ckBTC and KYT Compliance

TLDR;

• Building off native Bitcoin integration, ckBTC has the potential to greatly expand Bitcoin’s functionality by allowing fast and cheap BTC transactions on the Internet Computer.
• The reality: Centralized entities classify bitcoin transactions and will reject, so called, “tainted” bitcoin.
• Without modification of the ckBTC system there is a risk of ckBTC users receiving bitcoin classified as “tainted”. A risk which we must address.
• The goal: maintain the fungibility of bitcoin and the user’s ability to redeem ckBTC to BTC 1:1 and sell on CEXs without issues.
• Possible solution: Incorporate KYT (Know Your Transaction) services into ckBTC in a decentralized manner.

Intro

With the launch of ckBTC, the Internet Computer provides a fast, inexpensive and decentralized way of transacting bitcoin in canister smart contracts. However, enabling bitcoin and other cryptocurrencies to transact directly on the Internet Computer comes with risks as some crypto transactions are considered illicit by authorities. These risks must be taken seriously.

The most obvious example of problematic transactions are those with ‘tainted’ bitcoin, which is bitcoin associated with illicit activity. Multiple chains and bitcoin users have been affected by tainted bitcoin. While the value of transactions involving illicit addresses represent a relatively small portion of the total (0.15% in 2021), it may increase as the industry moves towards more interoperability, and as authorities increase monitoring and regulating activities. The crypto community may see bitcoin as a fully fungible token, however, this is unfortunately not the case in practice – not all UTXOs are created equal.

ckBTC is meant to provide a fully decentralized way of transacting bitcoin quickly and cheaply using the Internet Computer. However, ckBTC is not invincible from ‘tainted’ UTXOs. Although ‘tainted’ bitcoin is very rare, such bitcoin in transit on the Internet Computer would have unfavorable consequences for the ICP community. For instance, ‘untainted’ bitcoin transacted with ckBTC can get mixed with ‘tainted’ bitcoin, and thus get rejected by central exchanges and other parties.

As a community we need to protect honest users wishing to benefit from quick and inexpensive bitcoin transactions on the Internet Computer. Hence, we are asking the community for support in the endeavor to seek fully decentralized solutions for this problem.

Central exchanges do KYT on all transactions

When you receive bitcoin from a ckBTC transaction, send it back to the bitcoin network, and then to a central exchange (CEX) to sell it for fiat, the CEX may likely flag this bitcoin due to its AML and KYT rules. Consequently, CEXs could reject or even quarantine the bitcoin you own as it has become associated (without your knowledge and beyond your control) with an address linked to criminal activity.

For instance, Coinbase’s User Agreement - Section 5.8 states the following:

“We may also refuse to process or cancel any pending Digital Currency Transaction as required by law, regulation or any court or other authority to which Coinbase is subject in any jurisdiction, for instance, if there is suspicion of money laundering, terrorist financing, fraud, or any other financial crime.”

Similar statements are made in Binance’s User Agreement - Section 2d: User Authorisations

“(d) freeze (or instruct Xfers to freeze) further credit or debit to or from the Linked Wallet due to your breaches of the User Agreement or breach of applicable law or if there is a suspicion of money laundering/terrorism financing or if there are breaches of anti-money laundering/countering the financing of terrorism policies and procedures;”

It must also be noted that regulation around crypto is uncertain, but the trend is clearly moving towards stricter regulations and more controls. The US in particular, is cracking down more and more on the industry, aggressively levying fines and other penalties against crypto lending firms.

Possible Solutions

1. Do Nothing

The most obvious and perhaps most decentralized solution would be to not react at all. Similar to the way bitcoin UTXOs are transparent and traceable, all ckBTC transactions are recorded and thus, illicit activities can be followed by authorities should criminal acts be reported. Unfortunately, ckBTC transactions cannot be reflected back to the Bitcoin network. Essentially ‘tainted’ bitcoin mixed with ‘untainted’ can cause all bitcoin transacted with ckBTC to become tainted and thus, any user of ckBTC might be unable to redeem Bitcoin received with ckBTC. Therefore, doing nothing would mean to expose honest users to the risk of their bitcoin getting blocked or quarantined by a centralized exchange.

Without intervention there is a risk that ckBTC canisters become seen functioning like a mixer with uncertain consequences. This has happened, for instance, to Tornado cash: it is blacklisted by the US Department of the Treasury, making it illegal for US citizens, residents, and companies to use.

As regulation continues to evolve around the crypto industry, doing nothing may put ckBTC canisters in the same category as Tornado Cash in the eyes of authorities in many countries.

2. Decentralized KYT

Know Your Transaction (KYT) is a process of evaluating transactions w.r.t. fraudulent or suspicious activity such as money laundering or illegally obtained funds. In particular, KYT providers expose APIs that can be used to identify ‘tainted’ UTXOs. Thus, using HTTPS outcalls to call KYT service APIs, the Internet Computer could implement a decentralized process to ensure ckBTC does not transact ‘tainted’ bitcoin. As many KYT service providers do accept crypto as payment, the whole process can be decentralized, i.e., the Internet Computer or the ckBTC canister could reimburse KYT providers in a decentralized way and recover costs via transaction fees. In other words, this whole process would be controlled by the NNS DAO, and therefore fully decentralized.

Way Forward

These are just a few ideas of how the problem of ‘tainted’ bitcoin on the Internet Computer could be tackled. The DFINITY Foundation is fully committed to solving this problem in a decentralized manner to ensure that ckBTC becomes a decentralized service for transacting bitcoin in an inexpensive and fast way without exposing end users to financial risks. As KYT is a very involved process that goes far beyond checking blocklists (unfortunately, simply checking blocklists is by far not sufficient), all options must be explored in detail.

We invite the ICP Community to ponder the situation and get involved in the discussion.

I would like to say that Saorsa Labs are looking at these kind of issues. There are aspects of our ideas/ plan which are business sensitive - but I’d like to give you the heads up that we are here and we are very interested in this topic

Also consider where the utxo gets added after it has already been added to ckBTC. Maybe you just kick it to the back of the pay out pool, but you’d basically be freezing a portion of the ckBTC balance. I have mint checked the code, do utxos get combined by ckBTC or do they hangout in some kind of fifo/lifo queue. If the latter you could sort them by tag and have a tagging mechanism. If there were ever a run on the bank you could ask a use if they want those utxos or not.

You can not stop illicit activities, just as you can’t stop flowing water due to gravity. Water will finds its course, and illegal activities will find way to circumvent around laws and policies.

In our societies, be it in US, Mexico, Italy, UK, Africa as a whole, Russia, Ukraine and many more…though there are laws put in place to prevent the so called criminals from participating financially, they find a way around it. They still have cartels, mafias and gangs running from countries to local counties. Let’s be honest here, that’s the state of contemporary society that we live in. And if you think otherwise you need to open your eyes to how society is organized.

So here in the IC you can’t prevent them but you can make sure they don’t pollute or contaminate the IC by designing and implementing safe gauges to prevent them from doing transactions twice. Or those accounts that have been already flagged can’t do business on the IC due to an error in finalizing the transaction; which can be the last step in the protocol for a transaction to be successfully complete.

Say an account was reported as being illicit or illegal… then the question becomes how do you prevent the same transaction from being conducted again in the desired jurisdiction. I believe that’s the best that can happen and should be the focus of censorship of these so called illicit accounts as it would meaningfully prevent illicit transactions and create a safe environment.

Focusing on being the law enforcer is a RED QUEENS RACE; you go so much just to find yourself in the same place. What can happen is a putting policy in place on how to prevent the same actions from happening again OR twice. Again repeating my point, the best to do is prevent them from doing that action twice. Or if it’s a flagged account already stop the transaction before it’s finalized. That’s where the focus need be. How to identify those account and prevent them from doing business on the IC should be the focus of priority that needs to be considered.

Let’s do nothing until it becomes a problem.

It’s the latter. Once a UTXO has been processed and the corresponding amount of ckBTC has been minted, the UTXO becomes available for retrieval requests.

In that case, we would have more ckBTC in circulation than retrievable BTC in the ckBTC minter, which must never happen.
The ckBTC minter must be able to serve any valid retrieval request eventually.

There is no way to do that if one of your utxos gets tainted after the deposit. If the depositor has withdrawn already you are stuck with a tainted utxo that can never be withdrawn without affecting an unknowning user.

One option might be to use fees to make up for any quarantined utxos, but you still have risk while you wait for catch up.

It sounds like we need to do KYT.

Or don’t do anything. Or better yet let developers build wrapped assets and they and users can assume the risk or not.
Remove the NNS from having to make any decision on KYT or KYC. Coolpineapple makes a very strong case why we shouldn’t. See thread: https://twitter.com/CoolPineapple18/status/1630932913352065025?t=NV_tOOKgVxQ2aoIi3E1GKw&s=19

this is a bad idea. CKBTC will be a Russian roulette . 0.01% chance the money doesn’t work.

ckBTC should only be seen as a mixer if the transaction history is not transparent. If the transaction history is publicly viewable, i.e. if minting/buring and ICRC-1 transfers are viewable and public then AML and KYC operators can always view this log if need be to trace BTC. Tornado Cash is fundamentally different because it is not a transparent service.

I think the solution is to not KYT (every service provider and exchange will have different requirements, and it just will make the chain look centralised), the solution is to make sure that the ckBTC is not acting as a mixer, which it isn’t if the transactions are transparent on the IC.

So why not implement a service on the IC to track Bitcoin transfers as ICRC-1 tokens and open source this to others. Then any service provider will be able to use the endpoint to determine if Bitcoin withdrawn from the minter originated from dirty bitcoins that came into the system. However, no gatekeeping would be necessary.

I agree. I think this KYT thing is a horrible idea and will definitely make the IC look very centralized which many people already think it is, and whether the perception is true or not is irrelevant. Both #BTC and ckBTC ledger are transparent so exchanges can use their chain analysis tools to track this stuff as you stated. No need to put the NNS in control of another thing.

The Bitcoin integration and ckBTC is already controlled by the NNS, so it’s the NNS DAO and NNS that could be held responsible if there is a regulatory crackdown.

I think it’s prudent to get ahead of this and put in place a KYT system, where the system itself is owned by a DAO and transparent to both regulators and ckBTC users.

I’d be in favor of this KYT software system to be decoupled from the protocol itself and to go through an SNS, allowing ckBTC users, dapps, and exchanges the opportunity to invest and have a say in the software and process by which “tainted” UTXOs are defined/identified.

This would be ideal. I do think ckBTC is fundamentally different to a centralized bridge that creates wrapped tokens. Provided authorities can properly trace tokens across chains I don’t see why authorities would treat the integration as a mixer when it is not. If you can clarify this point @Jan it would be helpful in thinking through the problem.

All that said, the thought of a DAO (the NNS) paying for a centralized service like Chainalysis KYT is kinda trippy and futuristic. Maybe that’s the future

Can someone provide an overview over how all the other Defi products on all other chains do it? Most of them must have the same problem. Whether you use an AMM, DEX, decentralized marketplace, provide liquidity, etc. it can always happen that you (or everyone) gets tainted coins out.

I would no nothing.

• Are we here to do politics ? If the world is splitted in 2 and each parts would like to give a stain to others transaction would that be helpful ? I am not sure.

• If someone steal a btc and it become stained and cant use it anymore, does that really help the person that got it stolen ?

• BTC works well and they dont do anything right ?

• We could still decide to implement it later, why such a hurry ?

Just my opinion.

Very interesting topic! In my view, staying as decentralized as possible must be key. However, I would closely monitor future regulatory developments in the industry so as to act accordingly and not risk being blacklisted and thus jeopardizing the long-term adoption of the project.

Max, while I agree with your point in theory, I think it may fail in practice. Getting every exchange and governing authority to understand that a “utxo changes into a transaction chain and when it gets back to a utxo it is actuall different owners” is going to be one hell of a practical challenge.

I don’t even think that icrc-1 has a hash that chains through it which we might get them to understand.(why didn’t we put that in the standard?)

If ICP becomes a monster and THE web 3 scaling layer, then maybe…but from my view here at ETHDenver “optimism is the new punk” so we still have a hell of a mountain to climb.

Agree on the hash thing with ICRC-1 and am also advocating for lookup by hash.

This is completely unnecessary. Because ICP itself can also be tainted, not just BTC.