Blocktrainer.de has already reported several times in recent months and years on the new regulatory guidelines for cryptocurrencies, which are being implemented in particular as part of the "MiCAR" (Markets in Crypto-Assets Regulation). One of these measures is the Transfer of Funds Regulation (ToFR), also known as the "Travel Rule". But how exactly does the ToFR work, and why is its implementation - particularly through the so-called "Satoshi Test" - currently causing so much controversy?

What is the Transfer of Funds Regulation?

The Transfer of Funds Regulation is a European Union regulation that will come into force in all EU member states from December 30, 2024. The aim of the regulation is to combat money laundering and terrorist financing through cryptocurrencies more effectively. To this end, the ToFR obliges so-called crypto-asset service providers (CASPs) such as exchanges or payment providers to collect, forward and store extensive data on transactions.

Specifically, the ToFR stipulates that CASPs must verify the identity of the sender and recipient for every transaction - regardless of the amount - and collect numerous data. This includes name, address, date of birth and account details. This information is to be transmitted to the respective recipient service provider during the transaction and stored for a specified period of time to enable traceability by authorities. This is intended to create a standard that is based on the transparency requirements for traditional fiat currency transactions.

Info

Obligations for service providers

In the coming year, crypto service providers in the EU will be required by law to monitor customers and transactions even more strictly:

  • Identity verification of users: crypto service providers are required to clearly verify the identity of people transferring digital assets. This includes details such as the full name, residential address or date of birth of the parties involved.
  • Storage of transaction data: The personal information collected must be securely archived and stored for a specified period of time. This enables traceability in the event of suspicion and ensures that transactions can be traced transparently.
  • Obligation to report suspicious activities: Platforms in the crypto sector are obliged to identify unusual or conspicuous transactions and forward suspicious activity reports to the relevant authorities.
  • Risk management and monitoring: Providers of crypto services must implement comprehensive compliance programs and effective risk assessment and monitoring measures to ensure that they meet all regulatory requirements.
Info

A self-custody wallet (also known as a "self-hosted wallet" or sometimes "unhosted wallet") is a digital wallet where users have complete control over their private keys and can therefore access their cryptocurrencies directly. Unlike wallets that are managed by third-party providers such as exchanges or custodians, the keys and responsibility for the self-managed wallet lie exclusively with the user. This type of wallet offers maximum independence and security, as no external party has access to the assets. However, it also requires a higher degree of personal responsibility, as the loss of the private key means the irrevocable loss of the stored cryptocurrencies.

Challenges for CASPs

The implementation of the ToFR poses considerable practical and logistical challenges for service providers, especially when dealing with self-managed wallets. In future, crypto-asset service providers (CASPs) such as exchanges, payment service providers or custodians will not only have to collect extensive data from users - as mentioned above - but also reconcile and forward it in real time with each transaction. While this is relatively straightforward for internal transfers within a platform, it becomes extremely complex for transactions with self-managed wallets. Here, there is no direct communication interface, as is common with traditional financial institutions. Instead, service providers have to find creative solutions to ensure that the wallet belongs to the specified user.

In addition, the high regulatory requirements make operations more difficult for service providers. They not only have to develop robust IT infrastructures, but also implement processes that meet both technical and legal requirements. These include mechanisms for identity verification, the processing and storage of sensitive data and the protection of this data against misuse. In doing so, they are always caught between compliance and user-friendliness: while the ToFR demands maximum transparency, users understandably continue to expect smooth, data-secure and uncomplicated use of their wallets and services. Added to this are the rising costs of additional infrastructure and administration, which ultimately have to be borne either by the companies themselves or by the users.

What is the Satoshi test?

A central aspect of the new regulations concerns self-managed wallets, i.e. wallets where users retain complete control over their private keys. CASPs must ensure that the user is actually the owner of the specified wallet when a transaction is carried out with a self-managed wallet. This is known as "proof of ownership" or simply "proof of ownership".

This is where the so-called "Satoshi test" comes into play, which is proposed as a solution by some providers. The Satoshi test works in such a way that the user has to prove that they have control over a self-managed wallet by means of a small microtransaction. A small amount of cryptocurrency, usually in the form of a random microtransaction within a defined range (equivalent to 50 cents to one euro), is sent from the user's wallet to a specified destination address. This transaction serves as proof that the user has access to the private wallet and can therefore be identified as its owner.

As soon as the transaction has been successfully completed, the proof is deemed to have been provided and the transferred coins can be assigned to the desired purpose by the respective service provider - or so the theory goes.

 

Info

1000€ limit

Deposits to a platform that originate from a self-hosted wallet and exceed a value of 1,000 euros require a proof of ownership to confirm the user's control over the wallet. Proof of ownership, the destination address and other personal data are also required for withdrawals to a self-hosted wallet, especially for amounts above the EUR 1,000 limit.

Criticism of the Satoshi test

The Satoshi test has already been heavily criticized in the community for several reasons, as it has considerable weaknesses both technically and practically. One of the main points of criticism is that, strictly speaking, the test does not provide any real proof of ownership. Instead, it merely proves that the user had access to a wallet at a certain point in time or knows someone who has this access. It is therefore entirely possible that the actual owner of the wallet is a third party carrying out the test on behalf of the user. This means that the Satoshi test does not fully meet the regulatory requirement of proof of ownership and highlights the actual nonsensical nature of the whole thing.

Another fundamental flaw of the Satoshi test is its lack of compatibility with the Bitcoin UTXO model. This model splits each Bitcoin transaction into unused outputs, and modern wallets ensure that a new address is automatically generated after each transaction. This mechanism protects users' privacy, but now conflicts with the Satoshi test, as each new address would have to be verified again. Users who follow the recommended security and data protection standards are therefore forced to carry out the test repeatedly - an inefficient and costly process, especially as users have to bear the costs themselves.

The problem of change addresses also exacerbates the situation. Bitcoin wallets often automatically send the remaining amount of a transaction to a new address in order to protect privacy. However, this new address would have to be verified again as part of the Satoshi test, which further increases the administrative effort. This not only leads to a poor user experience, but also carries a higher risk of error.

The fact that the Satoshi test is neither compatible with basic wallet standards nor with the principles of basic data protection shows how poorly thought-out this method is. The use of digital signatures would be a simple and cost-effective alternative that would not compromise either the UTXO model or the user experience - at least if implemented properly and thoughtfully.

Outlook

In the short and medium term, the crypto community in the EU will have to come to terms with the ToFR for better or worse. Users and service providers alike will therefore have to get used to additional bureaucratic hurdles and potentially higher costs, for example through procedures such as the aforementioned Satoshi test. However, there is hope that service providers will come up with more practical and user-friendly solutions in the future that are less complex and costly.

At the same time, the effectiveness of the ToFR in terms of its objectives must be critically scrutinized anyway. The fight against terrorist financing and money laundering is unlikely to be significantly improved by these measures, as illegal actors usually find ways to circumvent such regulations anyway. Instead, the ToFR shows how excessive regulation can restrict markets and freedoms while significantly worsening the user experience. Hopefully, in the long run, both the EU and the crypto industry will find ways to reconcile regulatory requirements with the fundamental principles of decentralization, privacy and user-friendliness. Hope is slim, but as we all know, it dies last.

Info

One provider that has already implemented "proof of address" in a very practical and user-friendly way is the Swiss service "Pocket". Although it is not based in the EU, under Swiss law it must also provide proof of ownership under certain conditions. Pocket is directly integrated into our recommended wallet, the BitBox app, which makes buying and selling particularly easy.

  • Error:  Keine Produkte gefunden!
René

About the author: René

René has been with Blocktrainer.de from the very beginning. As "Chief Operation Officer", he is now mainly entrusted with strategic and organizational tasks, but enjoys occasional editorial work. In the many years he has been involved in the Bitcoin cosmos, he has acquired a broad range of expertise in all areas relating to the most important cryptocurrency.

Article by the author

Kommentare aus unserem Forum