Hardware wallet maker Trezor announced last Thursday it had adopted software that makes it easier for Switzerland residents to withdraw crypto from a regulated exchange to their own wallet – then reversed course a day later. So what happened?
Within moments of the first story breaking, a Crypto Twitter storm-in-a-teacup was brewing. Some argued that Trezor’s decision to adopt the Address Ownership Proof Protocol (AOPP) was legitimizing wallet verification and facilitating creeping regulatory overreach, signaling a decay of the crypto community’s freedom.
But if you’ve ever had to transact with a Swiss crypto exchange, you probably breathed a sigh of relief upon reading the news, because getting your crypto off a Swiss exchange is a pain in the bum.
Leah Callon-Butler, a CoinDesk columnist, is the director of Emfarsis, a consulting firm based in Southeast Asia. The views expressed here are her own.
If you live in Switzerland, you must prove you are the owner of the wallet that you want to pull your funds to. You can do that in a few different ways, but mostly, users will submit a screenshot of their wallet, or the exchange will conduct a “Satoshi test,” where they send a specific amount of coins to a wallet and ask the user to confirm receipt. Some wallet providers, like Trezor, have an in-built sign-and-verify feature that allows a user to sign a text message using their wallet keys, which someone else can then verify using the address.
This manual process is clunky and annoying. The screenshot option is also a security attack vector; what crypto user wants to associate their phone number with their wallet address?!
As for the Satoshi test, not only does it incur transaction fees, it’s slow and involves too many steps to get done. If you’ve ever worked in tech, you’ll know that streamlining on-boarding is imperative to user adoption and adding more clicks is suicide for any app.
But, hey, those are the rules in Switzerland. There’s no way around it. If you want to withdraw from the exchange into your private, un-hosted, self-hosted, non-custodial (whatever you want to call it) wallet, you have to prove it's yours. Once it’s in your wallet, you can send it wherever you please.
Travel rule: Ineffective, intrusive, inescapable
The whole thing is ludicrous. So why do it? Because FINMA (the Swiss Financial Market Supervisory Authority) took a staunch position on a set of global rules handed down by the Financial Action Task Force (FATF) back in 2019, for the purpose of stopping bad guys – money launderers, terrorists, etc. – from moving money around the world to fund their operations.
The travel rule, as it’s known, requires information to be shared about both sender and receiver on either side of a transaction. Banks have had to comply with it for decades, which is how we know it’s not exactly a “tried and tested” crime-stopper, since the vast majority of dirty money still siphons through the world’s traditional financial institutions.
The travel rule is largely ineffective, costly to comply with and encroaching on user privacy. So you can imagine how irate the crypto community was when they heard that they were being saddled with it too, particularly because crypto works entirely differently than the banking system. Applying the travel rule to blockchain is like taking something that was built for a horse and cart and retrofitting it to a rocket ship. Nevertheless, the FATF took its square-peg rule and jammed it in crypto’s round hole.
Most FATF member countries are taking their time to interpret and implement their legislative take on the travel rule, but others raced to get it done. Like Switzerland. But Switzerland didn’t just adopt the rule. Oh, no. It went further, to “gold plate” it, meaning everyday people would have to reveal more about themselves and do more to confirm their existence, just to access their local crypto services. Why did FINMA do that? I don’t know. It wasn’t necessary. Perhaps the regulator wanted a gold star from the FATF?
It’s onerous regulations like FINMA’s that can help to accelerate peer-to-peer wallet usage and increase consumer demand for self-sovereign solutions. By making it super-difficult to interact with regulated exchanges, FINMA incentivizes the un-hosted crypto usage that it wanted to prevent. Unintended consequences, much.
So I was excited when I met the founding crew at 21 Analytics, a bunch of OG bitcoiners in Switzerland’s Crypto Valley who’d created a neat little tool, called the AOPP. It is a simple and automated solution for providing proof of ownership of an external wallet's address, solving the issue of having to go through the proof-of-wallet ownership process every time you want to take your crypto off an exchange. It’s opt-in, and open source, so privacy aficionados can personally review the code, should they wish to do so. This is obviously useful for the Swiss, but it might soon be needed by others around the world, too. In the Philippines, for instance, those who earn in crypto via blockchain games are already being asked by their bank to prove the source of their income.
(Disclosure: When AOPP signed Trezor as a partner, my company worked with AOPP to help write the announcement.)
Don’t shoot the mitigator
But the integration announcement prompted unexpected public furor, with some taking to Twitter to voice their objections. In response to the community backlash, bitcoiner Stephan Livera reminded his followers that AOPP wasn't necessarily the source of the issue. Via direct message, Livera told me that he is concerned about non-custodial wallets being stripped of their permissionless quality but “the deeper problem is the FATF and the constant push for more (anti-money-laundering) regulations despite the continual failure of AML policies.”
Read more: Marcus Pleyer - Crypto Firms Can't Outrun the Travel Rule
The frenzy continued, and Trezor capitulated, backtracking on its earlier announcement to confirm it had scrapped its plans to integrate AOPP. Trezor obviously made the decision to remove AOPP from its next release because of the community uproar. But in the grand scheme of things, the rollback changes nothing. As Marek "Slush" Palatinus, Trezor’s founder, pointed out in a tweet, Swiss users will still have to prove wallet ownership, unless they are happy to stay trapped inside the confines of Switzerland’s walled garden.
Anti-money laundering requirements such as the travel rule may seem to do little else than force crazy compliance costs on businesses and introduce friction for users, making for a lousy experience. But that is exactly why we need crypto natives working on these issues, to help keep costs down and user satisfaction up, while protecting our dearest-held values of privacy and decentralization.
Crypto is moving fast toward mass adoption and today includes more normies than ever before; I suspect these are the types who expect a certain level of ease and convenience embedded within the user journey, and solutions like AOPP will be welcome.
They’re just less likely to be tweeting about it.
Learn more about Consensus 2023, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.