Top Stories of the Week - 7/28

This week we write about Worldcoin’s launch, a new Bipartisan Bill to regulate DeFi, and reports that CoinDesk will be acquired.  Subscribe here and receive Galaxy's Weekly Top Stories, and more, directly to your inbox

New Bipartisan Bill to Regulate DeFi Sparks Fierce Backlash from Crypto Industry

On Tuesday, July 18, a bipartisan group of U.S. Senators introduced new legislation requiring decentralized finance (DeFi) applications to comply with anti-money laundering (AML) and economic sanctions compliance obligations. Called the Crypto-Asset National Security Enhancement and Enforcement Act or “CANSEE Act” in short, the bill seeks to apply the same national securities laws that apply to banks and other traditional financial institutions to DeFi apps, regardless of these services’ level of decentralization. Though the full text of the bill has yet to be published, the briefing document for the bill shared on Twitter defines the parties responsible for carrying out AML and Know-Your-Customer (KYC) procedures as “anyone who ‘controls’ a DeFi protocol or makes available an application to use the protocol,” that is the application developers.

The document reads further: “[i]f nobody controls a DeFi protocol, then—as a backstop—anyone who invests more than $25 million in developing the protocol will be responsible for these obligations.” The CANSEE Act is sponsored by Senators Jack Reed (D-RI), Mike Rounds (R-SD), Mark Warner (D-VA), and Mitt Romney (R-UT). In a press release about the bill, Senator Warner stated, “[a]s Chair of the Senate Intelligence Committee, I remain deeply concerned that criminals and rogue states continue to use crypto to launder money, evade sanctions, and conceal illicit activity. The targeted package we’re introducing today will help address specific problems in decentralized finance and … I believe these focused measures will help maintain the robust AML and sanctions enforcement we need to protect our national security, while allowing participants who play by the rules to continue to take advantage of the potential of distributed ledger technologies.”

Since it was introduced, the bill has been met with fierce opposition from commentators both within and outside the crypto industry. Cryptocurrency advocacy organization Coin Center published an article on Thursday, July 20, calling the CANSEE Act “messy, arbitrary, and unconstitutional.” Nicholas Anthony, a Policy Analyst for the Cato Institute, said the CANSEE Act would “continue the erosion of financial privacy that has occurred in the United States over time.” A DeFi advocacy group, known as the DeFi Education Fund, tweeted a day after the bill was introduced that the CANSEE ACT essentially forces DeFi services to “centralize, shutdown, or get out of the United States.”

Dissuading the use of crypto for financing criminal activity is also the primary motivation for a recent amendment accepted into the National Defense Authorization Act (NDAA), which is a series of U.S. federal laws specifying annual budget and expenditures for the Department of Defense. The NDAA for 2024 is currently undergoing review in the Senate after narrowly passing the House on Friday, July 14. Senators Kirsten Gillibrand (D-NY), Cynthia Lummis (R-WY), Elizabeth Warren (D-MA) and Roger Marshall (R-KS) introduced their amendment to the FY24 NDAA on Wednesday, July 19. Specifically, the amendment would require the Treasury, SEC, and CFTC to create within 2 years an examinations regime to oversee sanctions evasion and AML policies at crypto financial services companies. Additionally, the amendment requests a report from FinCEN on uses of cryptocurrency mixers and tumblers and policy recommendations.

Our take

The CANSEE Act and its sponsors make sweeping claims about the use case and features of DeFi apps that are largely untrue.

• “DeFi provides anonymity”: DeFi provides pseudonymity as users are identified by their public addresses, rather than personally identifiable information (PII). However, most often public addresses can then be traced and linked to other addresses that have been tagged with PII either by a centralized exchange (CEX) or blockchain forensics companies. Because all transactions to and from a public address are transparently recorded on the blockchain, tracing illicit funds through DeFi apps is far easier than tracing these funds on centralized exchanges (CEXs) or darknet markets. For this reason, the vast majority of illicit market activity using crypto is carried out on CEXs rather than decentralized exchanges (DEXs).

• “The CANSEE Act makes important updates to the Treasury Department’s authority to require participants in the U.S. financial system to take special measures against money laundering threats. Currently, these authorities are limited to transactions conducted in the traditional banking system.”: The Treasury Department’s authority over DeFi apps through sanctions has been and continues to be effective at reducing the use of crypto for illicit activity like money laundering. In Chainalysis’ 2023 Cryptocurrency Crime report, they found that illicit entities who used sanctioned DeFi services such as Tornado Cash saw significant loss in potential revenue across nearly every crypto crime category within two months following the sanctioning event. The average darknet market who had previously sent funds to one of the sanctioned services saw an estimated $25,000 less revenue in the two months following that service’s designation than they likely would have had the service not been designated. Therefore, existing oversight and guardrails such as sanctions laws are not limited to tackling money laundering threats only within the traditional U.S. financial system. They have been used to combat illicit activity in DeFi.

• “DeFi and crypto ATMs are part of a largely unregulated technology that needs stronger oversight and guardrails to prevent rampant money laundering and sanctions evasion”: Cryptocurrency-related crime has dropped by 65% so far in 2023 compared to 2022, according to Chainalysis. While crypto transaction volume in general has faced a pullback this year, the volume of illicit crypto transactions has taken a deeper dive, which refutes the belief that money laundering and sanctions evasion through DeFi is flourishing or spreading unhindered. Further, while criminals have used cryptocurrencies, DeFi, and crypto ATMs for financing illicit activities, several studies conducted by the Treasury Department, RAND Corporation, and others all conclude that the use of crypto as an enabler for these activities is overblown and limited compared to other financial products and services such as cash.

Aside from the mischaracterizations of DeFi and the impact of enforcement actions by U.S. government agencies like the Treasury against DeFi in recent years, the CANSEE Act does clearly outline how an application labelled as “decentralized” could be regulated like a centralized business. In truth, there is little difference between centralized platforms and businesses from DeFi apps that have been bootstrapped by deep-pocketed investors with a core team of developers that control app upgradeability and security. Both are vulnerable to regulatory capture and centralized points of failure regardless of the CANSEE Act. Therefore, rather than forcing DeFi services to further centralize to accommodate shifting regulatory environments, the introduction of the CANSEE Act should—especially if advanced—galvanize DeFi development teams to re-think protocol tokenomics and design to be decentralized not only in name, but also in practice.

-Christine Kim

WorldCoin – a utopian dream or a dystopian nightmare?

Worldcoin begins global rollout after launching WLD token on Optimism Mainnet. Worldcoin was co-founded in 2019 by Alex Blania and OpenAI CEO Sam Altman. According to the white paper, Worldcoin aims to create a “globally-inclusive identity and financial network” that has the potential to “increase economic opportunity, scale a reliable solution for distinguishing humans from AI online while preserving privacy, enable global democratic processes, and show a potential path to AI-funded UBI."

Worldcoin uses custom biometric imaging devices that scans users’ irises for Proof of Personhood (POP), which is an identity verification mechanism that uses unique attributes of individuals for Sybil-resistance (preventing individuals from creating multiple fake identities). The team notes that irises are data rich and offer strong fraud resistance beyond other forms of biometrics like thumbprints and facial recognition. Since commercially available iris imaging devices did not meet the team’s needs, the Worldcoin team built their own custom hardware known as “Orbs”. Users can register and verify their accounts by visiting an Orb operator (currently ~125 locations globally) and having their irises scanned to pass the humanness check and the uniqueness check. A unique IrisCode is calculated on the Orb, which then gets verified using ZK proofs, allowing users to gain access to their self-custodial World App wallets.

Regarding user privacy, the Worldcoin team claims they only use the data for the uniqueness check and that they do not collect PII such as names, phone #s or emails. Using ZK proofs enables users to pass the uniqueness check while still retaining anonymity - the data to be encrypted so biometrics data is not linked to one’s IrisCode or wallet. Biometric data is processed locally on the Orb and then deleted from the Orb by default once the IrisCode is created. However, users can opt into data custody to back up their biometric data with Worldcoin to reduce the number of times they may need to revisit an Orb.

For the rollout of the project, the Worldcoin team is focusing on four markets (i.e., Buenos Aires, Lisbon, Nairobi, and Bangalore + New Delhi) which could serve as launchpads for larger regions. WLD token is used to incentivize both user signups and the development of its Orb network through third-party manufacturers and operators. Of a 10bn capped supply of WLD, 75% is allocated to the community while 25% is allocated to “insiders”, including the initial development team (10%), investors (13.5%), and a reserve (2%). 143m WLD tokens or just 1.4% of the max supply was made available at launch – 100m of which went to non-US market makers while the remaining 43m went to pre-launch verified users (each airdropped 25 WLD worth ~$60 at launch).

As of 7/27, World ID has now surpassed 2.1m sign-ups with verified World ID users spanning from 120 countries; 2,000 Orbs have been manufactured with 127 Orb locations open to help users verify their World IDs. At the current price of ~$2.10, WLD has a FDV of $21bn, making it the #7 most valuable token across the entire crypto market.

Our take

Worldcoin is an ambitious attempt to address the growing identity verification problem in the emerging crypto-economy, but feedback from the crypto community so far has been resoundingly negative. Many critics voiced ethical concerns over potential for data mismanagement and privacy leaks for sensitive iris biometrics. The team has agreed that privacy is paramount and defends that their identity approach invalidates many of these concerns (e.g., registering for World ID does not require PII beyond the iris scan, biometrics data is not stored on Orbs, one’s IrisCode is not linked to one’s identity or wallet using encryption & ZK proofs, etc.). Having the former Zcash head of engineering as the Worldcoin Protocol Lead may help provide some greater assurances to the team’s public messaging. However, their software is not yet fully open-source, the hardware details behind Orb are discrete, and the privacy policy states that Worldcoin relies on third-parties to host or process user data and that they may share data with third-parties with legitimate reasons – all of which implies that Worldcoin has some trusted components that present potential backdoor attack surfaces.

Aside from the primary privacy and centralization concerns, Worldcoin critics also highlight implementation flaws such as: (i) unfavorable WLD tokenomics that heavily favor insiders – @tarunchitra stated the tokenomics would even “make Justin Sun blush”, (ii) lack of accessibility – the technology won’t be effective unless Orbs are installed everywhere, yet new user registrations are already bottlenecked by the lack of locations and building out the network is expensive with Orbs costing ~$2000–$3000 per unit, and (iii) mistrust in Sam Altman due to his background in AI, which is already heavy scrutinized for its disruptive potential and negative externalities.

For the most part, many of these concerns relate to the project’s implementation or they are based on hypothetical future dystopian scenarios that assume the technology will be abused. Most would probably agree that crypto has a Sybil problem and that POP solutions to verify humanness while retaining user privacy is an area worth exploring. Even though Worldcoin has not violated any privacy laws or mismanaged customer data (at least not to our knowledge), voicing these criticisms and highlighting system vulnerabilities adds pressure on the Worldcoin team to adhere to strong security standards to avoid any major social technological failure from occurring. After all, misuse of customer data and erosion of trust in centralized corporations have been the primary motivation for the Web3 movement.

There’s a lot at stake here with Worldcoin – WLD is already one of the top 10 most valuable tokens and today’s 2m+ registered World ID users already account for ~30% of the 7m unique addresses on Optimism. Failure of the project could potentially set the entire industry back. But if Worldcoin is successful in achieving its longer-term vision, it has the potential to bring an entire new population of users on-chain, transforming the way humans interact with blockchains, and unlocking significant wealth for all of humanity.

-Charles Yu

Potential CoinDesk Acquisition Materializes

The Wall Street Journal reported that CoinDesk is in talks to be acquired by a consortium of investors led by Matthew Roszak from Tally Capital and Peter Vessenes from Capital6. The deal is expected to value CoinDesk at $125 million, though the exact amount remains unconfirmed. The reported valuation is on par with CoinDesk competitor Blockwork’s recent $12 million raise at a $135 million valuation.

CoinDesk was founded in 2013 by Shakil Khan when the price of Bitcoin was around $200 and there were few crypto focused media outlets besides Bitcoin Magazine. Digital Currency Group (DCG) purchased CoinDesk in 2016 for $500,000 and was also one of its seed investors. In addition to news media, CoinDesk offers crypto indices and hosts the annual Consensus conference, one of crypto’s largest events. CoinDesk is one of few crypto media companies to have survived three crypto cycles and recently achieved a significant milestone by winning the prestigious Polk Award this year for its coverage of FTX.

Reports of the potential sale first emerged in January of this year following the collapse of FTX. DCG suffered significant losses leading it to explore the sale or closure of business units including CoinDesk, as well as its wealth management and institutional trading businesses. DCG owes creditors upwards of $3 billion and was sued by Gemini in early July for defrauding users.

Our take

Both Roszak and Vessenes are veterans of the crypto space. Vessenes was an early Bitcoin miner and identified the exploit that eventually led to the infamous Ethereum DAO hack in 2016. Roszak is an active investor and builder in the space and known for antics such as giving Bill Clinton his first Bitcoin and offering to buy Mt. Gox for one Bitcoin (worth about $425 at the time). Their motivations for entering the media space are unclear, however, but it’s likely that Roszak’s close relationship with DCG - Roszak’s company the Bloq is a DCG portfolio company - may have played a role in their involvement in this deal.

Should the sale go through, CoinDesk stands to benefit from leaving the DCG conglomerate, given the controversy DCG and its subsidiaries find themselves in. Back in 2016, when CoinDesk was acquired, there were concerns that CoinDesk's coverage of the industry would become compromised. These concerns were further exasperated in 2020 after CoinDesk moved offices into the same building as DCG.

Throughout these various challenges, however, CoinDesk has managed to maintain its journalistic integrity, most notably exemplifying their editorial independence in November 2022 by publishing the article that exposed FTX's balance sheet that eventually led to the collapse of both FTX and DCG subsidiary Genesis. News of a potential buyer for CoinDesk is a positive indicator that CoinDesk will once again have the runway under a new set of owners to continue its work covering the industry as one of crypto’s most prominent news media outlets.

-Lucas Tcheyan

Other News

• Amazon expands Web3 reach with cloud tools that help blockchain developers

• House Financial Services Committee votes in favor of crypto, blockchain bills

• Avalanche Foundation creates $50m incentive program to purchase tokenized assets

• Optimism moves forward with two proposals to add zk-proofs to OP Stack

• Reddit launches more Polygon NFTs—Already minting 18 million avatars

• Paradigm moves $3.5M in MakerDAO's MKR tokens following peer a16z's maneuver

• ZkSync's largest lender struck by $3.4M exploit