It’s not that I’m throwing cold water, but is KYC necessary to use Coinbase’s L2?
This article comes from Blec report, compiled by Odaily translator Katie Koo.
This article comes from
, compiled by Odaily translator Katie Koo.
On February 23, 2023, Coinbase announced that it would develop an L2 network called Base on Ethereum, calling it "a secure, low-cost, developer-friendly way to build decentralized applications."
If you’re not familiar with the concept of Ethereum’s L2 networks, think of them as “chains” built on top of Ethereum, essentially adding another “layer” of transactions on top of Ethereum’s Proof-of-Stake (PoS) network. These L2s typically use ETH as the base currency and provide a "cross-chain bridge" with Ethereum for transferring funds.
The most famous Ethereum L2 networks are Arbitrum, Optimism, zkSync and Aztec. Coinbase chose to leverage the Optimism software stack to build its L2.
From an infrastructure perspective, all existing L2 networks can be considered fairly centralized. They both leverage centralized “sequencers,” nodes that build and execute L2 blocks, while also transferring user actions from L2 to L1. Essentially, these orderers are responsible for processing all user transactions on L2.
Due to the centralized nature of networks like Arbitrum and Optimism, questions have been raised about how responsible the companies behind these two networks should be for the content of the transactions they process. Arbitrum and Optimism have largely escaped regulation since their role as "legal currency intermediaries" has not (yet) been recognized by any government.
However, Coinbase has been a recognized regulatory-crypto “intermediary” for many years and is registered as a “financial services business” with FinCEN (U.S. Treasury Department’s Office of Anti-Money Laundering). You can learn more about Coinbase compliance from the official Coinbase website.
Coinbase must comply with a number of financial services and consumer protection laws, including:
The Bank Secrecy Act requires Coinbase to verify customer identities, keep currency transaction records for up to 5 years, and report certain transactionsThe USA PATRIOT Act requires Coinbase to designate a compliance officer to ensure compliance with all applicable laws, establish procedures and controls, ensure compliance, conduct training, and periodically review the compliance program.
But now, things are getting a little worrisome.
Coinbase has announced via Bankless that it will be running Base's only "sorter" at launch.
This means that Coinbase, a licensed money transfer institution required to comply with the USA PATRIOT Act and the Bank Secrecy Act, will be solely responsible for processing all Base L2 transactions.
This begs the question: Do all cross-chain to Base funds need to be authenticated by Coinbase (KYC) before the cross-chain is allowed? If so, then Base will be the first Ethereum L2 that only needs KYC (first-ever KYC-only).
In interviews, tweets, and blog posts, Coinbase speakers like Base head Jesse Pollak and Bankless have been very careful to say that Base will build permissionless on top of it. However, they never made it clear that they will be able to use Base without permission, and Coinbase is clearly "playing Tai Chi". In fact, during Jesse Pollak's entire 1+ hour interview with Base, questions about KYC or user immunity never came up.
I posed the following questions directly to Coinbase and Jesse Pollak multiple times via Twitter and Discord:
Do I need to pass KYC compliance to transfer funds to Base?
If not, how does Coinbase plan to comply with its existing obligations under the Bank Secrecy Act and the USA PATRIOT Act as the sole orderer?
The only response I've received so far is an interaction from Base lead Jesse Pollak:
In this answer, Pollak neatly sidesteps my question. He reiterated that Coinbase intends to make the web "privilege-free, decentralized, open, global, and accessible." It sounds like he’s saying that anyone can use Base, but he doesn’t say it directly either, it sounds more like a “statement” that has been scrutinized by Coinbase’s compliance team. And this statement he did not mention in his blog post, we need to pay special attention.
Why is Coinbase evasive when answering these questions? They don't seem to want DeFi users to think about these issues at all, and they don't worry about whether developers will confuse the actual situation by not reading Coinbase's "behind the lines" when they start building the network.
By integrating the information disclosed by Coinbase, we can draw the following information:
Since its founding in 2012, Coinbase has been a recognized money transfer institution, subject to the Bank Secrecy Act and the USA Patriot Act.
Coinbase is required by law to perform KYC identities on all of its depositors so that the U.S. government can adequately track and monitor its depositors’ funds.
Coinbase will be the sole "orderer" for Base L2, meaning it will be solely responsible for all transactions that pass through the network.
As the sole "orderer," Coinbase has the ability to block or reorder transactions on Base in any way it sees fit. This is the perfect way to review Base transactions.
Allowing open cross-chains to Base (whether from Ethereum L1 or other L2 and sidechains) would mean that non-KYC funds from unknown sources would be processed by Coinbase's "orderer", which would cause Coinbase to violate US law.
Therefore, we have every reason to believe that Coinbase only allows users to transfer funds from the Coinbase exchange itself to Base, because all funds on the Coinbase exchange have been KYC verified by Coinbase.
