This website uses cookies.
By clicking “Accept”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts. View our Privacy Policy for more information, or adjust your preferences.
← Back to news

All Roads Lead to Compliance  — Digital Dives Vol. 58

Last week, Vitalik Buterin and other deep thinkers, published an interesting paper called “Blockchain Privacy and Regulatory Compliance: Towards a Practical Equilibrium” in an attempt to address the right to privacy while operating in an open and permissionless environment. The research generated a buzz in the crypto space seeing as the developers of a controversial privacy protocol, Tornado Cash, had recently been indicted on charges of conspiracy to commit money laundering and other crimes. We won’t get into this latter topic, but the idea of compliance and public blockchains is something we think about a lot at Aquanow.

The digital asset ecosystem has long grappled with the dual challenge of ensuring transactional privacy while addressing regulatory concerns. Under the proposed Privacy Pools, “users can demonstrate that their funds have no ties to deposits from known illicit sources, or prove that the funds are part of a specific set of deposits, without revealing any further information.” It’s effectively a smart contract protocol that enables users to verify the legality of their funds through zero-knowledge proofs without disclosing their full transaction history.

Source: Messari

This seems like a promising solution, especially considering increased collaboration between the crypto economy and incumbent institutions. However, the suggested remedy is overly complicated to maximize decentralization, is plagued by capital inefficiency, and doesn’t do enough in the way of disclosure. Believe it or not, Tornado Cash had a compliance feature which allowed users to provide cryptographically verified proof of their transactional history. The module was used seldomly because it required an intermediary and created information asymmetries. Ensuring adherence to the rules without compromising the decentralization ethos becomes challenging. Because funds deposited to a pool might only be identified as unlawful after the fact, the authors propose a buffer period (say, seven days) whereby funds are locked until they can be deemed legitimate through community initiatives or blockchain screening service providers. For many, specifically institutions, such a delay would be impractical. Finally, while the paper leaves the discussion open for design modifications, the base case does not include sufficient Know Your Customer (KYC) and Anti-Money Laundering (AML) considerations; requirements that stand as fundamental pillars in the world of finance.

When law enforcement agencies look to uncover instances of money laundering or terrorist financing, they typically build their cases by studying transaction patterns over longer periods of time. One of the reasons often touted for why governments should embrace digital asset technology is the increased transparency of activity. Shrouding transactions might obscure some important elements of asset flow, but unusual patterns and ultimate beneficiaries could still be seen. In the end, on/off ramps and other regulated entities will provide essential check points, but authorities would likely become comfortable with blockchains underpinning the world’s financial infrastructure if they could, under certain circumstances, reveal the identities of questionable figures within the transactional sequence.


Since it’s the largest developed economy to introduce comprehensive crypto legislation, let’s consider Europe’s Markets in Crypto-Assets (MiCA) and the associated Transfer of Funds Regulation (TFR), which (while still being fully hashed out) will require service providers to collect and share information about their customers. In the digital asset community, this has been interpreted by some as an imposition, while others view it as necessary for the mainstream adoption of crypto. I happen to be in the latter camp. If you disagree, then check out this conversation with Tyrone Lobban, Head of Onyx Digital Assets at J.P. Morgan, then let’s chat. The implications of the TFR are such that even self-custodial wallet interactions with regulated entities (like exchanges) will necessitate some form of KYC compliance. If this disclosure will become prevalent across the digital asset ecosystem, why not work it directly into the underlying infrastructure?

As digital assets come under increased regulatory scrutiny, a term I think you’ll start to hear a lot more is, "Compliant DeFi." This idea involves integrating decentralized protocols with prevailing legal frameworks, which is a necessary condition for many institutions and thus a requirement for broad-based crypto adoption. One of Aquanow’s venture portfolio companies, Hinkal, incorporates sources of off-chain KYC verification as part of their privacy solution. Combining internal controls and zk-proofs, they ensure their verification partners are robust, and the security of personal data is maintained. This approach is more consistent with the current regulatory environment, emphasizing both privacy and compliance. By allowing obfuscated addresses, transfers, and withdrawals, Hinkal offers users anonymity reminiscent of Privacy Pools. However, it also integrates KYC to ensure regulatory adherence. By relying on third party verification, the protocol introduces an intermediary, but also circumvents the capital inefficiency of a cool down period, allowing users to enjoy private trading and staking on major dApps. These features are particularly relevant for institutions.

Source: Hinkal check them out on Twitter

In conclusion, while Privacy Pools present a promising step forward in the realm of compliant confidentiality on public blockchains, several considerations and challenges must be addressed. Ensuring lawfulness without compromising decentralization is an encumbrance and while KYC/AML regulations can be awkward, they’re essential. As the digital asset ecosystem moves forward, striking the right balance between user privacy, capital efficiency, and regulatory compliance will remain a nuanced challenge. The crypto industry, with its characteristic agility, is well poised to navigate the tightrope between regulation and innovation. In fact, some teams already are.

At Aquanow, we help institutions unlock the potential of digital assets, so if you or anyone you know is considering this functionality, then please get in touch. We’d be glad to leverage our expertise to help you outperform.

If you want to contribute to the web3 movement, Aquanow is on the look for curious and motivated folks to join our team. Feel free to reach out directly or check out the current openings here.

Ready to collaborate?