A KYT check on the destination Bitcoin address is performed to prevent the ckBTC minter from sending bitcoins to tainted addresses.
i see this is a necro thread… odd that many questions haven’t been answered, so 4 concerning scenarios:
-
if a user of DeFi gets a hold of some BTC via various swaps and tries to convert it to ckBTC, but the KYT system flag it (unbeknownst to them somehow they swapped with some tainted coins) what happens to the users BTC? Does the protocol send them back? Are they frozen? what recourse does the user have besides filing a lawsuit with the KYT provider?
-
same scenario as #1 but in the users jurisdiction the coins he possess are not regarded as “tainted”
-
the user is in a country that has int’l sanctions applied to it at the jurisdiction of the KYT provider (for example the user is in Iran or North Korea), since their is no KYC, if it then later gets shown that his address belongs to a North Korean or Iranian, what happens?
-
similar case to #3, the btc address shows up later on the banned list…
without answers to these questions i don’t see ckBTC getting big volumes
The ckBTC wiki page explains what currently happens when “tainted” UTXOs are sent to the ckBTC minter.
In short, they are quarantined indefinitely. Note that just sending them back is problematic because the ckBTC minter shouldn’t send “tainted” UTXOs around. Additionally, there are some technical challenges: the Bitcoin transaction that transferred the UTXO to the ckBTC minter can have multiple inputs associated with different addresses. It is not clear which input address should be used as the “return address”.
I don’t know to what extent different jurisdictions would classify bitcoins differently. I’m assuming that KYT providers follow the recommendations of the FATF, which has quite a few members, but yes, it is possible that other countries handle AML differently.
Regarding your questions 3 and 4, once ckBTC has been minted, this operation cannot be undone, so users cannot suddenly lose their funds at a later stage.
The whole KYT process is meant to ensure that users can always withdraw “clean” bitcoins. We also feel that the quarantine process should be improved somehow. Once we have a reasonable strategy, we will certainly announce it and request feedback. If anybody on the forum has good suggestions, please post them here!
I still do not understand, for example, when someone sends BTC to the miner and ckBTC is minted, but information about a blacklisted sender address appears later. What happens with the tainted BTC and the already minted ckBTC? If the tainted BTC is quarantined, who will bear the difference in the uncovered ckBTC balance 1:1?
Nothing happens to the minted ckBTC. The ckBTC tokens may have already circulated, so there is no good way to remove them from the system.
As you correctly pointed out, there is a remaining risk that some UTXOs are declared “tainted” later. This risk is considered small and is currently accepted.
Even if the risk is small, something bad might happen eventually and, as I mentioned above, we’re thinking about ways to improve the KYT mechanism.
One approach under consideration is the following: Since the ckBTC minter performs KYT checks, it could report the UTXOs that it manages to the KYT provider(s), which could then mark these UTXOs as part of the “ckBTC service”. If the KYT provider(s) consider ckBTC trustworthy (which should be the case), the reported UTXOs should remain “clean”.
If you have other ideas/questions, let me know!
Just rough ideas, rather than only depend on passive approach, what about proactive approach by separating the risk levels of the source of Bitcoin addresses? By categorizing deposits according to their perceived risk levels, we can apply varying degrees of waiting periods before minting ckBTC tokens. Such as:
-
Virgin Bitcoins (Low Risk): Deposits made up entirely of freshly mined coins with no previous transaction history are generally deemed lower risk since they haven’t passed through many hands. You can mint these ckBTC tokens instantly upon receiving them without applying any waiting period.
-
Official Institutional Deposits (Medium Risk): When receiving BTC deposits from officially recognized institutions like registered cryptocurrency exchanges, custody services, or OTC desks, the risk profile increases slightly due to increased exposure to potential money laundering. Apply a short waiting period, say one hour, during which time the source of the funds can be verified by KYT providers. Upon completion of verification checks, proceed to mint ckBTC tokens.
-
Anonymous Addresses (High Risk): Transactions originating from anonymous wallets pose a higher risk of being tied to malicious activities. For such cases, introduce a longer waiting period—for example, twenty-four hours—during which further investigation and analysis can be carried out by KYT provider(s).
Hello everyone, I am fairly new to the crypto eco system and have just had the issue that has been described above by some. I bought some BTC on tradeogre, and sent it to my NNS wallet to convert to ckBTC. From what I had read, the idea of ICP sounded very interesting. It is true decentralization, unlike any other coin.
However, I am now told that the BTC I sent is flagged by your KYT process, and is now quarantined… indefinitely. I cannot have access to my BTC, and have no way to recover it. I am perplexed beyond belief. This stands against the ethos of Bitcoin and of decentralisation. It is not anarchistic. It is not even democratic. It is authoritarian. Through no fault of my own I have bought some bitcoin which has apparently been used in the past in some illicit way, and judgement has been passed with no recourse. The US government looks like a saint in comparison.
Furthermore this acts heavily against the interests of the ICP project. I had no way of knowing that my BTC was going to be put into quarantine before I sent it. There was no warning. I am sure what happened to me has/ will happen to others and it will become known that if you send your BTC to the ICP ecosystem there is a small chance of losing it. It is clear what will follow. Why would anyone risk losing their BTC ? Unless a solution is found this is a hole below the waterline for the ICP project.
Given that ICP is truly decentralized, I do not know why there is so much concern over how authorities will act towards you.
I think the main problem is that the “tainted” BTC you put in might be withdrawn by someone else, leaving them with Bitcoin that can’t be redeemed on an exchange.
Your situation may not seem fair, but “buyer beware” is considered more fair than the scenario above. Does tradeogre utilize KYC? If so, I’d recommend you contact them about this. If not, it can be considered a risky place to do business.
For the record, I think there must ultimately be a better solution to this problem. But for now this is the reality.
I agree with the issue raised here. It is unfair to users who will mint ckBTC if their BTC is suddenly quarantined without prior warning. I do not know what/how the KYT procedure is, but if the KYT provider can warn users before they deposit BTC to the minter, it would be better.
What is the purpose of this feature? to concentrate control in the hands of DFINITY and Toniq?
This is not a permissionless feature, is it?
Update on DFINITY’s view on KYT
When ckBTC was launched, DFINITY proposed using Chainalysis KYT to screen BTC coming into ckBTC, and screen addresses when converting ckBTC back to BTC. The main reason for this proposal was the concern that BTC that is considered “tainted” by certain entities could make it into the pool of BTC managed by the ckBTC minter. Other users may end up withdrawing that BTC, and as a result have a more difficult time using this BTC for example at centralized exchanges. DFINITY’s proposal was adopted, and therefore ckBTC has been running with Chainalysis KYT integration since inception in April 2023.
Experience from a year with Chainalysis KYT
In this year of having ckBTC with Chainalysis KYT integration, some new insights have been gained. There is no definition of tainted bitcoin, meaning that everybody has their own set of rules. This makes it impossible to guarantee that all bitcoin coming out of ckBTC would be accepted by CEXes without question. The ckBTC minter therefore takes a very conservative approach and quarantines all funds that could be considered questionable. This has led to funds being quarantined by the ckBTC minter that seem innocent, for instance funds coming from a BTC ATM and from a non-KYC centralized exchange.
New proposal by DFINITY
DFINITY proposes to remove the Chainalysis KYT integration from the ckBTC canisters. There are a lot of advantages to this:
- Currently KYT fees of 2000 sats (= 1.25 USD today) are charged whenever converting between ckBTC and BTC. By removing the Chainalysis KYT integration, the fees for converting between BTC and ckBTC can be significantly reduced.
- It removes a centralized dependency from ckBTC.
- Users can be sure that their funds will be accepted by ckBTC, so there won’t be cases anymore where user funds are quarantined which the user did not expect.
How would the ckBTC minter canister deal with BTC that is currently quarantined as it was flagged by Chainalysis? We propose that the ckBTC minter canister re-evaluates quarantined funds after upgrade according to the new rules (which is a check of OFAC sanctioned addresses, see below), and proceed to process the deposit if valid according to the new rules.
But how would the concern of “tainted” BTC be addressed? We now think that this risk can be managed. It is important to note that ckBTC is never mixing funds: Whenever BTC is converted into ckBTC, this can be traced using the ckBTC minter dashboard. ckBTC can be traced on the ckBTC ledger, and finally conversions back to BTC are again traceable on the ckBTC minter dashboard. This means that whenever a ckBTC user would be challenged to explain the source of funds e.g. by a CEX, the user can show all steps. To further help avoid such cases, DFINITY is trying to work with parties like Chainalysis to explain how BTC can be traced across conversions into and out of ckBTC. That being said, it is impossible for ckBTC to guarantee that all entities like CEXes like the BTC coming out of ckBTC because they all use their own analysis which is not publicly available. Therefore, this remains a risk that all ckBTC users should be aware of.
OFAC
The regulatory and legal climate for DeFi is inconsistent and uncertain today across different jurisdictions. Whilst DFINITY remains a firm believer in an open, accessible, decentralized, cross chain financial base layer, the current state of affairs is that we see many crypto projects have serious issues with OFAC enforcement. It has been reported that BTC miners are increasingly adhering to OFAC address screening.
To reduce the risk to all participants in the Internet Computer ecosystem, we propose that the new ckBTC minter canister continues with, and extends the OFAC address screening it does today.
The current ckBTC canister incorporates checking of addresses against the OFAC sanctioned list for ckBTC → BTC transfers. Transfers to an OFAC listed address are blocked. As removal of Chainalysis KYT from the ckBTC canister would open up the possibility of incoming transfers from addresses on the sanctioned list, DFINITY proposes to add code to the ckBTC minter canister to screen for OFAC listed addresses for BTC → ckBTC transfers. Effectively funds sent from sanctioned BTC addresses will continue to be placed in quarantine.
Since the OFAC list is a fixed list at any point in time, users will know beforehand whether the ckBTC minter will accept their BTC.
Discussion
Please let us know what you think. Do you support this proposal, do you have a different idea, or would you rather stick with the status quo?
As long as transactions are traceable makes not sense at all for DFINITY to act as a police officer.
That actually makes people dont trust on IC, due to centralized behavior of KYT.
IMO KYT was a mistake from the beginning.
Agree. KYTs are unnecessary if the definition of contaminated BTC is vague and it proves difficult to control all contaminated BTC.
It is never too late to mend.
oh finally common sense prevails… btw the OFAC list updates probably need to be voted on by the NNS or whatever, there should also be a way to freeze an account (pending DAO vote) in case of hacked funds moving through the system. however that would require some sort of rapid fire vote, perhaps a sort of decentralized group on “sentinels” can be delegated to by the DAO in order to do that.
might also consider that a new address locks up some ICP for 6mo. to be able to use all of this, and the yield goes to pay for the sentinels
100% agree and support this. As one of few using this feature multiple times a week (didn’t mind the fee per say but checking in advance for clean BTC was a pain) it is a welcomed change.
How does OFAC checking work? Is the OFAC list mirrored on-chain by a canister and made available to all other canisters by an inter-canister call? That would be helpful for all other DeFi projects as well, not only ckBTC.
Where can I find any documentation or resource explaining the FIFO/LIFO queue system for ckBTC UTXOs in more detail?
Note that the OFAC list is already hard-coded in the ckBTC minter.
If there is a need, it wouldn’t be hard to expose this list to other canisters.
Do you have some concrete projects in mind that would benefit from this?
I’m not sure what you mean by the “FIFO/LIFO queue system”. If you wish to learn how the ckBTC minter chooses UTXOs for transactions, you can find the technical details on the wiki page (search for “UTXO selection algorithm”).
With all due respect Manu, this is exactly what we were trying to point out back when we were objecting to the idea of KYT in the first place. The somewhat fluid and very much political nature of the definition of “tainted Bitcoin” meant that this was bound to be a bad idea. I for one am happy that this is the outcome but it would have been more appropriate and less damaging/inconvenient for the ICP community (developers and others) if the feedback from the community had been more seriously considered at the time.
In the end, good, but more thought is needed with such decisions in future to consider the potential impact. At least nobody will have to be concerned that their BTC may be confiscated. Proposal supported of course