You won’t get far into learning about blockchain security before running into some fierce debates over the importance of anonymity and pseudonymity for users. But what do these terms actually mean? Why are they so important for explaining the technology and ethos behind blockchain? And what do they mean for blockchain security? Read on to find out.
First, some definitions. Anonymity and pseudonymity refer to two different ways of obscuring or concealing a person’s identity. Within De-Fi, the terms have taken on a heightened meaning as users will often either maintain pseudonymity or anonymity as a way of protecting their identity and concealing their transactions.
Pseudonymity describes a process of using a fictional persona to conduct activity without revealing your true identity. In the context of blockchain security, this means that whilst the identity of the person making transactions is unknown, all of the transactions that they make can be linked to the same pseudonymous identity. By contrast, anonymity means that none of the transactions or activity conducted on the blockchain or on exchanges can be linked to one user, pseudonymous or otherwise.
Put simply, anonymity is a much stronger form of privacy than pseudonymity, however, with that comes some far reaching implications as we shall see.
Currently, the biggest cryptocurrencies such as Bitcoin and Ethereum operate pseudonymous systems. This means that whilst a user’s identity is unknown, their activity is linked to their wallet which takes the form of a long cryptographic address. These cryptographic addresses play a key role in tracking the flow of funds as seen in services like SkyTrace, which is a crucial tool for projects looking to hone their blockchain security.
Other projects specializing in privacy such as Monero and Zcash are designed to provide full anonymity through cryptography. These so-called ‘privacy coins’ prevent transactions from being linked to specific addresses and consequently make funds much harder to track.
Pseudonymity and anonymity have come to be seen as some of the central pillars of cryptocurrencies. Even the infamous founder (or founders) of the original cryptocurrency Bitcoin, Satoshi Nakamoto, is a pseudonym whose identity remains anonymous. This facilitation of privacy is one of the biggest appeals for some users, yet it is also a key sticking point for many who are hesitant to adopt or engage with cryptocurrencies as it allows for illicit activity and bad actors to go unchecked without accountability.
As cryptocurrencies and blockchain technology grows as an industry and becomes an increasingly important feature of our understanding of Web 3 and the Metaverse, we are beginning to see how the nature and function of pseudonymity and anonymity is set to become a major friction point between the growth of the industry and government and institutional regulation.
Much of the debate around policy for the adoption of cryptocurrency is focused on understanding how the new industry can fit into the existing framework of financial regulations. Chief among these is how KYC and AML checks can ensure that users can be held accountable for illicit activity. Currently, given the pseudonymous and anonymous nature of most cryptocurrencies, regulators have focused on fiat to crypto on ramps, which exist almost exclusively on the centralized exchanges.
Consequently, centralized exchanges have for the most part adopted some form of KYC checks as a precondition for using them. Coinbase for example requires strict KYC checks before users can start trading on its platform. Binance, another major centralized exchange has been banned from operating in both the UK and Japan due to its failure to gain approval from the countries’ regulatory bodies. The fact that for a long time Coinbase did not require KYC checks, and that Binance could operate across the world shows the growing urgency with which governments and institutions are regulating the crypto sector, and the tough decisions that will have to be made between regulatory compliance and the preservation of pseudonymity and anonymity.
However, as you are likely aware, centralized exchanges are only half of the story when it comes to trading cryptocurrencies. The other half is the disruptive, innovative world of decentralized exchanges or DEXs. DEX’s offer a decentralized solution to trade digital assets without the need for a centralized intermediary. By allowing for trades to occur over a peer to peer network, users do not have to trust their money to an intermediary wallet. However, this decentralization comes into conflict with the need for KYC checks at both a technical and an ideological level.
At the level of technology, the decentralized nature of a DEX means that it is extremely complicated to verify a user’s identity without a human intermediary, and would likely require an AI solution that is able to verify user identity off-chain. Whilst a difficult task, given the growing need for compliance, such a technology has the chance to be a huge industry.
At the ideological level, KYC checks run up against the deeply held values of anonymity and privacy held by many in the crypto community. For many, the anonymity afforded by blockchain has allowed them to avoid interference from hostile and dictatorial governments. Consequently, any measures that might make it easier to discover a user's true identity are seen as tampering with one of the primary utilities of blockchain.
Whilst the SEC has put out statements on DeFi, it has yet to take any direct action. However, if such statements lead to regulation, it will no doubt lead to some conflict between the SEC and the cryptocurrency community.
At the heart of both the technological and ideological tensions between the preservation of anonymity and pseudonymity, and the growing demand for compliance, is another of blockchains foundational tenets: decentralization.
Indeed, decentralization maps well on to this issue in part because it is itself both a technological practice and a strongly held value. We can think of blockchains as the technology that has made the ideal of decentralization a reality. Part of this ideal is maintenance of a so-called ‘trustless system’ whereby no single participant in the network is required to trust any other in order to trade. The need for trust and the need for a verifiable identity are inextricably linked. As humans we want to know who someone is before trusting them, and part of this trust is predicated on being able to hold them accountable if that trust is broken. By doing away with the need for trust from either party in a trade, decentralization has also done away with the need for a verifiable identity, consequently enabling the widespread practice of pseudonymity and anonymity.
Put simply, decentralization and blockchain technology has removed the need for either party to ‘know its customer’ when making a trade. It doesn’t take a genius to see that this inevitably has implications for the ‘know your customer’ checks required by regulatory bodies.
Ultimately, both those in support of the maintenance of full pseudonymity and anonymity, and those seeking more KYC and AML checks, do so to support and maintain blockchain security, and to make crypto safe. As a new and rapidly changing industry, both developers and regulators are working to find practical solutions to ensuring blockchain security without betraying the values of pseudonymity and anonymity held by the community.
At CertiK, one of the ways we assist with this is in the form of our KYC verification service for project teams, which conducts comprehensive KYC checks for the teams behind the various crypto projects. Some of the major pitfalls of pseudonymity and anonymity is how it has enabled malicious behavior from bad actors whose anonymity allows them to act with impunity, and we would see far less rugpulls and other crypto scams if users had full transparency on who was behind a project. CertiK is the only major blockchain security provider that performs KYC verification in addition to a security audit of the code, as well as continuous monitoring of a project via Skynet.
The debate between the importance of maintaining pseudonymity and anonymity or implementing regulation is still very much ongoing, and whilst it can be heated at times, it is a necessary conversation if cryptocurrencies are to reach widespread adoption. At any rate, compromises will have to be made by both sides in order to ensure a secure and safe cryptocurrency and to guarantee blockchain security in the future.