OpenAI Privacy Nightmare: Persona Accused of Leaking ChatGPT Users’ Crypto Wallets to US Government Agencies

Is Your ChatGPT Account Feeding Data to the Feds?

Imagine uploading your passport photo and selfie to use OpenAI’s powerful AI tools like ChatGPT. Now picture that same data, plus your crypto wallet addresses, getting sent straight to US federal agencies. Sounds like a dystopian movie plot, right? But recent findings suggest it’s happening through , OpenAI’s KYC (Know Your Customer) partner.

This shocking discovery has crypto fans and privacy lovers up in arms. A team of security researchers dug into Persona’s code and found what looks like direct links to government databases. We’re talking about tools that flag suspicious activity, screen crypto addresses, and even tag data with secret intelligence codes. Let’s break it down step by step.

What the Investigation Uncovered

Security experts using handles like vmfunc, MDL, and Dziurwa published their report on February 18. They spotted public code in Persona’s system that sends user info to — that’s the Financial Crimes Enforcement Network, part of the US Treasury Department. FinCEN fights money laundering and other financial crimes.

Here’s what they found:

• Code to file (SARs) directly to FinCEN.
• Similar reports to Canada’s financial intel unit.
• Tagging with intelligence program codenames.
• Crypto address screening via , a top blockchain analytics firm.
• A “watchlist” that monitors wallets forever, checking against Chainalysis graphs for risks, linked addresses, fund values, and owners.
• Over 250 extra verification checks, including facial matches against global databases of politicians, leaders, and their families.

“You upload a selfie for a chatbot, and it’s now scanned against every big name on earth,” the researchers warned. This code has been live since November 2023.

Persona’s Response: Denial Amid Questions

Persona CEO Rick Song hit back on X (formerly Twitter). He said researchers didn’t contact him first and claimed his company doesn’t work with federal agencies now. But he skipped addressing the code findings directly. One post called the handling “disappointing,” praising the researchers’ skills while deleting it later.

Other experts backed the probe. A security researcher from blockchain response teams like SEAL911 confirmed the government domains exist and likely run on Persona’s setup. Still, motives and full use remain unclear.

OpenAI and Chainalysis haven’t commented yet.

Why Crypto Users Should Care Big Time

Crypto was born from cypherpunk ideals — privacy first, fight surveillance. Bitcoin creators pushed crypto tools to shield people from big brother governments and corporations. Now, KYC on AI platforms like OpenAI pulls users into the same web.

When you verify for ChatGPT Plus or advanced models, Persona gets your ID photo, selfie, and video. It runs standard checks: sanctions lists, face matches, crime links. But the extra stuff? Crypto screening without clear triggers. Your wallet could hit a persistent watchlist, polled endlessly against Chainalysis data.

Questions pile up:

• What sets off the crypto scan or watchlist?
• Do OpenAI users get warned about government sharing?
• How long is data kept? OpenAI says up to a year; code hints at 3 years or permanent for IDs.

The Bigger KYC Problem in Web3 and Beyond

KYC is everywhere now — exchanges, DeFi apps, even AI chats. It’s sold as crime prevention, but critics say it backfires.

1. Data Misuse: Big KYC firms have abused or lost user info.
2. Hacks: Breaches leak millions of records, turning users into targets.
3. Surveillance Risk: Vague rules let firms build secret watchlists, no consent needed.
4. Privacy Erosion: Links your real ID to pseudonymous crypto wallets forever.

Chainalysis integration amps this up. It maps blockchain transactions, clusters addresses, and IDs owners — powerful for good or ill. A “one-shot” check? No. It’s ongoing monitoring.

What This Means for OpenAI and ChatGPT Users

OpenAI requires KYC for high-use accounts to stop abuse. But tying it to Persona means potential fed exposure. Everyday users chatting with GPT-4o or o1 might not expect their hobby wallet on a government radar.

Crypto holders: Think twice before linking wallets or using KYC’d AI. Privacy coins like Monero or mixers might dodge some scans, but Chainalysis gets smarter yearly.

Steps to Protect Your Privacy

Don’t panic, but act smart:

• Use VPNs and burners for non-essential KYC.
• Separate wallets: Daily vs. high-value.
• Opt for privacy-focused AI alternatives without KYC.
• Push platforms for transparent data policies.
• Support decentralized ID like self-sovereign solutions.

The Road Ahead: Regulation or Rebellion?

This drama spotlights tensions. Governments want oversight; users want freedom. Expect more scrutiny on KYC providers. Will OpenAI switch partners? Will laws force clearer warnings?

For crypto, it’s a wake-up. Build tools resisting surveillance — zero-knowledge proofs, decentralized verifiers. The cypherpunk dream lives on.

Stay vigilant. Your next selfie could be more than a login.

FAQs: OpenAI KYC and Persona Controversy

What is Persona? OpenAI’s KYC service for user verification.

Does this affect all ChatGPT users? Only those doing KYC for advanced access.

Is the data really shared with feds? Code suggests yes, but Persona denies current ties.

How to avoid it? Skip KYC if possible or use anon accounts.

Got questions? Drop in comments.