Unhosted Wallet Verification Methods: An Overview
In October 2021, the final FATF Travel Rule guidance was released, and since its last March draft, more attention has been given to unhosted wallets. These are wallets that are not provided by any VASP. These can be mobile wallets like BlueWallet or Edge, but also hardware wallets like Trezor and Ledger.
The Travel Rule exists for financial auditors to follow a trail. With transactions between VASPs, this is a relatively easy problem to solve. You just mandate that VASPs exchange PII data whenever a transaction happens between the two. This is harder when a user withdraws coins from his VASP account to his own private wallet (also known as an unhosted or non-custodial wallet). In essence, the user orders the VASP to send funds to a certain wallet address. The VASP has no way of knowing to whom that address belongs. Therefore the VASP runs the risk of sending funds to a sanctioned individual.
In order to mitigate the risk of sending funds to an undesirable address, VASPs deploy a number of techniques. Here we will explain the main techniques and explain why all of them are flawed. Luckily we’ve developed a foolproof alternative.
An Overview of the different Ownership Proof Methods
It's important to keep in mind that one method does not exclude the others. A VASP can offer its users just one, several, or all methods.
One of the easiest things to do is to ask the users to take a screenshot of their wallet software displaying their withdrawal address. Then ask the user to upload the screenshot. From that point on, an employee of the VASP’s compliance team can inspect the screenshot and compare it with the desired withdrawal address. If the address shown in the screenshot matches the withdrawal address, the employee can green-light the withdrawal.
The issues with this approach are numerous. The most obvious one is that it requires manual work. That’s not only error-prone but also expensive and slow, which is bad for the staff and the user experience of the VASP client.
Besides these massive downsides, there’s also a significant risk of fraud. A screenshot is nothing more than a bunch of pixels, and these pixels are trivially manipulated. Worse still: a fraudster could automate the manipulation entirely without a lot of effort.
Last but not least, this method encourages address reuse because the VASP is likely to try to avoid multiple inspections. Address reuse is bad for the privacy of the user and the VASP.
There is one upside to this method: the majority of the users are able to do this due to its simplicity.
This method is a significant improvement on the screenshot. The idea is simple: Send a trivial predefined amount from the withdrawal address to the VASP. If the user can do that, he proves he controls that address.
This process can be fully automated on the VASP side and doesn’t suffer from the trivial pixel editing, which plagues the screenshot method. However, this method is slow and costs the user real money. The trivial amount sent is not the problem here since that could, in theory, be reimbursed. But the miner fees cannot. The average fee paid on the Ethereum network is consistently high. It's routinely touching $10. The user is strongly incentivized to reuse addresses. Additionally, sending from a specific address is a non-trivial task with UTXO-based cryptocurrencies, such as Bitcoin, and often not possible with a wallet.
The final method we see deployed is rather good. The VASP will ask the user to sign a message the VASP gives to the user. The user needs to copy the message and paste it into their wallet software. Only a few advanced wallets support message signing. And the wallet needs to give the user control over which key is used to sign the message. Only the key associated with the withdrawal address is useful for this process.
This method provides a cryptographically secure proof that the user controls the withdrawal address. The downside is that only a subset of wallets supports this, and only advanced users know how to execute this. Education goes a long way, but that increases the burden on the VASP’s support team nonetheless.
Luckily there is something better than the previous methods; Address Ownership Proof Protocol or AOPP for short.
Address Ownership Proof Protocol (AOPP)
In a nutshell, AOPP is an automated variant of the ‘Manual Signing’ method described above. But in addition to the positive aspects of ‘Manual Signing’, it's also fully automated for the VASP and the user and, with that, provides an excellent user experience and prevents address reuse. AOPPs downside is that not all wallets are currently supporting it. But as a VASP, you can make demands which wallet a user can use to facilitate withdrawals. Or you can create financial incentives, so they use AOPP over other methods. AOPP is already supported by BitBox, BlueWallet, Sparrow, and others. Work is underway to add AOPP support to Trezor and Ledger. For more information, see our previous blogpost about why transacting with non-custodial wallets can be challenging and the AOPP website. You can start using AOPP to free your compliance team from manual work today. Reach out to us!