Let's talk about KYC and the Dfinity Foundation

As we are all becoming aware, the Dfinity Foundation is requiring KYC on basically all tokens. I have some questions and concerns that I would like addressed.

  1. What is Dfinity’s (or CoinList’s) purpose for collecting KYC information for basically all tokens? How will this information be used by Dfinity (or CoinList)? Will CoinList be sharing KYC information with Dfinity, or is their KYC information kept in a separate database? Under what circumstances will Dfinity (or CoinList) be sharing this information with third parties? Will Dfinity (or CoinList) be selling access to this information to third parties?

  2. What security precautions will Dfinity (or CoinList) be taking when storing this information? Does Dfinity (or CoinList) understand the seriousness of what can happen if their KYC database leaks onto the internet?

  3. We are now looking at a scenario where Dfinity (plus CoinList) literally knows the identities of potentially all of the neuron holders, and almost certainly the identities of all of the largest neuron holders. We’ve known since ancient Greece that democratic voting systems are undermined by (1) vote buying/selling and (2) threats and intimidation, and the solution to this has always been the secret ballot. How is this situation compatible with a functioning democracy where a large influential central party also knows the identities of all the voters? Does this create issues down the line for the liquid democracy envisioned by Dfinity when issues can become very contested? Are NNS votes encypted and invisible to all somehow, or are they transparent and analyzable?


These are all very valid and very good questions. Not only did seed investors lose out on Ethereum price going 400x , now their literal safety and security will be forever threatened. Scary times. Any KYC service is breachable by an adversary determined enough.


I’m also interested in the answer to these, I’m assuming the KYC for the airdrop was done to counter bots from participating.

Where do you see this info, and specifically where do you see that it applies to seed round people?

1 Like

I’ll take a stab, but much of this can be answered by reading the Ts & Cs:

  1. To be maximally compliant with international kyc, ctf, aml, etc. laws. It wont be used by them in any way outside their obligations under the laws of the jurisdictions of the token holders and their local obligations. It is illegal for them to sell the KYC information in most if not all jurisdictions and I don’t see any benefit to them to doing so. I don’t think DFINITY handles any KYC information. This would be managed by a specialist organisation.

  2. I imagine they do understand the seriousness.

  3. I don’t see it as a serious threat. That would really undermine the system they are creating. Everyone is incentivised to keep the governance of the IC decentralised and healthy, and increase that decentralisation over time. For corruption by any party to occur there would have to be a motivation great enough to risk the whole 5 year project.

Reasonable concerns though.

1 Like

Hi Mac,

I’ve submitted my KYC for 2 months to coinlist but no response till now. I am eligible to receive the airdrop. If there are any ways that you could help will be much appreciated.


1 Like

Looks like Dfinity is using a third party called ‘Acuant’. Does Acuant understand the seriousness? Ledger.com, a literal security company in the crypto space, just had their customer base personal details leaked onto the internet by a rogue employee at Shopify, and now many of them are receiving extortion threats. I think we need some statement on this and I’m not convinced that Acuant regularly deals with this kind of project. I’d like to get a response from Dfinity on this.


Does anyone know if they’ll let USA folks through KYC? Looks like their form supports it, so it seems like they would, but who knows what happens once it’s submitted…


I think that in the blockchain world, it is time to abandon the kyc set, which is truly borderless.

Hi Arthur,

I must admit that I am new here to the actual forum. You are in my view helpful and deeply involved in the community. My question is, what motivates you to answer these questions that employees should be answering? Why does the leadership think it is okay to leave questions unanswered because some helpful person like you will take care of it for them?

Yikes. Does trezor have the same vunurbilities?

Hi from New Zealand, Im not sure if this is the correct thread. Please let me know. I need to report theft.
Coinlist have taken the tokens I paid for with the $9 ICD drop in 2018. They are saying that I did not complete my KYC in time? However it was not completed as they would not verify my ID. I tried to contact many times to no avail. Please can someone point me in the correct direction?

hello ; i participated in the seed round 4 years ago and my kyc isnt approved for weeks . can i get the help of someone ?

Hi, My only thought would be that you could contact support.difinity.org website and submit a request. They may have some advice on how to proceed. Best of luck.

It looks like the NNS is still getting repaired. If I were you I’d wait until the status here → https://status.internetcomputer.org is green and rechecking. Then if needed contact support.dfinity.org