ckBTC and KYT Compliance

I think the reality is that there are very few KYT providers today. I can think of Chainalysis, Ellyptic, TRM Labs…

We could design a decentralized system whereby X of Y KYT providers need to agree in order for the minting to be allowed…

4 Likes

The problem is Dfinity’s own version of ckBTC will be more adopted and unless there are major controversies around its policies it will be hard for alternatives to become relevant.

All things considered integrating KYT might be the wrong approach to fix this issue as it’d mean stacking another layer of complexity and potential issues instead of tackling the fundamental flaw that got us here in the first place, that being the lack of transparency for subnets blocks.

1 Like

Dont get it?
If you mint ckBTC you need to know first if the btc is not tainted or involved with illegal activities. You cannot blindly accept btc and put it in the “btc canister”

Thanks for pointing this out - sorry copy paste error…

There are some obvious shortcoming of KYT as you point out, and one can think of many edge cases. However, the point is that KYT providers take such things into account when ckBTC → BTC happens and that BTC is sent to exchanges or other parties that do KYT. KYT is no exact science and there is a lot of heuristics that are applied.

Also, to goal need to get this of the ground as quickly as possible while making sure that is it not “dead on arrival” and then iterate from there. No need to have to have the perfect solution right now, but need to have a solution that works for 99.9% of the cases and then can take it from there. If there are issues where different KYT providers have very different results, let’s address it. Luckliy, with ICP this is possible!

2 Likes

There are several options here: 1) make a small transaction first or 2) get your wallet KYT. Solution 1) can be implemented quicker. Solution 2) is tricker as it can allow for DOS attacks. Eventually both should be implemented. Again, let’s start with something that works and then improve from there.

4 Likes

That’s what I think as well. Wanna make sure that there is no single point of failure.

1 Like

Thank you. Do you have a ETA on when this version of ckBTC will be proposed to the NNS and rolled out?

I understand the argument around if DFINITY should have spent resources to build ckBTC, but now it’s built. If they choose to build KYT and it’s a better product, bringing more people to the IC I’m all for it.

If it’s a bad/unliked product, then there’s a pretty big financial incentive (with this being Bitcoin we’re talking about) for someone to roll a different wrapped BTC standard or KYT/no-KYT.

Is every application then expected to use a library and perform their own KYT?

Seems like a lot of overhead, and this is why I think a KYT canister is a good place for DAOs to exercise control.

1 Like

Okay, there’s a big confusion here.

Who are these making tainting Bitcoin rules

  1. Is it the American government?
  2. Is it the Congress in the US
  3. Is it the House of Representatives
    Or
  4. Is it capitalist us business entities
  5. Is it FBI/CIA or……

Who exactly is making or enforcing this rules?

I think the playing field should be left open for the developers to decide.

As the team developing ckbtc you do not have to force the developers to take a certain path. It should be universal.

4 Likes

Chainalysis KYT API can be found here: https://www.chainalysis.com/chainalysis-kyt/

It looks like they abide by the OFAC rules for KYT. OFAC is set by the US Treasury. More details can be found here: Office of Foreign Assets Control - Wikipedia

North Korea, Iran, and a few others are on that list. You can easily see who else is on there.

The link that you provided @dfisher shows the quote below


OFAC administers and enforces economic and trade sanctions in support of U.S. national security and foreign policy objectives. Under Presidential national emergency powers, OFAC carries out its activities against foreign states as well as a variety of other organizations and individuals, like terrorist groups, deemed to be a threat to U.S. national security.

The concern here is that the enforcement of the ckBtc falls under US jurisdiction. It clearly states that OFAC falls under the office of the president; if I am understanding correctly.

This is a strongly CENTRALIZED path to take as anything that undermines the US security becomes a threat. That itself is a threat to the natural free flow of the market.

Also this approach does not allow for a level playing field as the US WOULD PUT THIER INTEREST FIRST TO EMERGE AS WINNERS IN THE MARKET!

It should be up to developers to choose whether to abide to US law or not.

If I develop a business and I get funded by Chinese investors, and in the long run unfortunately say that China Invades Taiwan, as a developer I wouldn’t want to be affected by US policies as they have chosen to back Taiwan. I would want to remain neutral and do business that would help humanity. But then the US might flag all developers, including myself that are funded by China if they are the aggressors. This puts developers in general on a bad position as they have to choose a super power to abide by. The best option is for the ckbtc developers to let developers choose if they want to abide by OFAC or not.

8 Likes

This debate is a bit of a red herring, meaning its pointless. This isn’t about right and wrong. As it stands, if we do not implement KYT, then users who interact with the ckBTC canister can find themselves with tainted BTC. That means if they send their BTC to Coinbase, Coinbase WILL confiscate their BTC and erroneously report them to the authorities. Coinbase is an American company that abides by OFAC. Dfinity does not and should not facilitate and application that gets people’s crypto taken away from them. It would defeat the whole purpose of ckBTC.

That said, other people with different philosophical leanings and risk tolerances are welcome to implement alternative versions of ckBTC. As many have already pointed out, ckBTC is one version of wrapped BTC on the IC. If Chinese developers (or Russian, or Iranian, or North Korean, or ISIS, or whoever else) want to build their own version of ckBTC they absolutely can.

But users should be aware that if they wrap their tokens using a service that is not KYT enabled, there is a bigger chance that they could have their crypto sanctioned by a centralized exchange, many of whom follow the OFAC guidelines.

The thing I don’t really understand about this debate is that there is NO KYC. If folks with tainted BTC try to wrap their BTC, the absolute worst that can happen is that the wrapping fails. No one is coming to take your crypto away or doxx you. You’ll just have to stick with normal BTC or use a ckBTC alternative. Like, what are you so worried about?

6 Likes

What I am worried about is the history of oppression by Americans mostly towards African Americans that can resurface as a result of the Americans taking control of ckBtc.

As Africans we have the option of getting funds from anyone to enhance our business activities. Now while looking for our sponsors we are careful not to involve ourselves with people or entities that do illegal activities.

However we don’t control the future of politics in the world. And as a result we do not want the future of our political views being dictated by the same people who have overseen the oppression of our own people.

These people have their interests on the table and they know what that is. We also have our future among which is for us to choose our sponsors. By allowing ckBtc to be controlled by Americans is literally robbing us from the future of choosing on who to do business with. Because when things go south, we would loose our funding as the ckBtc would be used as a political tool.

3 Likes

If peoples’ BTC is taken away based on the idiotic idea of tainted Bitcoin, that is on the US government and Coinbase, not on the IC. It is like saying that every dollar note that has traces of cocaine, which most do, is tainted and therefore illegal.

The IC would not in any way be ‘facilitating’ such confiscation. All it is doing is offering a politically neutral way of bringing smart contracts and DeFi to BTC. It is up to consumers to do their due diligence and sue the US government in case of expropriation.

I agree with people on the thread speaking against American hegemony. As things stand, Dfinity has decided to cut off Iranians from access to ckBTC. Why? Because the US thinks Iran is a terrorist nation, although literally no other country aside from Israel believes that. We are on the verge of blocking 90 million people based on the whims of one country.

A central strength of crypto I thought was resistance to state censorship. If, in the name of convenience, this principle is so easily abandoned, what is the use of crypto at all? Are we to be constantly beholden to the US? If so, I think a large number of the IC’s Chinese developers are soon going to be moving out of the ecosystem. Makes no sense to be part of a network that is US controlled, especially since the United States has made and is making incredibly bad regulatory choices with regard to crypto.

5 Likes

I like how mostly everyone is against the idea of KYT and Jan just brushes them off, while more or less stating that KYT is a major priority for rollout.

8 Likes

We saw it before with maturity modulation, again driven by Dfinity’s concern with US authorities. But this is far more serious.

3 Likes

Well there’s a slippery slope between KYT and KYC. The centralized third party providing KYT service would be , likely, under obligation to report the wallet address which “attempted to” launder tainted bitcoin to OFAC. Due to sophisticated algorithms in co-operation with centralized exchanges, it is possible to narrow down the person to whom this wallet address belongs with high likelihood of success for some cases. And therefore provides doxxing capabilities by merely doing KYT; as well as providing identifying information to ckbtc canister if so needed.

3 Likes

I agree with this statement… but not for the same reason. I agree because I can not, for the life of me, see why a supposedly decentralised DAO-driven and neutral WEB3 platform provider (Dfinity, in case I’ve confused anyone - and yes, I know) feels the need to implement a mechanism to enforce US Treasury censorship rules - rules that can and will change regularly (I wrote this before… etc) - under the auspices of protecting the community when it’s simply taking some work off one or two choice Dapps who really should be dealing with this issue themselves.

It does not belong at the platform level. At best it belongs in any Dapps that are concerned about the issue - marketplaces, exchanges, even wallets.

The solution is simply to build in a level of traceability that would allow any authorities to track transactions through and not to implement a washer or mixer that removes this traceability. The definition of “tainted ” will change depending upon who is talking about it.

Otherwise it seems that we’re not about protecting the community but more about making sure we don’t upset the US Treasury or enforcers (notice that I did not use the work “regulator” as they are not necessarily bad).

3 Likes

The debate is actually political and about centralization.

What happened those past few days with the crypto friendly bank failures and operation “Choke Point 2.0” had left the American crypto industry effectively bank less as of today. This is a wake up call.
By abiding to US laws you are effectively sending a strong message to the world that this blockchain is centralized and under the ruling of the US. But the US is killing the crypto industry in the country, so I don’t think it’s a smart move.

In this context of global political changes, we are at a turning point right now and you are about to cut the “world computer” from the majority of the world as the next bull run is most likely to come from the east.

In the many blockchain related events I went, I was a strong and passionate advocate for the IC (not driven by my financial gain but by what it could bring to the world) but I mostly faced lack of trust towards it and its centralization.

I’m speaking out of love for the IC and I fear that this is going to ruin it.
The US had their chance with crypto and they made their choice, let’s look toward the future now.

Maybe the alternative would be to not release the ckBTC feature then and let private companies launch it under their names and let them implement whatever they want for their targeted customer @Jan . Let them shoot themselves in the foot if they want to, but let’s try our hardest to keep DFinity & the IC neutral.

Let’s learn from what happened in the Ethereum ecosystem with the OFAC sanction on tornado cash last year and the debacle that followed where more than 60% of the validators were OFAC compliant : it cast a massive amount of FUD about eth but it was only concerning the validators, not the core protocol itself or the eth foundation. That led Buterin to the path of developing a builtin privacy solution in the protocol itself in order to protect the network. Now we would send the opposite message…

4 Likes

I understand the concern of centralization/decentralization regarding the ckBTC canister. While I think that decentralization is a worthwhile goal to have, I fail to understand why having a smartcontract that depends on certain centralized service to make it feature-complete( CKBTC smart contract needing KYT centralized service) is such a big hullabaloo.

In fact the fact that you can make a centralized smart record with the Internet Computer without changing the basic architecture of Internet Computer, which is decentralized, is kind of amazing to me.

While, of course, i do not speak for @Jan or anyone else at Dfinity, i feel that there was a feature-miss for ckBTC. In order to make ckBTC Canister usable in current context practically, the inventors of CKBTC Canister feel that they need KYT. Ok. So what?

The users/smartcontract developers may choose NOT to use ckBTC canister or interact with ckBTC canister if they feel strongly about it.

The original ask from OP was how can we collectively solve the KYT issue. One of my thoughts is that we would need some kind of risk mitigation strategy for KYT knowing that KYT would never be perfect. I am thinking about a decentralized insurance service on top of ckBTC canister implementing KYT that reimburses unforeseeable taintedness of BTC as well as provides clear documentation about how this taintedness actually happened. WDYT?