DeFi has not followed through on its privacy promises — yet

The DeFi industry is not living up to the expectations of Web3 builders or regulators

OPINION
article-image

Midjourney modified by Blockworks

share

When it comes to personal privacy, the promises of DeFi summer have rung hollow. 

Projects flooded the scene with buzzwords like “financial privacy” and “cryptographic security” during the DeFi boom of 2021, setting user expectations sky high when the industry was still in its earliest stages.

As a result, once the dust settled, it became apparent that most of DeFi’s bold privacy declarations had fallen short of expectations. This issue has been further underscored with the rise of new on-chain analytics services like Arkham Intelligence and Chainalysis, whose data dashboards revealed how traceable DeFi users’ on-chain activity actually is. 

Now, the DeFi sector is facing increased regulatory pressure to de-anonymize certain transactions and user profiles, while simultaneously dealing with flagging user confidence in terms of their individual rights to data privacy. 

But do these challenges mark the demise of privacy in DeFi? We certainly don’t think so.

The fact is, today’s most pressing issues are not a criticism of the nature of DeFi itself, but of its current state of evolution. More specifically, the problem for developers is that much of this frenzy was built on underdeveloped technology which has not lived up to the hype. However, the underlying infrastructure is rapidly maturing, and the Web3 development paradigm is shifting away from the notion that “transparency” must invariably be linked with a “lack of privacy.”

There is a significant difference between a libertarian approach to crypto privacy (doing what you want with no regards to anti-money laundering efforts) and privacy that enables new use cases in a regulatory-friendly way (doing what you want as long as your funds come from a legitimate source). 

Read more: Privacy remains sticking point in America’s ongoing CBDC debate

Fortunately, most privacy laws allow for this delineation, which is why the vast majority of existing regulations have more to do with areas concerning customer protection rather than a blanket opposition to “privacy.”

For instance, the US government supports privacy-enhancing technologies — as long as they align with existing AML/CFT rules. However, when organizations use private blockchains without following these guidelines or use services that operate outside the current laws, they create unnecessarily risks for their users. 

The key to making this approach to privacy both practical for regulators and agreeable to users could be, for instance, a decentralized data storage of user’s credentials such as idOS — a GDPR-compliant identity system recently announced during this year’s TOKEN2049 conference. With a solution like that, no single party is in control of user’s credentials even as the system verifiably ensures that users are not on any authorized sanctions lists. 

Rapidly maturing technologies like zero-knowledge proofs and decentralized identity systems eliminate the need for (and the possibility of) divulging extraneous user data to any external party. At the same time, they enable regulators to identify and act on malicious on-chain activity with confidence and rapidity. Combining such a storage system with privacy-enhanced DeFi apps makes for a comprehensive privacy trading suite that is also aligned with AML regulations. 

All of which is to say, Web3 builders are listening to both regulators and end users and developing more nuanced solutions that cater to both ends of the spectrum. There is no doubt that the industry as a whole currently does not live up to the expectations of either side. 

Read more from our opinion section: DeFi has a reputation problem

However, one could say the same about the modern Internet, which mirrors DeFi’s evolutionary trajectory from both a developmental and regulatory perspective.

For context: The birth of the internet can be traced to an academic initiative conducted by the US Advanced Research Projects Agency — but the Internet as we know it today was largely the result of a series of informal interactions and decisions made by tinkerers and fringe enthusiasts in the following years. Small, experimental “testnets” and applications that few people imagined would ever matter gave rise to essential Internet protocols still in use today, including File Transfer and TCP/IP.

During this time, the internet was essentially unregulated. Until the expansion and commercialization of the internet in the mid-1990s, the internet’s primary governance model was decentralized and based on informal standards and protocols voluntarily adopted by builders, with a focus on making networks interoperable. 

And yet regulations eventually followed, developers adapted, and the vast majority of today’s global financial activities are conducted online — something that would have been unimaginable just a few decades ago given the internet’s discombobulated origins. Despite all its issues, the internet has unquestionably been a force for good in the world: The rapidly maturing DeFi sector has the potential to have a similar impact on the financial system and beyond.

As DeFi continues to grow and mature, regulators will develop new frameworks to govern this industry while developers will create new, responsible privacy-preserving technologies. That’s why Web3 builders should recognize that today’s privacy shortcomings are a puzzle to be solved, not an indictment on the industry. And if an industry outsider cannot imagine a Web3 protocol that addresses regulators’ privacy concerns while satisfying users’ privacy needs, that’s only because that solution hasn’t been built by an industry insider — yet.



Get the news in your inbox. Explore Blockworks newsletters:

Tags

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Industry City | Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

Brooklyn, NY

SUN - MON, JUN. 22 - 23, 2025

Blockworks and Cracked Labs are teaming up for the third installment of the Permissionless Hackathon, happening June 22–23, 2025 in Brooklyn, NY. This is a 36-hour IRL builder sprint where developers, designers, and creatives ship real projects solving real problems across […]

recent research

Research Report Templates.png

Research

Ethena Labs is leaping from its flagship synthetic dollar, USDe, to a full product suite—USDtb, iUSDe, and the Arbitrum-based Converge Chain—designed to marry crypto-native yields with TradFi-grade compliance. Our analysis shows how expanding into CME, ETF options, and tokenized Treasuries could lift protocol revenue from sub-$500 million in a bear case to several billion dollars if favorable regulation and institutional adoption align.

article-image

The L1’s Interwoven Stack is the most opinionated tech stack yet

article-image

Bitcoin is still rising, 11 years after the documentary film The Rise and Rise of Bitcoin

article-image

Arch Labs CEO told Blockworks that the team plans to launch a native token, but declined to give details

article-image

CEO Mike Silagadze tells Blockworks that the US is “open for business” and why its DeFi bank offering is the first of many

article-image

Doing one thing well and leaving everything else out is often what disruptive technologies do best