Key Highlights
- A report reveals that Sumsub previously claimed it couldn’t pinpoint the puppet masters of its own operation, only to later update its records with the names of its founders-surprise, surprise!
- In a twist worthy of a bad detective novel, a cyber mishap apparently lurked in the shadows for 18 long months, exposing a smattering of user data while nobody seemed to notice.
- Oh, and let’s not forget the mysterious investor from a 2022 funding round-because who doesn’t love a good cliffhanger?
Sumsub, that self-proclaimed champion of identity verification in the crypto realm, is now under the microscope for its lack of transparency and security practices. A recent report peeled back the curtain on a data breach that had all the subtlety of a marching band at a funeral.
KYC giant @sumsub verifies millions of users for 4,000+ clients, but nobody verified Sumsub. Opaque ownership, unnamed investors, 18 months of undetected breach. The gatekeeper never verified itself.
– Rekt News (@RektHQ) April 14, 2026
Sumsub Ownership Records Raise Eyebrows
This report, which made waves courtesy of Rekt News, threw shade on how Sumsub recorded its ownership. It seems that from April 2019 to October 2023, a Cyprus-based entity, Raritex Trade Ltd, held sway over the company’s UK unit like an unseen puppeteer.
On October 3, 2023, in a plot twist that would make even the most dedicated soap opera fan raise an eyebrow, Sumsub declared it couldn’t identify any person or legal entity with significant control over the company. That’s right, folks-officially reporting that they didn’t know who was driving the bus!
This curious filing lingered in the air like an awkward silence for seven months before it was rescinded on May 24, 2024, when three founders-Peter Sever, Yakov Sever, and Andrey Severyukhin-suddenly appeared as the big shots in charge. However, no one bothered to explain this sudden revelation, leaving everyone scratching their heads.
The report also spun a tale about a funding round in late 2022 where Sumsub described its main investor merely as a “corporate VC fund,” cloaked in mystery. Rekt News raised alarm bells over this lack of transparency, especially since the company holds sensitive identity data for a slew of financial institutions.
Security Breach Unveiled in February 2026
Hold onto your hats, because the plot thickens! A cybersecurity breach disclosed by Sumsub in February 2026 revealed that the incident started back in July 2024, when a crafty attacker slipped in through a support system like a thief in the night. It took an eternity-18 months-before anyone noticed during an internal audit in January 2026. Talk about a lack of urgency!
According to Sumsub, the exposed data included names, email addresses, and phone numbers for a handful of users, but rest assured, they did not include biometric data, passport images, or government ID documents. The crypto exchange Ndax, among other clients, felt the brunt of this debacle.
Adding to the intrigue, the report mentioned a 2025 incident where a security researcher discovered that API access keys linked to Sumsub were laid bare through a third-party system. It’s almost like they were asking for trouble!
Sumsub Fights Back Against the Claims
In a response that could rival any good courtroom drama, Sumsub took to X to declare that the claims were misleading and that the reporters didn’t bother to contact them beforehand. What a shocker!
The company asserted that it adheres to all legal disclosure requirements wherever it operates, sharing information with regulators, auditors, and clients when necessary. They also mentioned that concerns about transparency had been raised before and addressed-though it’s unclear if anyone believed them.
Hello – we want to address a few claims that have been circulating.
Notably, the reporters behind this piece did not approach us for comment prior to publication – which is a basic standard for balanced investigative reporting. This lack of engagement is telling.The…
– Sumsub (@sumsub) April 15, 2026
Sumsub maintained that it operates as a private entity in compliance with necessary disclosure rules. They reassured everyone that relevant information is shared with authorities and business partners as needed-because nothing says “trust us” quite like vague assurances.
Regarding the breach, Sumsub copped to it, but insisted it was contained to a support-related system and didn’t involve sensitive identity documents like passports or biometric data. They referred to it as an isolated incident-like finding a roach in a fancy restaurant, really.
The Bigger Picture
Sumsub provides Know Your Customer (KYC) services, a veritable lifeline for businesses, especially in the murky waters of the crypto world, to confirm user identities using documents like passports, selfies, and proof of address. It boasts a clientele of over 4,000 companies globally, flitting across various regions like a well-traveled vagabond.
These services are indispensable for financial and crypto platforms, ensuring that fraud is kept at bay and that the users are, in fact, real human beings-no sock puppets allowed!
In essence, instead of building these systems themselves, many businesses lean on providers like Sumsub. Thus, these providers, handling heaps of personal data, play a pivotal role in compliance and security processes across the financial landscape.
Read More
- All Skyblazer Armor Locations in Crimson Desert
- One Piece Chapter 1180 Release Date And Where To Read
- New Avatar: The Last Airbender Movie Leaked Online
- All Shadow Armor Locations in Crimson Desert
- How to Get the Sunset Reed Armor Set and Hollow Visage Sword in Crimson Desert
- Cassius Morten Armor Set Locations in Crimson Desert
- Red Dead Redemption 3 Lead Protagonists Who Would Fulfill Every Gamer’s Wish List
- Grime 2 Map Unlock Guide: Find Seals & Fast Travel
- Euphoria Season 3 Release Date, Episode 1 Time, & Weekly Schedule
- USD RUB PREDICTION
2026-04-15 18:29