ckBTC and KYT Compliance

Based on all the comments in this thread, there are solid arguments for having and not having KYT services implemented into the design of ckBTC. While many solutions similar to ckBTC are possible on the Internet Computer, DFINITY will propose one path forward and keep an open mind as a community to iteration and optimization as the journey continues. So without further delays, the next steps to complete the ckBTC rollout with a KYT solution will start this week.


  • DFINITY will submit a proposal to upgrade the ckBTC minter canister (mqygn-kiaaa-aaaar-qaadq-cai) in the coming days.
  • The canister upgrade will remove whitelisting and make converting BTC to ckBTC available to all principals.
  • The ckBTC minter canister will make calls to a newly installed KYT canister to check for “tainted” bitcoin before minting.
  • With this proposal ckBTC will be fully live, and the rollout complete.

Once again, the possibilities of ckBTC are endless, which is why releasing it with its full functionality as soon as possible in a way that provides a secure user experience is crucial. Incorporating KYT checks to the ckBTC process protects users from receiving “tainted" bitcoin and ensures that their bitcoin remains exchangeable on CEXs.

Implementation of KYT Checks that will be submitted as proposal to the NNS

Issuing: KYT checks are done on all incoming bitcoin UTXOs before ckBTC is issued. More specifically, the ckBTC minter canister will be able to call a Chainanalysis KYT canister to perform KYT checks using HTTPS outcalls.

Redeeming: Outgoing BTC transactions (when ckBTC is redeemed) are checked against a hard coded OFAC (Office of Foreign Assets Control) list. In the future, DFINITY plans to submit another proposal to use the KYT canister to also check the receiving bitcoin address when converting ckBTC into BTC.

About the KYT Canister

The KYT canister is to be handed over to the NNS, which means future updates to this canister will only be possible via NNS proposals. The KYT canister will accept a Chainanalysis API key from a designated principal. Initially, this designated principal – which is able to update the API key – will be controlled by Toniq. Changing the designated principal or adding other ones will be via NNS proposals.

Toniq has a subscription with Chainalysis and will pay for these calls. The ckBTC minter canister collects transaction fees that will be used to pay the designated principal(s) (for now just the one controlled by Toniq) for the KYT service. These fees are added to the conversion fees.

Next Steps

Acceptance of the proposal that will be submitted later this week means that the ckBTC rollout is complete. The ckBTC canister will be upgraded to allow all principals to convert BTC to ckBTC. And the KYT checks will allow users to securely transact bitcoin on the Internet Computer. In the future, the KYT canister may also manage the accounting for how the API key holder will be paid in ckBTC for providing a valid and active API key.


Many in this thread have questioned the values of the DFINITY Foundation and perhaps believe that incorporating KYT services compromises the decentralization of the Internet Computer. To this point, I can only reiterate that what is being proposed now is just ONE version of ckBTC. As the ckBTC canister is an application-layer smart contract, meaning NOT integrated in the protocol, there could be multiple versions of ckBTC on the Internet Computer, each with different rules and processes with or without KYT checks. The code is open source and the steps to deploy it are documented here.

As we navigate as a community through such challenging situations, decentralization remains the number one priority. Moving forward the vision is to have multiple KYT providers and API key holders as well as multiple ckBTC variants, including non-KYT canisters controlled by the NNS. While the ckBTC canister is currently controlled by the NNS, this could change in the future, e.g., to be controlled by an SNS. However, that will require a thorough design and take time to implement. For now, control by the NNS is the most secure and also fastest way to move forward.