Why do I say "KYC on the chain" is the prelude to the failure of Web3

Recently, Galxe (formerly Project Galaxy) announced the launch of the Galxe Passport. Galxe said that the project can be used as the general identity of users in Web3, and can store identity information securely and anonymously. This activity also borrows the popular "soul binding". Galxe Passport will exist in the wallet in the form of SBT.

However, after its launch, this project has triggered extensive discussion in the community, and the discussion on this activity has spread to similar tracks.


After the actual experience, Odaily Planet Daily found that the casting of Galxe Passport requires the user to provide ID, such as ID card, passport and other documents. If you are not the top 100000 casting users, this SBT even requires users to pay $5 at their own expense as a certification fee.

without doubt,Galxe Passport attempts to collect user identity information and perform KYC authentication for the wallet address.

Coincidentally, Galxe was not the first to do so. Not long ago, Binance announced the launch of BNB based; The first Soulbound Token in the Chain: The Binance account binding (BAB) token is used as the identity certificate of the Binance user who has completed KYC authentication. Unauthenticated KYC users cannot be forged. The token is non transferable and unique.

SBT is naturally suitable for KYC?

Some time ago, V God published an article on "soul binding", which brought NFT into a new field that nobody set foot in. Although many feasible use cases about SBT have been proposed, such as trusted reputation data, skill certificates, more excellent POAP, and so on. However, these more practical use cases are still mostly in the experiment, which is far from the reality.

At present, the most extensive SBT use cases are probably the coin security BAB and Galxe Passport. The two are highly similar: they are both KYCs on the chain.

The characteristics of SBT determine that it can be used to store or prove some information. From the perspective of form, this token is practical and convenient as KYC.

At present, Web3 lacks a native on chain KYC solution. When the project party conducts "real person" authentication, it will more often use Web2 based authentication methods to indirectly achieve real person authentication. For example, verify Twitter account, Discard account, etc. This depends on the centralized Web2 infrastructure at the bottom, and has certain limitations.

Perhaps it is precisely for this reason that doing KYC on the chain based on SBT has become a track favored by many project parties. It seems that the project parties in the encryption world really need a native identity solution for encryption. However, there is no better choice in the market at present.

Need KYC for wallet address?

When the project parties try to issue KYC to our wallet addresses one after another, a more critical question may be worth our attention: Does the wallet address need KYC?

In the whole encryption world, KYC has full necessity. For compliance, supervision, investor protection and other fields,

Decentralization is the cornerstone of the crypto world. The account system built with wallet address as ID has been running steadily for a long time. The words "no trust" and "decentralization" are not just words. With the long-term efforts of the builders, the crypto aborigines have really built a free world on the chain without bank cards and passports. Smart contract, DeFi, NFT, and technological progress make the decentralized world run smoothly.

Naturally, the order without KYC has its bad side. For example, community governance is more difficult, fake numbers are prevalent, and there may be a risk of witch attacks. However, the industry is committed to solving these problems through various ways. And KYC for wallet address may be the worst choice.

More terrible than asset theft is identity theft

KYC authentication of wallet address is not a once and for all method. It may even have the opposite negative consequences.

In the centralized platform KYC, nothing too bad seems to have happened. But this is precisely due to "centralization", rather than the inherent advantages of KYC.

After the centralized platform KYC, in case of security incidents such as password loss, users can freeze and lock their accounts by their identities, or confirm the ultimate ownership of the accounts. After KYC, users are "verified as real". Although the data is kept by the centralized platform, the ownership and identity of users are unquestionable based on the centralized process. All centralized data can be frozen, retrieved and cancelled.

For the platform, the platform can also master the user identity, meet compliance requirements, confirm the authenticity of users, eliminate robot interference, and so on. KYC certification on the centralized platform is not a bad thing.

But what will happen when this process is put on the chain? The ownership of the wallet is not guaranteed by the centralized organization based on the ID card, but is completely controlled by the private key. This also means that KYC has almost lost its greatest significance: to confirm the authenticity of users.

Although SBT is not transferable and cannot be traded, the wallet address can be shared. With the help of smart contract wallet, the wallet address can even realize ownership transactions.

If the user uses a non personal KYC address on the chain, the result is almost disastrous. For the project side, first of all, the user data obtained by the protocol may be distorted. Because the actual controller of the address can be changed, the user's actual behavior on the chain may differ greatly from the binding address behavior.

For users, because of the characteristics of SBT, this KYC cannot be eliminated or even transferred. Once the private key is disclosed, users will lose not only their property, but also their identity, which is especially terrible.

What are the other problems?

In addition, the problem of data security also deserves enough attention. Where is the identity information stored after users perform operations such as KYC on the chain?

In the future, with the evolution of technology (and the improvement of KYC requirements of the project party), will our fingerprints, faces and certificates all need to be submitted to the project party? There is no doubt that the transmission and storage of these data are still Web2. Although we have obtained SBT as the data voucher, the risk of data security is still a Web2 problem. In addition, the project side still has a huge moral hazard for user data - no one knows how these data will be used by the project side.

There is no doubt that KYC on the chain is a Web2 type data collection action using Web3 to encapsulate data vouchers. This is far from the Web3 concept that users have data sovereignty.

In the crypto world, we usually have more than one wallet. A single address cannot represent the user, and faces the risk of changing the address and losing the private key. Encapsulating user identity information in a specific on chain address is distorted. The data behavior of the address on a single chain often cannot fully represent the user itself.

Although the crypto world needs a trusted identity system, a more reliable DID. But is it really the best choice to KYC the wallet address? The confrontation between identification and forgery of false identities has been going on all the time, but none of the project parties dare to challenge the world's public opinion and require users to "take air drops with their ID cards".

That's what Web3 promises - a free, open, and license free decentralized Internet& nbsp;