DeFi has not followed through on its privacy promises — yet

The DeFi industry is not living up to the expectations of Web3 builders or regulators


Midjourney modified by Blockworks


When it comes to personal privacy, the promises of DeFi summer have rung hollow. 

Projects flooded the scene with buzzwords like “financial privacy” and “cryptographic security” during the DeFi boom of 2021, setting user expectations sky high when the industry was still in its earliest stages.

As a result, once the dust settled, it became apparent that most of DeFi’s bold privacy declarations had fallen short of expectations. This issue has been further underscored with the rise of new on-chain analytics services like Arkham Intelligence and Chainalysis, whose data dashboards revealed how traceable DeFi users’ on-chain activity actually is. 

Now, the DeFi sector is facing increased regulatory pressure to de-anonymize certain transactions and user profiles, while simultaneously dealing with flagging user confidence in terms of their individual rights to data privacy. 

But do these challenges mark the demise of privacy in DeFi? We certainly don’t think so.

The fact is, today’s most pressing issues are not a criticism of the nature of DeFi itself, but of its current state of evolution. More specifically, the problem for developers is that much of this frenzy was built on underdeveloped technology which has not lived up to the hype. However, the underlying infrastructure is rapidly maturing, and the Web3 development paradigm is shifting away from the notion that “transparency” must invariably be linked with a “lack of privacy.”

There is a significant difference between a libertarian approach to crypto privacy (doing what you want with no regards to anti-money laundering efforts) and privacy that enables new use cases in a regulatory-friendly way (doing what you want as long as your funds come from a legitimate source). 

Read more: Privacy remains sticking point in America’s ongoing CBDC debate

Fortunately, most privacy laws allow for this delineation, which is why the vast majority of existing regulations have more to do with areas concerning customer protection rather than a blanket opposition to “privacy.”

For instance, the US government supports privacy-enhancing technologies — as long as they align with existing AML/CFT rules. However, when organizations use private blockchains without following these guidelines or use services that operate outside the current laws, they create unnecessarily risks for their users. 

The key to making this approach to privacy both practical for regulators and agreeable to users could be, for instance, a decentralized data storage of user’s credentials such as idOS — a GDPR-compliant identity system recently announced during this year’s TOKEN2049 conference. With a solution like that, no single party is in control of user’s credentials even as the system verifiably ensures that users are not on any authorized sanctions lists. 

Rapidly maturing technologies like zero-knowledge proofs and decentralized identity systems eliminate the need for (and the possibility of) divulging extraneous user data to any external party. At the same time, they enable regulators to identify and act on malicious on-chain activity with confidence and rapidity. Combining such a storage system with privacy-enhanced DeFi apps makes for a comprehensive privacy trading suite that is also aligned with AML regulations. 

All of which is to say, Web3 builders are listening to both regulators and end users and developing more nuanced solutions that cater to both ends of the spectrum. There is no doubt that the industry as a whole currently does not live up to the expectations of either side. 

Read more from our opinion section: DeFi has a reputation problem

However, one could say the same about the modern Internet, which mirrors DeFi’s evolutionary trajectory from both a developmental and regulatory perspective.

For context: The birth of the internet can be traced to an academic initiative conducted by the US Advanced Research Projects Agency — but the Internet as we know it today was largely the result of a series of informal interactions and decisions made by tinkerers and fringe enthusiasts in the following years. Small, experimental “testnets” and applications that few people imagined would ever matter gave rise to essential Internet protocols still in use today, including File Transfer and TCP/IP.

During this time, the internet was essentially unregulated. Until the expansion and commercialization of the internet in the mid-1990s, the internet’s primary governance model was decentralized and based on informal standards and protocols voluntarily adopted by builders, with a focus on making networks interoperable. 

And yet regulations eventually followed, developers adapted, and the vast majority of today’s global financial activities are conducted online — something that would have been unimaginable just a few decades ago given the internet’s discombobulated origins. Despite all its issues, the internet has unquestionably been a force for good in the world: The rapidly maturing DeFi sector has the potential to have a similar impact on the financial system and beyond.

As DeFi continues to grow and mature, regulators will develop new frameworks to govern this industry while developers will create new, responsible privacy-preserving technologies. That’s why Web3 builders should recognize that today’s privacy shortcomings are a puzzle to be solved, not an indictment on the industry. And if an industry outsider cannot imagine a Web3 protocol that addresses regulators’ privacy concerns while satisfying users’ privacy needs, that’s only because that solution hasn’t been built by an industry insider — yet.

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2023

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Cover Vertex.jpg


The proliferation of new perp DEXs has led to fragmented liquidity across various DEXs and chains. Vertex, known for its vertically-integrated DEX that includes spot, perpetual, and integrated money markets, is now tackling cross-chain liquidity fragmentation through horizontal integration with the launch of new Edge instances. Vertex's integrated offerings and cross-margined account structure amplify the benefits of new instances: native cross-chain spot trading, optimized cross-chain basis trading, consistent interest rates, reduced bridging friction, and more.


Partnering with EtherFi and Angle, the fully on-chain perp DEX features bespoke collateral



Gavin Wood introduced the next evolutionary step for the Polkadot network: the Join-Accumulate Machine, or JAM


The side events were the places to be at Consensus 2024, according to attendees


Also, who’s come out swinging in the spot ether ETF fee war — and who could undercut them


I know it is not in their nature, but US regulators could learn a lot by researching the digital asset frameworks that overseas regulators have already gotten right


Also, the ETF hype train can count out at least one member