Recently bankruptcy by digital asset lending platform Celsius has revealed the names and transaction history of nearly half a million depositors. It illustrates a risk that arises from blockchain transparency and traceability.
The standard of privacy in most public blockchains is based on nicknames, which can be easily penetrated to track user activity and balances. As a result, the leakage of wallet name and address data can harm the privacy of blockchain users, as anyone with an internet connection can easily match on-chain activity and wallet addresses. of users named Celsius is disclosed in the records with the date and amount of every transaction on their wallet, putting wallet owners at risk of theft or extortion.
As a matter of fact, such data leaks can also occur simply by dealing with another party that knows your identity. Consider the example of using cryptocurrency in your payroll. Employees will be able to view their employer’s account balances and their team members’ pay slips. If you use crypto to pay, your local coffee shop can access information about how much you earned and where you shopped yesterday.
To mitigate this risk, digital asset owners use additional privacy-enhancing technologies to protect the confidentiality of their financial information. The point is that current techniques for managing illicit financial risks on blockchains rely on transparency and traceability to assess user identities. Thus, the same tools used to protect legitimate privacy interests on public blockchains could also frustrate government investigations into malicious activity.
A widely used security protocol is Tornado Cash, which was sanctioned this summer by the Office of Foreign Assets Control (OFAC) of the US Department of the Treasury on the grounds that it was being used in relation to more than $7 billion in illicit financial activity. This puts innocent blockchain users in a bind: rely on privacy through pseudonyms – which could be compromised – or have their funds involved in criminal activity, increasing the risk they could face penalties, have their funds blocked or their risk profile increased, potentially restricting their freedom to trade.
In traditional finance, the balance between privacy and legitimate government interests is achieved through financial intermediaries. In Europe and the United States, civil rights to privacy and financial secrecy limit the ability of intermediaries to use financial and other data for commercial or other purposes, and indicates exceptions to legally requested information sharing with law enforcement and regulatory agencies.
While the assumption that financial intermediaries can effectively protect sensitive personal information has proved problematic (witnessing the frequency of data breaches), it is unacceptable. in the context of blockchain technology and decentralized finance. This raises an important question: Can the risks of illicit financing in virtual assets be minimized while preserving the fundamental security enjoyed by citizens in the traditional financial system? ?
One novelty that blockchain can do is enforce rules automatically by programming them into smart contracts, effectively a digital “if-then” statement between transacting parties. . Initially, blockchains implemented rules governing only who owned virtual assets and when they moved – but now additional rules can be added to meet the needs of illicit financial settlement and other compliance risks. Cryptographic technology, such as zero-knowledge proofs (methods of ensuring the validity of a given statement without transmitting unnecessary information) can address the risks identified. defined by authorities and policymakers and is currently being developed by technologists in the blockchain space. These technologies, which have been studied for decades and are used in a number of existing blockchains, promise to reconcile competing claims about privacy and compliance in a stronger way than they do today.
For example, such solutions can allow for blocking of illegal transactions, automatic reporting to government agencies, as well as selective display of sensitive information, with restricted access. for authorized dealers with access to the information – while transactions and wallet balances remain private and protected against malicious actors.
Policymakers and regulators cannot stay on the sidelines. They must adopt flexible regulatory approaches that allow and encourage these technical developments in order to achieve more effective outcomes than is currently possible.
Through these technologies and with the support of regulators, both compliance and financial privacy can become an integral part of the virtual asset ecosystem.
Shlomit Azgad-Tromer, PhD, is the co-founder and CEO of Sealance. Jai Ramaswamy is the Legal Director of Andreessen Horowitz. Eran Tromer, PhD, is an associate research scientist in Columbia University’s Department of Computer Science and a co-founder of Sealance.
Opinions expressed in Fortune.com commentary are solely those of their authors and do not necessarily reflect the opinions and beliefs of Luck.
Must read more comment published by Luck:
Register Fortune feature email list so you don’t miss our biggest features, exclusive interviews and surveys.