Identity is the antidote for DEXs’ regulation problem

Regulators from Europe, the United States and elsewhere are busily hammering out details on how to designate decentralized exchanges (DEXs) as “brokers,” transaction agents or similar entities that affect a transfer and cooperate with each other. The U.S. called for multinational cooperation in its executive order on responsible digital asset development, as did the European Union with its recent Financial Stability and Integration Review. And that is just what’s publicly accessible. 

Behind the scenes, the whisper of regulation is getting louder. Did anyone notice that all the Know Your Customer (KYC) requirements have been laid on smaller centralized exchanges in exotic locations over the past two months? That was the canary in the coal mine. With the aforementioned designation and cooperation, DEXs will start to feel regulator heat soon.

Yes, regulations are coming, and the main reason why DEXs will hardly survive the coming storm is their proclaimed lack of ability to identify the users using and contributing to liquidity pools. In conventional financial circles, rendering services without proper KYC procedures is a big no-no. Not tracking identity allowed Russian oligarchs to use the Hawala payment service to anonymously move millions of dollars leading up to the war in Ukraine, so regulators are justifiably concerned about DEXs. For most DEX enthusiasts, KYC sounds like an insult, or at least, something that a DEX is fundamentally incapable of doing. Is that really the case, though?

Related: Crypto’s impact on sanctions: Are regulators’ concerns justified?

DEXs are actually pretty central

Let’s start with the anatomy of a DEX, and we’ll find that they aren’t even as decentralized as one may think. Yes, DEXs run on smart contracts, but the team or person that uploads the code on-chain usually gets special admin-level privileges and permissions. Additionally, a known, centralized team usually takes care of the front end. For example, Uniswap Labs recently added the ability to scrub known hacker wallets, removing tokens from their menu. While DEXs claim to be pure code, in reality, there is still a more-or-less centralized developer team behind this ethereal entity. This team also takes in any profits to be made.

Furthermore, an in-depth look at the way users communicate with permissionless chains reveals more centralized choke points. For example, last month, MetaMask was unavailable in a few regions. Why? Because Infura, a centralized service provider that the on-chain wallet relies on for an Ethereum API, decided so. With a DEX, things can always play out in a similar way.

Some people say that DEXs are more decentralized by virtue of being open source, meaning any community is free to fork the code and build their own DEX. Sure, you can have as many DEXs as you want, but the question is about which ones manage to bring more liquidity to the table, and where users actually go to trade their tokens. That is, after all, what exchanges are for in the first place.

Related: DEXs and KYC: A match made in hell or a real possibility?

From a regulatory standpoint, an entity facilitating such trades can be seen as a “broker” or a “transfer agent” regardless of whether it is open source or not. That is where most regulations are heading. Once identified as such, DEXs will take major fire unless they can comply with a wide array of requirements. These would include getting a license, verifying user identities and reporting transactions, including suspicious ones. In the U.S., they would also have to comply with the Bank Secrecy Act and freeze accounts upon request from the authorities. Without all of that, DEXs are likely to go under.

The identity-and-KYC issue

Since DEXs claim they are decentralized, they also claim that they are technologically incapable of implementing any identity verification or KYC controls. But in truth, KYC and pseudonymity are not mutually exclusive from a technological standpoint. Such an attitude reveals, at best, laziness or an unhinged push for lower costs, and at worst, a desire to profit from dirty money being moved around.

Arguments that a DEX is unable to do KYC without creating a honeypot of personal information lack technical merit and imagination. Multiple teams are already building identity solutions based on zero-knowledge proofs, a cryptographic method that allows one party to prove it has certain data without revealing that information. For example, proof of identity can include a green checkmark that the person has passed the KYC, but does not reveal personally identifiable information. Users can share this ID with a DEX for verification purposes without the need for a centralized repository of information.

Since their users don’t have to pass a KYC, DEXs become part of the puzzle when it comes to ransomware: Hackers use them as a major hub for moving bounty. Due to the lack of ID verification, DEX teams are unable to explain the “source of funds,” meaning they can’t prove the money doesn’t come from a sanctioned territory or from money laundering. Without this proof, banks will never issue a bank account for DEXs. Banks require information on the origins of funds so they don’t get fined or have their own license revoked. When DeFi can easily be used for criminal activity, it makes a bad name for crypto and pushes it further away from mainstream adaptation.

DEXs also have a unique and single-purpose suite of software, Automated Market Making or AMM, which allows liquidity providers to match with buyers and sellers, and pull in or determine a price for a given asset. This is not general-purpose software that can be leveraged for multiple use cases, as is the case with BitTorrent’s P2P protocol, which moves bits quickly and efficiently for Twitter, Facebook, Microsoft and video pirates. An AMM has a single purpose and produces a profit for teams.

Verifying user identities and checking that money and tokens are not illegal helps ensure some level of protection from cybercrime. It makes DeFi safer for users and more feasible for regulators and policymakers. To survive, DEXs will have to eventually admit this and adopt a level of identity verification and prevention of money laundering.

By implementing some of these solutions, DEXs can still deliver on the promise of DeFi. They can remain open for users to contribute liquidity, earn fees, and avoid relying on banks or other centralized entities while remaining pseudonymous.

Related: Want to weed out ransomware? Regulate crypto exchanges

If DEXs choose to ignore the regulatory pressure, it can end in one of two ways. Either more legitimate platforms can continue to adapt to growing government scrutiny and rising demand in crypto from more mainstream investors, who require usability and security, thereby leaving stubborn DEXs to die, or alternatively, unadaptable DEXs will move into the gray market of far-flung jurisdictions, tax havens and unregulated cash-like economies.

We have every reason to believe the former is a much likelier scenario. It’s time for DEXs to grow up with the rest of us or risk being regulated to death along with the shadier ghosts of crypto’s past.