into an encryption process that is performed entirely in an encrypted state:

Keyword storage

The user generates a client key, which is divided into three fragments through Shamir's secret sharing, and is stored on the local, cloud and ImHuman servers. Retrieval requires two fragments to eliminate a single point of failure.

Active to NFT casting

The initial face scan generates a 512-dimensional feature vector, encrypted by a client key and embedded into the ImHuman NFT. These NFTs do not store original biometrics, but only store homomorphic encryption of "encrypted fingerprints".

Encryption verification

During the verification process, a new face scan will produce a new vector. The Privanetix node calculates similarity scores completely in encrypted form.

Dynamic threshold

If the preset threshold is exceeded, the decrypted similarity result will trigger the timestamped credential.

(4) The anonymous SIM card of FHE+KYC will perfectly protect the user 's digital identity

Traditional SIM cards rely on centralized systems. eSIM + FHE KYC unleashes unprecedented possibilities:

Zero residual binding:
eSIM is bound to ImHuman NFT credentials, not the original biometric information. The operator does not need to access the phone number, ID card or facial data to verify the credentials.

Anti-lost recovery:
Lost device? Recovered by ImHuman:

Recover the client key using two key fragments.

Verify identity through encryption checks.

Unable to exchange attacks:

Only those who have their ImHuman NFT certificates can re-replace the card and issue the original number, and there is no other owner who changes the number, thereby avoiding sim card exchange attacks.

Automatically issue new eSIM—no traditional KYC plaintext data nor eKYC sensitive data.

(5) FHE+KYC 's anonymous SIM card anchors digital identity to the web2 world

With this anonymous SIM card, you can register an email address that requires a mobile phone number, such as gmail, outlook and other email addresses; you can also register an IM instant messaging tool telegram, whatapps, etc. that requires a mobile phone number; especially with numbers that do not expose your true identity and cannot be tampered with, which can ensure the security of the email address. A large number of Internet services that only register with email will be extended to protect, such as social networking sites.

In some parts of the world, this anonymous SIM card can also be used to handle local banking business, register credit cards, etc.; this anonymous SIM card can also be used to handle payment and settlement services, such as Nigeria and other countries.

In most developed Internet countries, SIM cards undertake verification services. With an anonymous SIM cards, you can register 2FA verification services with confidence. The era of dedicated cards and dedicated use has arrived, and the underlying technology of FHE+KYC has redefined digital identity sovereignty.

5. Why is this irreversible: Paradigm shift

Cryptocurrency companies are generally believed to be similar to traditional financial services, so they are subject to similar regulation. The EU has also confirmed that cryptocurrency exchanges should bear the same responsibilities as banks in maintaining their financial system. But the U.S. Treasury Department removed Tornado Cash and several related digital wallet addresses from the OFAC's Specially Designated Nationals (SDN) sanctions list, indicating that the new KYC and regulatory concepts involved in cryptocurrency transactions are changing. Cryptocurrency companies do not regulate the same as traditional financial services, and the allegations against Tornado Cash founder Alexey Pertsev are all against anti-money laundering laws.

We are at a historic turning point: for the first time, human beings were able to secretly prove "I exist" with mathematical methods without giving up control of their own identity. This is building a privacy layer that interoperates with the crypto world and the real world. A great technological practice, and a battle to defend privacy. This is not only a technological leap, but also a milestone in digital human rights.