Worldcoin's iris-scanning Orb has been banned or investigated in Kenya, Spain, Portugal, France, Germany, Brazil, and India. Kenya suspended operations after finding Worldcoin collected biometric data without adequate consent. Spain's data protection authority ordered deletion of all data collected from Spanish citizens. The project, co-founded by Sam Altman, offered free crypto tokens in exchange for iris scans — targeting developing countries where people were most likely to trade biometric data for small payments.

DOJ settlement (November 2023): Binance pled guilty to conspiracy to violate the Bank Secrecy Act, operating an unlicensed money services business, and willful violation of IEEPA. Binance failed to report transactions associated with Hamas's Al-Qassam Brigades, Palestinian Islamic Jihad, Al Qaeda, and ISIS. Treasury Secretary Janet Yellen: "Binance turned a blind eye to its legal obligations in the pursuit of profit. Its wilful failures allowed money to flow to terrorists, cybercriminals, and child abusers." Total penalty: $4.316 billion -- the largest enforcement action in Treasury Department history.

Coinbase acquired blockchain analytics firm Neutrino in February 2019. Neutrino's founders — Giancarlo Russo, Alberto Ornaghi, and Marco Valleri — previously ran Hacking Team, an Italian surveillance company that sold spyware to authoritarian regimes including Saudi Arabia, Sudan, and Ethiopia. Separately, Coinbase sold its Coinbase Analytics (formerly Coinbase Tracer) blockchain surveillance tool to ICE (Immigration and Customs Enforcement), DEA, IRS, and the Secret Service — contracts worth $1.36 million with ICE alone. Coinbase profits from both sides: selling crypto as freedom and selling crypto surveillance to governments.

SEC settled with Robinhood for $65 million (December 2020) for failing to disclose that its primary revenue source was payment for order flow (PFOF) — selling customer trade data to high-frequency trading firms like Citadel Securities. The SEC found Robinhood customers received worse execution prices than competitors, costing them $34.1 million more than they would have paid elsewhere even after accounting for the saved commissions. Robinhood was "free" in the same way Facebook is "free" — you are the product.

In July 2020, Ledger's e-commerce and marketing database was breached. 272,000 customers' full names, physical addresses, and phone numbers were exposed. 1 million email addresses were leaked. The data was published on a hacking forum in December 2020 and widely distributed. Customers were subjected to months of targeted phishing campaigns -- emails impersonating Ledger support, fake firmware update requests designed to steal crypto. Some customers received physical threatening mail at their home addresses -- their home addresses that Ledger's database leak had exposed. The hardware wallet was secure. The company that sold it couldn't secure its own customer database. People who bought a Ledger specifically because they wanted maximum security had their home addresses published on the internet because Ledger stored shipping data insecurely.

In November 2022, ConsenSys (MetaMask's parent company) updated its privacy policy to disclose that Infura, the default RPC (Remote Procedure Call) provider that routes MetaMask transactions to the Ethereum blockchain, collects users' IP addresses and Ethereum wallet addresses with every transaction. This means every transaction sent through MetaMask's default settings creates a record linking your IP address (and therefore your approximate location and internet provider) to your wallet address and transaction details. The crypto community reacted with outrage -- a wallet marketed on self-custody and decentralisation was logging the real-world identity markers of its users by default. ConsenSys backtracked, adding opt-out options and 7-day data retention limits. But the default settings still route through Infura. Most users never change defaults. The "decentralised" wallet runs on centralised infrastructure that logs who you are and what you spend.

Synapse Financial Technologies — the middleware connecting fintech apps like Yotta, Juno, and Copper to actual banks — filed for bankruptcy in April 2024. Approximately $85 million in customer deposits went missing. Users of fintech apps built on Synapse could not access their money for months. The FDIC insurance they were promised covered deposits at the underlying bank, not losses from middleware failure. The intermediary collapsed, and nobody knew who owed what to whom.

Chime is not a bank. Banking services are provided by Bancorp Bank and Stride Bank -- partner institutions that Chime customers may never interact with directly. The CFPB has received thousands of complaints about Chime, with a primary pattern: sudden account closures without warning. Chime's fraud detection algorithms flag accounts and freeze funds with no prior notice. Users report being locked out of their accounts with no explanation, unable to access their own money for weeks or months. For the underbanked populations Chime targets -- people living paycheck to paycheck without savings -- having funds frozen for weeks can mean missed rent, bounced bills, and cascading financial damage. Chime's automated systems treat false positives the same as actual fraud: freeze first, investigate later, communicate never. The "bank that has your back" closes accounts without telling you why.