Proposal Summary

This XIP proposes the implementation of a wallet screening service to scan all addresses connected to Infinex accounts and review them for a range of risk categories. It also proposes a set of rules that if triggered will result in an Infinex account being placed into withdraw only mode.

Specification

Overview

An external wallet screening service will be implemented to scan all addresses connected to Infinex Accounts. This service provides extensive data and a broad range of risk related services, including reviewing addresses for evidence of issues such as Sanctions, Terrorist Financing, Human Trafficking, Hacked or Exploited funds as well as mixers and other services designed to obfuscate source of funds.

Rationale

All transaction activity in Infinex is onchain, thus it is a very poor candidate for any bad actor looking to obfuscate or hide their sources of funds. Each account is segregated and it is therefore not possible to leverage a "mixing" effect to obscure transaction paths through Infinex. Unlike some centralised exchanges which comingle funds creating a "black box" effect, by potentially enabling malicious users to attempt to obfuscate the connections between addresses, all user funds in Infinex are stored in individual onchain smart contracts.

Infinex is sophisticated crypto wallet software. Unlike many onchain protocols it is not directly accessible onchain, it requires services and middleware operated by Infinex or third parties to support many of its functions. However, the fact that security information is managed onchain means a user can always bypass Infinex to withdraw funds, this ensures funds in Infinex Accounts are always controlled by the user. No third party can access user funds or censor access to those funds, the platform can however, censor access to the platform. This set of trade-offs is fairly novel and is one of the benefits of account abstraction.

There are potential implications for operating crypto wallet services, if the software is used to process or hold illicit funds. These implications vary across jurisdictions and there is a general lack of clarity as to many aspects of the regulatory landscape. Despite this lack of clarity there are steps that a wallet provider can take to reduce risk.

There were several options considered when reviewing this proposal. These options include doing nothing and relying on the fact that Infinex is an unhosted non-custodial wallet, or seeking to limit access to the front end. Some of these options are trivially easy to bypass, any steps taken to mitigate these methods would likely result in many false positives and are ultimately unlikely to prevent a malicious actor from accessing the platform. Some options also create significant unintended consequences from a privacy perspective and makes a presumption that a user requiring privacy is by default malicious. This posture is not compatible with the open ethos of Infinex and the broader crypto ecosystem.

Doing nothing is also not an option as there is an obligation on anyone building and maintaining systems in crypto to actively prevent malicious users from leveraging platforms to do harm. Hacks, frauds and other malicious activity have a significant impact on the legitimacy of the crypto ecosystem and helping to prevent and mitigate the damage of such activities should be a guiding principle of anyone aspiring to build infrastructure to onboard millions of new users to crypto.

The solution proposed looks at each address in isolation and applies a standard set of rules to determine whether an address should be flagged, while this is not free from false positives, it is does not presume that large cohorts of users are malicious simply for using privacy preserving tools.

The final consideration was how to deal with onchain mixers. While a discussion of the illogicality of attempting to sanction immutable software running on public blockchains is outside the scope of this XIP, there are many novel approaches to onchain privacy that are being actively implemented, which seek to concurrently facilitate the right to privacy and proof of legitimacy of source of funds.

Technical Specification

Risk factors are graded within the system according to perceived seriousness and evidence of degree of proximity to the owner of the wallet address.

The wallets that return an outcome reflecting the highest level of risk across the highest impact categories, including, but not limited to; Sanctions, Terrorist Financing, Human Trafficking and Child Sexual Abuse Material, will have their accounts moved to withdrawal only mode.

Copyright

Copyright and related rights waived via CC0.