Address Ownership Proof Protocol (AOPP) is a tool that allows cryptocurrency owners to prove that their self-hosted wallet (also known as an unhosted, private, non-custodial wallet) belongs to them in an easy, fast and private way.
AOPP needs to be supported by both the self-hosted wallet and the virtual asset service provider (VASP) to exchange the signed message used to prove ownership. In practice, AOPP automates steps every wallet is capable of performing to send information to a VASP, but only with the user’s request and approval.
Why Would a Cryptocurrency User
The Financial Action Task Force’s (FATF’s) Recommendation 16 proposed that cryptocurrency exchanges and virtual asset businesses within FATF member countries would need to reassess how crypto assets were transferred.
For compliance purposes, VASPs will need to adhere to country-specific rules when transacting with self-hosted wallets as part of their anti-money laundering (AML) efforts.
Recommendation 16 stipulates that when a virtual asset transfer involves only one obliged entity on either end of the transfer, countries should still ensure that the obliged entity adheres to the requirements of Recommendation 16 concerning their customer.
For example, when an ordering VASP, or other obligated entity, sends virtual assets on behalf of its customer (the originator) to a beneficiary that is not a customer of a beneficiary institution but rather an individual who receives the virtual asset transfer to a self-hosted wallet.
But How Does it Work?
An AOPP Step-by-Step
With AOPP, address ownership can be easily proven in seconds. Before starting, ensure the self-hosted wallet and the VASP support AOPP.
From the Wallet User’s Perspective:
- The wallet user accesses their account at the VASP and initiates the withdrawal process by inputting the wallet address and amount.
- Next, the wallet user will choose to prove ownership with AOPP. If the wallet is on a mobile device, the generated QR code can be scanned, or if on a desktop, the link displayed can be clicked on.
- The last step involves the wallet user signing the message that appears in their wallet’s display confirming address ownership.
- The withdrawal can now be completed instantaneously.
From the VASP’s Perspective When Using 21 Travel Rule:
With AOPP, you can request proof of self-hosted wallet address ownership from your customers with data privacy and speed.
- Integrate AOPP with the help of your IT team using 21 Travel Rule.
- The wallet user will prove ownership by clicking on an automatically generated message or a QR code.
- In the Self-hosted Wallets tab of the 21 Travel Rule software, the user’s wallet address and signed proof, which may include their name and account ID (tied to their account), will be visible.
- A green tick will appear below this information with the phrase signature valid.
- As the customer was previously KYC’d, no further action will be required from the VASP.
- All transactions made by registered customers will be visible for a period compliant with the legal retention period in the Self-hosted Wallets tab.
What Are the Pros?
- The process is fully automated upon the wallet user’s demand,
- It is safer than the screenshot option,
- It is easier than manual signing,
- The chances of address reuse are virtually nonexistent,
- Malware attacks are minimised as there is no copying and pasting of addresses,
- It is fast; wallet ownership can be verified in seconds,
- It is Travel Rule and General Data Protection Regulation (GDPR) compliant.
What Are the Cons?
- Only some wallets support it. However, there is ongoing work on wallet support for various hardware and software wallets.
Address Ownership Proof Protocol Is Safe
AOPP is safe for many reasons. It is more secure than a screenshot or a Satoshi Test, as your information cannot be duplicated or forged. It is just a static message between the wallet user and the VASP; the chances of the address being duplicated are virtually non-existent.
Address Ownership Proof Protocol Is Easy
AOPP is easy to use as it is a single-click experience. A message or QR code (for mobile devices) is shared with the wallet user by the VASP; click, and the wallet is verified. No intermediary is communicating between the wallet and the VASP.
See AOPP in action here.
Address Ownership Proof Protocol Is Private
AOPP won’t send any sensitive information to a third party. It is just the wallet user and the VASP. No third party is needed, which cuts out further Man-In-The-Middle (MiTM) risks. The wallet user also has complete control: they needs to click on the message before it can be sent to the VASP.
To learn more about self-hosted wallet verification methods, read Self-hosted Wallet Verification Methods: An Overview.