I consider KYC-Scams as an extremely shady move of a project to save costs when people dont submit KYC or if the project is a scam to collect personal data and sell it to other scammers on the black market. Assuming that shitcoin ICOs dont collect much funds right now, the personal data can be worth much more than the collected funds because the scammers can define which data they want to get.
I dont know if TerraGreen is a scam but the way they put pressure on their bounty participants and refuse them a payment if they dont pass KYC is at least scamming them.
I personally think that they should be considered to be scams, period. And they should be held to the same scrutiny as any other scam involving a blatant breach of contract.
Their interests are clearly in paying users as little funds as possible, as opposed to potentially upholding any sort of formal regulation that need to comply with. Otherwise, they'd be open to paying bounty participants in terms of BTC, or any fiat, since that would DEFINITELY not be a breach of any securities laws (from their perspective, they'd just be paying for a service with a currency).
But they're not open to that option, which also indirectly shows their own lack of trust within their own project.
I'm not sure why people don't demand funds to be escrowed in bounty campaigns the same way they demand sig campaign funds to be escrowed - even if the payment is in the token of the project.