Banks in Pakistan plan to launch an electronic platform for know-your-customer procedures that will be operating on a national level. The blockchain-based system will allow them to exchange the personal information of customers through what they describe as a decentralized and self-regulated network. Banks of Pakistan Looking to Employ Blockchain for KYC Checks Pakistan Banks’ […]
- Home
- KYC
KYC
UBS Strategists Predict Minimal Impact of Upcoming Mt Gox Payouts on Bitcoin Value
A recent report published by market strategists from the investment bank and financial services company UBS says that the upcoming Mt Gox payouts won’t destabilize bitcoin’s value. While a new supply will come to the market, UBS strategists insist that “it would be less concentrated.” UBS Market Strategists Believe Mt Gox Payouts Won’t Destabilize Bitcoin’s […]
Why zero-knowledge KYC won’t work
Blockchain technology — including zero-knowledge proofs — doesn’t yet provide adequate solutions for identity verification.
The emergence of blockchain technology presents an opportunity to reexamine and innovate solutions used in our day-to-day life. Blockchains and, broadly speaking, the digital space fuelled by an artificial intelligence revolution urgently need to establish verifiable human identities to ensure trust, accountability and regulatory compliance.
There are a variety of emerging technologies, both on- and off-chain, that could serve as the basis for a functioning trust framework. One solution, in particular, is often referred to as the holy grail of verifications — zero-knowledge Know Your Customer (zkKYC) verification.
What are zk and KYC?
ZK stands for zero-knowledge, a cryptography term used to create cryptographic proofs without revealing the underlying confidential information. Z-based solutions are pioneering privacy across the web. The blockchain industry fueled the innovation of ZK technologies due to their minimal transaction size and privacy-preserving nature.
Related: Kraken staking ban is another nail in crypto’s coffin — And that’s a good thing
Know Your Customer, or KYC, is a set of processes and procedures businesses use to verify their customers’ identities. It is also used in the financial sector to assess any potential risks for money laundering or terrorism financing. It is a requirement for businesses to diligently understand their customers before establishing a relationship with them.
Why zkKYC proofs will not work for blockchains
Zero-knowledge proofs, when created, are linked to a wallet address through a signature. These proofs are not publicly discoverable by design. Yet when a blockchain address interacts with a public smart contract that requires such a proof, the proof’s existence becomes public, negating the privacy benefits of a zero-knowledge proof. It is due to the design of smart contracts running on public blockchains that create a publicly discoverable list of all interacting wallets.
A wallet with zero-knowledge proof that does not interact with an on-chain service that requires such a proof avoids the public disclosure of the proof. Yet this wallet can only transact with another proof-holding wallet following a precursor interaction or the involvement of an intermediary. The hidden nature of these proofs requires both wallets to reveal their proofs to one another proactively.
Another issue with zero-knowledge credentials that are prone to change status over time (such as a Know Your Customer good standing) arises from the lack of dynamic updates in available ZK solutions. This absence of continuous status validity necessitates that the wallet holding a zero-knowledge proof will be required to produce a new proof for every on-chain interaction where this proof is required.
It is worth noting that emerging blockchain technologies advance zero-knowledge-enabled smart contracts, keeping the interacting wallet address private. However, the issues around the need for dynamic proofs and the inability for verified-to-verified peer-to-peer transactions remain relevant even with these advanced solutions.
Do not store personal information in a proof
Projects considering zero-knowledge proofs often contemplate producing these proofs about encrypted data stored on a public ledger. However, it is ill-advised to store any personal information on a public blockchain.
Related: A Supreme Court case could kill Facebook and other socials — Allowing blockchain to replace them
These eternal ledgers are not designed for personal privacy, and for such use, they are not compliant with privacy regulations such as the General Data Protection Regulation and California Consumer Privacy Act. A few significant issues relate to the fact that even encrypted data is considered personally identifiable information. Any such information must be deleted upon request according to these privacy regulations.
Because storing personal information on a blockchain furthers non-compliance with privacy regulations, it is not an ideal solution for storing any form of (verified) personal information on-chain.
What other solutions do blockchain projects have?
Due to the limitations that each blockchain is limited to information and data available on that given chain, builders in the space must consider other blockchain native mechanisms. Any credential design that provides a form of compliance must avoid privacy violations and ensure that the final infrastructure meets the necessary identity verification and regulatory requirements. Technology advancements far outpace regulatory progress; however, disregarding these rules hinders the technology’s adoption.
In addition, when proofs alone are insufficient, and personal information sharing between the participants of a transaction is essential, relying only on off-chain solutions is advised. One example includes decentralized identifiers and verifiable credentials. Another option is to employ off-chain zero-knowledge proofs, which provide privacy protection and are suitable for off-chain data verification.
Balázs Némethi is the CEO of Veri Labs and a co-founder of kycDAO. He is also the founder of Taqanu, a blockchain-based bank for people without addresses, including refugees. He’s a graduate of the Budapest University of Technology and Economics.
This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.
BMW Partners With Coinweb to Develop Blockchain-Based Vehicle Financing Automation and Loyalty Program in Thailand
BMW, the luxury car manufacturer, has partnered with Coinweb, a decentralized blockchain layer 2-based company, to introduce blockchain-based tools to its operations. The company will develop blockchain-based automation for vehicle financing processes, and also a rewards program for customers of the automotive company adapted to compliance processes in Thailand. BMW to Introduce Blockchain to Its […]
Crypto Exchange Bybit to Add New Restrictions for Unverified Users, Update Withdrawal Limits
Cryptocurrency exchange Bybit has announced upcoming changes to its know-your-customer (KYC) policy that will limit certain operations for unverified customers. The stricter requirements concern coin purchases with fiat money, NFT transactions, and withdrawal limits. Bybit to Limit Services for Traders Who Have Not Passed Identity Verification Crypto exchange Bybit will restrict some services that are […]
Crypto scammers are using black market identities to avoid detection: CertiK
The blockchain security firm has uncovered a new tactic used by crypto scammers as the industry continues to improve its fraud detection capabilities.
Crypto scammers have been accessing a “cheap and easy” black market of individuals willing to put their name and face on fraudulent projects — all for the low price of $8, blockchain security firm CertiK has uncovered.
These individuals, described by CertiK as “Professional KYC actors” would, in some cases, voluntarily become the verified face of a crypto project, gaining trust in the crypto community prior to an “insider hack or exit scam.”
Other uses of these KYC actors include using their identities to open up bank or exchange accounts on behalf of the bad actors.
According to a Nov. 17 blog post, CertiK analysts were able to find over 20 underground marketplaces hosted on Telegram, Discord, mobile apps, and gig websites to recruit KYC actors for as low as $8 for simple “gigs” like passing the KYC requirements “to open a bank or exchange account from a developing country.”
Pricier jobs involve the KYC actor putting their face and name on a fraudulent project. CertiK noted that most actors are seemingly exploited as they are based in developing countries “with an above-average concentration in South-East Asia” and paid around $20 or $30 per role.
Meanwhile, more complex requirements or verification processes could fetch an even higher asking price, particularly if the KYC actors are residents of countries considered a low money laundering risk.
Some roles paid up to $500 a week if an actor was to play the role of CEO for a malicious project but the KYC actor market was “marginal” compared to the market for already KYCed bank and crypto exchange accounts according to CertiK.
Crypto to fiat — or vice-versa — conversions were also cited as a significant percentage of the transactions seen on these marketplaces with CertiK calculating that more than 500,000 members in marketplace sizes ranging from 4,000 to 300,000 were buyers and sellers on these black markets.
Related: Scary stats: $3B stolen in 2022 as of ‘Hacktober,’ doubling 2021
CertiK warned that over 40 websites claiming to vet crypto projects and offer “KYC badges” are “worthless” as the services are “too superficial to detect fraud or simply too amateur to detect insider threats.”
They added the teams behind these websites are “missing the needed “investigation methodology, training, and experience” meaning these badges are then leveraged by scammers to mislead the community and investors.
That being said, the industry has been working hard and is gaining ground in its fight against crypto scammers. A tool released in October by traditional finance giant Mastercard combines artificial intelligence and blockchain data to help find and prevent fraud.
Contrary to popular belief, the open nature of blockchain transactions means it’s harder for fraudsters to hide the movement of funds. Another recent example has been the work of French authorities using on-chain analysis to find and charge five people who stole nonfungible tokens (NFT) through a phishing scam.
Crypto adoption via regulation: Setting rules for centralized exchanges
While some security issues do exist, major internet outages like the one witnessed across the EU recently cannot really threaten cryptocurrencies or their associated networks.
Centralized cryptocurrency exchanges have become the backbone of the nascent crypto ecosystem, making way for retail and institutional traders to trade cryptocurrencies despite a constant fear of government crackdowns and lack of support from policymakers.
These crypto exchanges over the years have managed to put self-regulatory checks and implemented policies in line with the local financial regulations to grow despite the looming uncertainty.
Cryptocurrency regulation continues to occupy mainstream debates and experts’ opinions, but despite public demand and requests from stakeholders of the nascent ecosystem, policymakers continue to overlook the rapidly growing sector that reached a market capitalization of $3 trillion at the peak of the bull run in 2021.
Over the past five years, many local and national governments have shown interest in regulating the crypto market but often got perplexed by the vast ecosystem and complexities involved in regulating certain decentralized aspects of the market. As a result, most of the governments that have issued some guidelines or rules related to crypto have done so based on the existing financial regulations, but the evolving market has proven too fast-paced.
Some countries have moved to recognize crypto trading as a legal activity, while others have approved Bitcoin (BTC)-based exchange-traded funds. Many countries have also made way for crypto platforms to operate with a license, but the strict requirements often deter certain small platforms to stay away. As a result, there is no universal blueprint for regulators to adhere to, and experts believe leading centralized crypto exchanges can change that.
In traditional markets, it is perfectly normal for regulators to work closely with industry participants, including exchanges, to ensure that regulations and guidance work well and keep pace with fast-changing technological advances. However, the same can’t be said for the crypto market, as regulators have maintained a safe distance from the nascent industry.
Oliver Linch, CEO of global crypto exchange Bittrex Global, said that the regulators must interact with service providers of the crypto ecosystem to get a better grasp of the industry. He cited the example of Bermuda and Liechtenstein, where the crypto exchange has been working with local lawmakers to make way for positive regulations.
He noted that even though decentralized exchanges continue to remain the flag bearer of crypto’s decentralized ethos, which are thus more complex to regulate, centralized exchanges will be key to major adoption:
“Centralized exchanges have perhaps the most important role to play here. While decentralized exchanges tend to be the ‘poster boys’ for the industry’s cutting edge, they are naturally hesitant to get involved in regulatory matters. In any event, the majority of activity, especially for ordinary retail users (who are front of mind for regulators) happens on centralized exchanges.”
He added that regulating the entire crypto market will follow, but the approach of “Liechtenstein, Bermuda and now the European Union, of regulating service providers, including centralized exchanges, is a good starting place. By properly regulating centralized exchanges, regulators and legislators create a legitimate path for users — from individuals to giant corporates — to get involved in crypto in a safe and regulated manner.”
A Binance spokesperson told Cointelegraph that being a centralized exchange, it needs a centralized entity to work well with regulators.
“Binance believes it has a fundamental responsibility to work with regulators and believes that a well-regulated crypto market provides greater protection for everyday users. We strongly believe that a stable regulatory environment can support innovation and is essential to establishing trust in the industry that will lead to long-term growth,” the spokesperson added.
Centralized exchanges prove to be regulators’ allies
In major economies and developed countries, regulators have not been very keen on involving industry players, but those nations that see the future in the nascent tech have actively partnered and on-boarded leading centralized crypto exchanges to not only help them build the infrastructure but also assist them with formulating right policies for the crypto market.
Binance recently signed a memorandum of understanding with Kazakhstan to help fight financial crimes. The program further aims to identify and block digital assets obtained illegally and used to launder criminal proceeds and finance terrorism. Similarly, Busan onboarded Huobi to develop blockchain infrastructure in the region.
Many countries already regulate centralized exchanges, but there is still a lot of uncertainty about what regimes apply and how they will be enforced. For example, United States-based exchanges operate under licenses from the Financial Crimes Enforcement Network but have been alleged to list tokens and offer financial products (like derivatives, staking and interest-bearing deposits) that fall under the purview of the Securities and Exchange Commission or the Commodity Futures Trading Commission.
The Lummis–Gillibrand bill is considered one of the most comprehensive pieces of legislation proposed on crypto in the United States. South Africa recently classified crypto as a financial product and will be regulating it accordingly. South Korea implemented strict regulations last year that require exchanges to track all transfers to and from their platform, including identifying the owners of wallets. As a result, exchanges there restricted transfers to and from unverified private wallets.
Thus, it is evident from existing regulations that centralized exchanges have become the main point of interaction for not just traders but regulators as well.
Mohammed AlKaff AlHashmi, co-founder of Islamic Coin, told Cointelegraph that regulating centralized exchanges will help in regulating the broader crypto market, explaining:
“Firstly, it’s Know Your Customer and Anti-Money Laundering. I see that most of the exchanges will outsource it to very famous and authentic KYC/AML entities, as it will bring more reliability and trust rather than doing these procedures by exchanges themselves. Secondly, taxation is an important theme when we talk about regulation. Many countries will regulate crypto if they can do the taxation, and I suggest that exchanges will develop the taxation on the crypto transactions and be the one who collects this data and hand it over to the government.”
Habeeb Syed, senior associate attorney at Vicente Sederberg and co-organizer of the Blockchain Technology, Law and Policy Meetup, told Cointelegraph, “Crypto exchanges often determine the winners and losers of the crypto world, as listed on one is an almost surefire way to raise your token price and provide early investors an opportunity for liquidity. Well-thought-out regulation of centralized exchanges could also ripple out into the broader ecosystem.”
He added that regulating crypto exchanges would force legitimate projects to know they can’t engage in certain acts “if they ever want to list a token on say Binance, FTX or Coinbase, which would be a powerful motivating force. With regulated options for trading, staking and lending, actors could choose to forego riskier and unregulated DeFi ecosystems.”
Regulators must proceed with caution
Crypto exchanges play a central role in the vast crypto ecosystem, as they have numerous services and facilities with many trying to become an all-in-one platform. Some experts are of the opinion that, while regulating centralized exchanges can certainly be the first step toward broader crypto market regulations, that is not enough to ensure smooth operations for the whole industry.
Aleksandra Shelepova, head of legal at crypto-backed loan service provider CoinLoan, told Cointelegraph:
“When it comes to imposing regulations to any new and evolving market, everything should be done step-by-step. Moreover, the regulators should have a proper understanding of how this market operates in detail, technological aspects included. Regulation should come from the middle-bottom, meaning the contribution of the market’s participants’ know-how is crucial.”
She added that regulating just the exchanges is not enough since there are many popular and widely used crypto products, including crypto loans, deposits, etc. that must be regulated as well. Expanding regulation to all aspects of the crypto environment ensures a unified understanding of the products themselves.
While monitoring centralized exchanges can definitely pave the way for a better understanding of the crypto market, regulators should refrain from a “one size fits all” formula.
Nicole Valentine, fintech director at Milken Institute, told Cointelegraph that regulators should be more focused on decentralized platforms:
“Just like there is variation in the digital assets themselves, there is variation in the types of exchanges that enable buyers and sellers to trade those digital assets. Although regulating centralized exchanges can be seen as helpful, there are nuances in decentralized exchanges that should be considered, including the use of digital wallets and smart contracts.”
Centralized exchanges are a key part of the cryptocurrency ecosystem; they are where most new crypto users go to buy their first coins. Many leading centralized exchanges already have strict onboarding and identification procedures in place and would welcome more clarity from regulators on questions such as whether or not digital assets are securities.
Increased regulation for centralized exchanges is a double-edged sword where, on one hand, it would lead to more new interactions and greater adoption, but on the other hand, increased regulation may drive the more experienced crypto users toward decentralized exchanges, something that experts believe regulators would have a hard time dealing with.
Vitalik Buterin ‘kinda happy’ with ETF delays, backs maturity over attention
Sharing his opinion around crypto regulations, Buterin spoke against the regulations that have an impact on the inner workings of a crypto ecosystem.
The co-founder of Ethereum (ETH), Vitalik Buterin, believes that the crypto ecosystem needs to mature and be in tune with the regulatory policies that allow crypto projects to operate internally freely.
Sharing his opinion around crypto regulations, Buterin spoke against the regulations that have an impact on the inner workings of a crypto ecosystem.
Considering the current circumstances, he believed it was better to have regulations that allow inner independence to crypto projects, even if it hampers mainstream adoption. Buterin opined:
“I'm actually kinda happy a lot of the exchange-traded funds (ETFs) are getting delayed. The ecosystem needs time to mature before we get even more attention.”
The use of know-your-customer (KYC) on decentralized finance (DeFi) frontends was another concern pointed out by Buterin. However, he highlighted the need for KYC on crypto exchanges, which has seen wide-scale implementations. According to the entrepreneur:
“It (KYC on DeFi frontends) would annoy users but do nothing against hackers. Hackers write custom code to interact with contracts already.”
In this regard, Buterin made three recommendations, as shown below.
On an end note, Buterin recommended using zero-knowledge proofs to meet regulatory requirements while preserving users' privacy, stating that “I would love to see rules written in such a way that requirements can be satisfied by zero knowledge proofs as much as possible.”
Related: The Merge brings down Ethereum’s network power consumption by over 99.9%
Google recently added a search feature that allows users to view ETH wallet balances by searching their addresses.
Acknowledging the recent Ethereum Merge upgrade, Google embedded a countdown ticker dedicated to Ethereum’s transition from proof-of-work (PoW) to proof-of-stake (PoS) consensus mechanism.
Equifax—known for huge data breach—is building a Web3 KYC solution
Equifax, which suffered a huge data breach in 2017, has partnered with privacy-centric blockchain company Oasis Labs for a decentralized ID offering for Web3 companies.
Credit reporting company Equifax, known for suffering from one of the largest customer data breaches to date, has partnered with blockchain company Oasis Labs to build a Know Your Customer (KYC) solution.
Equifax and Oasis said on Oct. 26 that the latter would be building a decentralized identity management and KYC solution for the industry on Oasis’ platform which will leverage Application Programming Interfaces (APIs) from Equifax to help with checks and user identification.
The announcement made no mention of the exact technology which will underpin this offering and Cointelegraph’s request for comment was not immediately responded to by either company.
Both firms believe there hasn’t been a KYC solution tailored to Web3 with “strong privacy protection” and their proposed offering is set to address this gap by issuing anonymized KYC credentials to individuals’ wallets.
This credential will be continuously updated according to the announcement and Oasis pledges its “privacy-preserving capabilities” will ensure data is processed in confidence whilst maintaining a trail on the company's blockchain.
Web3 firms offering similar solutions based around decentralized identity are Dock and Quadrata with each offering a product built around decentralized identity.
The partnership could have some Web3 natives concerned considering the significant data breach Equifax suffered in 2017. Around 163 million worldwide private records were compromised with 148 million being U.S. citizens making it the 13th largest data breach in U.S. history according to cybersecurity company UpGuard.
Related: Zero-knowledge KYC could solve the privacy vs compliance conundrum — VC partner
Attackers targeted a third-party web portal with a known vulnerability that was patched but Equifax had failed to update to the latest version, the hackers gained access to the firms' servers for around two and a half months all the while siphoning millions of records containing sensitive information.
It was reported that Equifax spent $1.4 billion on legal fees and strengthening its security posture following the incident. The U.S. Federal Trade Commission and Consumer Financial Protection Bureau issued a $700 million fine in July 2019 which the firm settled.
Institutional crypto adoption requires robust analytics for money laundering
Large financial institutions are getting involved in digital assets by investing capital, time and effort into on-chain analytics solutions.
Institutions have begun to take crypto seriously and have entered the space in numerous ways. As noted in a previous analysis, this has resulted in banks and fintechs looking at custody products and services for their clients.
However, as custodians of clients’ assets, banks must also ensure they are clean assets and stay compliant.
This is where on-chain analytics solutions have a huge role to play in understanding patterns in transactions to identify money laundering and other spurious activities within the cryptocurrency and digital assets space. According to a report by Chainalysis, over $14 billion of illicit transactions took place in 2021.
Therefore, it is critical to build the foundational infrastructure around Anti-Money Laundering (AML) to support the growing institutional appetite for digital assets. Before getting into various types of money laundering patterns that exist in crypto, let us understand what an on-chain analytics solution is.
What are on-chain analytics?
All transactions on public blockchains are visible to anyone. Analytics tools query these blockchains to help us understand trends in transactions. Platforms like Glassnode, Nansen and Dune analytics offer ways for retail audiences to see the flow of money in the ecosystem.
Using on-chain analytics, it is possible to see the net flow of Bitcoin (BTC) into crypto exchanges from private wallets. This typically happens when someone chooses to sell their Bitcoin on an exchange. The net outflow of BTC from exchanges, on the other hand, represents someone wanting to hold on to their Bitcoin. Both actions have implications on the price of the asset.
However, at an institutional level, on-chain analytics can help with identifying spurious transactions. Firms like Chainalysis, Elliptic and Coinmetric are critical for banks to build digital assets capabilities that are foundational as this asset class grows in significance.
Recent: ‘The social benefits are huge’: Web3 gaming to shift digital ownership
Banks already have mechanisms in place to check for money laundering and terrorist financing activities. Therefore, any digital assets-related AML solution must ensure alignment with a bank’s existing AML controls.
What are money laundering patterns?
There are patterns that banks must keep an eye on to spot money laundering and other illicit activities. Referred to as “typologies” in traditional AML frameworks, not all of them are unique to the digital assets industry. However, on-chain analytics solutions can proactively track them.
Layering
Layering involves converting one crypto into another or moving assets from one chain to another. It makes AML efforts incredibly harder if there are multiple small-sized transactions that are generally beyond the monitoring radars.
Layering can also involve blending crypto assets across different exchanges and sources, making it harder to trace back to the original source of the assets.
Money mules
A money mule is someone who receives crypto assets from a third party and sends it over to another party. Alternatively, they could withdraw assets as fiat cash and hand it over to someone else and receive a commission for this.
Money mules are typically used when criminal syndicates want to be anonymous yet keep their money flowing through the system.
Dusting
Dusting involves creating many small transactions across several wallets that trigger AML monitoring systems. These small transactions would clog the pipeline of AML support teams whose workload increases and make them overlook the illicit transaction that really needed their attention.
Wallet laundering
Wallets used by crypto users make it hard to trace owners. As a result, a money launderer could just hand over the custody (private keys) of their wallet with assets in it to another party. In turn, they would receive payment in crypto on another wallet, thereby making the two transactions seem completely unrelated.
Darknet transactions and mixers
The darknet is an overlay network on the internet that is accessible through special software and configurations. It has earned a reputation for hosting anonymous illicit activities like drugs and arms sales.
Many platforms have flagged crypto addresses from darknet users and marketplaces and do accept assets that are sent therefrom.
However, some illicit actors have taken to crypto mixing services like Tornado Cash to hide the providence of their crypto.
Tornado Cash scrambles crypto transactions in an attempt to anonymize assets that have entered the platform, hiding their point of origin. It has become so associated with perceived criminality that the United States Treasury’s Office of Foreign Assets Control sanctioned the platform in August, and many trading platforms will not touch coins that came from a mixing service.
How are banks addressing this issue?
The money laundering methods described above are not exhaustive. A recent report from Elliptic covers over 41 typologies (patterns) observed within the digital assets space.
So, given the myriad ways that illicit actors attempt to use digital assets for money laundering, how can banks react?
Robust Know Your Customer (KYC) standards are a good starting point when onboarding digital assets customers. However, proactive screening and transaction monitoring should be in place through on-chain analytics solutions.
These solutions can automate AML and sanction checks, identify address clusters associated with illicit activities, map the flow of digital assets across addresses to perform forensic analysis and monitor how assets are moved through activities related to dark-web markets, smart contract frauds, oracle hacks, cross-chain bridge hacks and more.
Furthermore, banks and fintech firms have ramped up their digital assets AML capabilities through partnerships with on-chain analytics firms, as the below graphic shows.
Even though Barclays began its journey with Chainalysis in 2015, this space really has taken off only in the last 18 months. Be it investments or partnerships, it is highly critical that before offering custody services, banks must put AML controls in place to ensure they are handling clean assets.
Recent: Apples and oranges? How the Ethereum Merge could affect Bitcoin
More institutional capital has flown into the digital assets space in the last two years. At the same time, more innovative models have emerged in cross-chain bridges, decentralized finance, nonfungible tokens and transaction mixers.
In order to protect assets while innovating at breakneck speed, AML and transaction monitoring controls must be in place. That is essential to keep attracting more institutional capital into digital assets.