Join ACCESS EU, the first-of-its-kind digital assets security and DLT summit
Halborn Logo

// Blog

Blockchain Security

What Is KYC in Crypto and What Are Its Limitations?


Rob Behnke

June 10th, 2022

“Know Your Customer” or KYC is a common term in the crypto and blockchain space.  The term KYC comes from the financial industry and the intersection of the blockchain with governments and legal systems.

What Is KYC?

KYC standards were put into place to protect against fraud, money laundering, corruption, and the financing of terrorist organizations.  Financial institutions in certain jurisdictions are required to “know their customers”, meaning that they must solicit proof of a person’s identity as part of the account creation process.

By performing KYC processes, an organization manages its risk of being involved in criminal activity.  The visibility that KYC provides makes it possible for institutions to gain visibility into illegal flows of money (bribery, etc.) and to refuse service to terrorist organizations.

How KYC Relates to Crypto

The original goal of blockchain and crypto is to provide an alternative to traditional, centralized financial systems.  Bitcoin was created as a decentralized financial system that would hopefully evade the risks associated with banks making risky financial decisions.

Cryptocurrency exchanges and similar organizations perform many of the same roles as traditional financial institutions.  As a result, they are subject to the same regulations and requirements where those regulations exist.

Over a dozen countries have KYC regulations designed to protect against fraudulent and illegal financial activity.  Cryptocurrency exchanges and other organizations located in those countries or providing services to their citizens are subject to these KYC regulations as well.

Blockchain technology is designed to be pseudonymous, and KYC provides most of the visibility used to identify the perpetrators of attacks and other illegal activities on the blockchain.  For example, if a DeFi hacker cashes out using a cryptocurrency exchange — without using Tornado Cash or another obfuscation service first — it may be possible to learn the real-world identity of the attacker.  Similarly, law enforcement has a history of using KYC to identify criminals using cryptocurrency, such as the actors behind ransomware attacks.

The Limits of KYC on Blockchain

KYC provides insight into the identify of blockchain users, but this visibility is limited.  KYC is only required when creating an account with a cryptocurrency exchange that complies with applicable regulations.

Some of the ways in which a blockchain user could evade KYC include:

  • Off-Exchange Transactions: Often, KYC applies when a blockchain user converts between crypto and fiat currencies.  If a user acquires and spends funds entirely on the blockchain — such as earning a salary in crypto and buying goods or services with crypto — then they may never interact with a cryptocurrency exchange and undergo KYC processes.
  • Non-Compliant Exchanges: Cryptocurrency exchanges are required to comply with KYC to operate legally within a particular jurisdiction.  If an exchange operates illegally or outside of these jurisdictions, they may allow anonymous accounts.
  • Anonymization Services: On-chain anonymization services like Tornado Cash make it impossible to link the source and destination of a blockchain transaction.  This enables a blockchain user to make crypto earned illegally “clean” and safe to cash out via a KYC-compliant exchange.

The Bottom Line on KYC

KYC is a result of the theoretical anonymity of blockchain and crypto meeting the real-world limitations of laws and regulations.  KYC provides a certain level of visibility into actors on the blockchain, but this visibility is imperfect and can be evaded by criminal actors.