The Balancing Act — To KYC or Stay Anon?

Onomy Protocol
Onomy Protocol
Published in
5 min readJan 9, 2024

--

KYC — also known as pl0x doxx — is now the norm on most crypto exchanges. Years ago, back when Web3 was more akin to a wild west of finance, KYC was only enforced on accounts trading significant volume, and later, on those that wanted to access fiat getaways, either for deposits or withdrawals. But you can’t just go moving that much money around and expect people not to notice.

In time, as regulators stepped in, things changed. Nowadays, simple crypto-to-crypto trades require users to undergo identity verifications on most centralized exchanges. Many crypto folk, of course, don’t like this. And not because we’re criminals. But because, long ago, a concept known as the ‘banking secret’ meant something. But as crypto evolves into an asset class of its own and institutions onboard, we have to play ball — for the most part.

Crypto is no longer an underground movement. It has stepped into the light — but it does not have to be blinding.

KYC on Centralized Exchanges

90% of CEXs that are deemed trustworthy by the market now enforce KYC for any and all transactions. Their hands are forced by the jurisdictions they operate in. Users were told in due time that ‘Enhancements’ would be made to the onboarding process, with incentives being given to those willing to submit identity and source of funds documents. These include (to this day), fee rebates, stablecoin prizes, access to trading competitions, and more.

The process for level-1 KYC is fairly similar on most CEXs — you sign up, submit a photo of your ID or passport, take a photo of yourself with your phone’s camera, then wait. Sometimes it takes a few minutes, sometimes it takes a few days. Most KYC processes are automated unless the system catches red flags — if so, you’re going to have to wait.

If you want more features, you gotta dive deeper. L2 and L3 KYC generally unlocks higher deposit/withdrawal limits, as well as access to more complex services like CEX-issued debit cards that you can use to pay with your balance directly. For L2, you’ll usually need to submit proof of address — generally in the form of a utility bill or bank statement, with an address that matches the one from your identity document. In more ways than one, CEXs using crypto are morphing into an auxiliary banking industry, especially for higher profile customers. It’s this, in part, which is making the TradFi system so twitchy.

For L3, you’ll need to state your source of funds and even send documents to prove accuracy. Pay slips, company accounting, dividend withdrawal proof, home sale notarized docs, and more.

But wait — I submitted it all and still got denied!

It happens — many exchanges are known for lackluster customer support, automated systems imposing limits on your account, and most importantly, limited access to certain jurisdictions, nationalities, and individuals. Most CEXs will explain who’s welcome to trade and who’s not. If you’re based in the States for instance, you’ll find that most off-shore CEXs won’t serve you.

Are There Risks to KYC?

In a perfect world, data would be encrypted with only specific employees having access. However, we don’t live in a perfect world. Stuff breaks, people make mistakes, and corporate ‘oopsies’ happen.

One of the primary risks associated with KYC in crypto exchanges is the potential for rogue employees to access sensitive customer data. Since KYC processes require customers to submit personal information such as identity documents, addresses, and financial information, employees with access to this data could potentially misuse it for identity theft, fraud, or selling the information to third parties. But this isn’t any different to KYCing for a bank or a traditional stock exchange.

Exchanges, like any online platforms, are susceptible to cyber-attacks and data breaches. When an exchange that has implemented KYC is compromised, the risk is not just financial; personal information of users is also at stake.

Governments could also request or compel exchanges to hand over user data for various reasons, ranging from legitimate investigations of criminal activities to more contentious issues like surveillance and privacy invasion. This aspect can be particularly concerning in jurisdictions with less respect for individual privacy rights or where the legal system is prone to abuse.

KYC procedures often lead to the centralization of sensitive personal data, which is contrary to the decentralized ethos of the cryptocurrency world. This centralization creates a single point of failure, making it an attractive target.

Not to say that there aren’t exchanges which take customer data seriously — there are, and Onomy is listed on many of them. However, it remains a variable risk that must be taken into account.

Are DEXs Safe from KYC?

Technically yes. DEXs are fully decentralized smart contracts deployed on the blockchain. There are no accounts — your Web3 wallet address is your account. However, it’s often been reported that specific DEXs are preparing to introduce KYC, mainly in the form of address whitelisting. Your crypto private keys, if adoption continues, will soon be as useful as your name. Other rumors point towards front-ends, which remain largely centralized, no longer serving non-KYCed users.

That leaves us with fiat gateways — is there a way to circumvent KYCing in crypto? In most, if not all, cases of trading on a CEX, no. However, peer-to-peer transfer options exist, and they’re seeing increased volumes as of late. With P2P, you’re not transacting with a centralized entity, but rather with another individual, with an entity still overseeing the transactions and providing escrow for safety purposes. This means that you’re able to send crypto and get fiat back via bank transfer, CashApp, Revolut, or even cash. Of course, inherent risks exist here — nobody wants to get wrench attacked, so caution is always advised. Similarly, many crypto ATMs don’t enforce mandatory KYC in most jurisdictions for lower amounts, but the fees are generally outrageous.

In short, if you want to transact with crypto efficiently on a CEX and on a large scale, they need to know who you are. Being doxxed is painful and, for the crypto dream to recapture its true potential, a non-identifying KYC procedure will eventually need to be constructed, perhaps using zero-knowledge proofs. Digital, yet non-doxxing identity solutions are en route, and as long as regulators are onboard, they’ll change the way we transact, invest, and interact.

For now, your name is your reputation. Use it wisely.

--

--

Onomy Protocol
Onomy Protocol

Offering the infrastructure necessary to converge traditional finance with decentralized finance.