NEW: KYC by Ape O’Clock
TLDR: Ape O’Clock is offering secure, professional KYC to developers and project owners that protects both the prospective investor and the development team.
Ape O’Clock has been requested to provide KYC services in the past, but we’ve always declined. Why? Well, the current defi KYC landscape of developer / project owner identity verification as it stands doesn’t, in our opinion, provide enough actual verification of the identity of the KYC’d person. And it would be unethical to provide a service that we didn’t feel sufficiently protected both the developers / project owners AND the defi investors who participated in a project because of it’s KYC status.
What good is developer KYC if it can be easily faked, gamed or spoofed?
Fake IDs aren’t difficult to obtain. Deepfake video technology can make a pre-recorded video appear as if it’s live, and/or make it appear that someone is in a video when they actually aren’t.
For example, a recent rug involving CowsnAliens had “KYC,” but that KYC appears to have consisted of a photo of an ID. That’s it. No photo of the individual purported to be the holder of that ID. No video. No identity verification cross-checks. No biometrics. Investors feel like they were duped into believing this project had legitimate KYC when in fact the identity information the KYC provider collected (a single photo of the front of a dubious looking ID card) was likely completely fraudulent.
You as investors deserve better, and we’re confident that we have designed a process that better meets the needs of the defi community.
A project with an (legitimate) audit is, in general, less risky than a project without an audit. Likewise, a project with (legitimate) KYC is, in general, less risky than a project without KYC.
A free code review used to be sufficient to ensure a project’s safety, at least from a “hard rug,” but as defi evolves, we’re seeing the popularity NFTs grow, as well as more complicated protocols like Tomb and OHM forks that aren’t eligible for free reviews.
This is where KYC becomes even more essential. Without an audit or code review from an independent third party, KYC may be the most powerful and realistic way for developers to signal to investors that a project is trustworthy.
What does Ape O’Clock KYC look like?
The project owner will receive a link to e-sign an agreement. The agreement states that:
- Signee takes full responsibility for the actions of the Project, it’s smart contracts, Project associated wallets, Project’s domain name and domain content, Project’s social media accounts and their content, Project-supplied liquidity, etc.
- Signee agrees that Ape O’Clock will release signee’s identity information to law enforcement, government agencies, and regulatory bodies upon request.
- Signee agrees that Ape O’Clock will directly contact law enforcement, government agencies, regulatory bodies if the Project is suspected of fraud or theft.
The project owner will submit identity verification documents (back and front). Identity verification documents could be a passport, ID Card or Driver’s License. Documents with barcodes are scanned to ensure the barcode is legitimate. The extracted identity information is automatically checked against national databases to ensure authenticity, while the document’s appearance itself is also checked for signs of fraud.
The device and network the user is on at the time of submission, coupled with personal data from the identification document is analyzed by machine learning to identify any inconsistencies.
A biometric analysis and liveness / anti-spoofing assessment is conducted, ensuring the ID photo matches the face of the user submitting them. Both video and still images of the user are collected and evaluated during this step.
The identity verification information collected in steps 2-4 is weighed as a whole and given a “pass” or “fail” status by the AI.
The final step is a manual review. The e-signed agreement from Step 1, and its associated metadata is compared to the identity verification data collected in steps 2-5 to ensure consistency and completeness. Assuming it all checks out, the Project is awarded “KYC by Ape O’Clock” status.
They KYC project is notified that they passed the KYC process.
Their event will be updated to include the “ApeOClock KYC” label on the main calendar, as well as on the individual event page:
The project may use “KYC by Ape O’Clock” badges on their site, social media accounts, marketing materials, etc.:
Will this KYC process prevent a project from rugging?
It’s a huge deterrent, but it’s not 100% fail-safe.
For example, someone who lives in a country that doesn’t have a robust cyber or crypto crime division within their local or national law enforcement might know that even if law enforcement obtained their identity, they would be unable or uninterested in pursing the suspected criminal. Or perhaps law enforcement in their location is corrupt and easily bribed. In either case, they might successfully complete KYC with their real identity, knowing full well that there will be no repercussions from local law enforcement.
Projects that only steal a “small” amount of money might even be ignored by law enforcement in jurisdictions that do have the capabilities to pursue the suspect. For example, it might be tough to get Interpol’s attention for a $30,000 crypto theft, when their focus is generally on much larger crimes.
Just like audits aren’t a 100% guarantee of safety, neither is KYC – no matter which provider issues it and how exhaustive their process is. Never invest more than you can afford to lose and always diversify your portfolio.
WHAT HAPPENS IF A KYC PROJECT DOES RUG?
Investigation, arrest and prosecution is the responsibility of law enforcement. Ape O’Clock will never release the identity of KYC’d individuals to the general public, under any circumstance.
Here are just a few reasons:
- Perhaps the KYC’d individual lives in the same city/town as someone else with the same name. The internet mob could go after the wrong person.
- Perhaps the KYC’d individual did, during our KYC process, accept full responsibility for the actions of the project. Then they hired a dev to help with a portion of the project. That hired dev stole funds from the project. The individual who has been KYC’d should absolutely bear responsibility for their irresponsible actions in accordance with local law, but having law enforcement trained in blockchain forensics investigate who the real thief is has immense value too – and could even lead to recovery of the stolen assets.
- The families, children, friends etc. of someone who is a thief do not deserve to be harassed or hurt due to the KYC’d individual’s actions.
- Online threats are usually just that – online threats. But we will not take the chance that a death threat or something similar toward the dev or project owner won’t be acted on. This isn’t the 1800’s and we won’t provide the public with the ability to engage in vigilante justice.
Ok, so you know we won’t release the KYC identity information to the public. What WILL we actually do?
We will proactively contact and release the identity information to local police in the city/town the KYC’d individual lives in.
We will alert any CEX’s associated with the wallet used to steal funds of the theft and our collected identity information of the KYC’d individual.
We will additionally release the information to any other law enforcement, government agencies, courts or regulatory authorities at their request.
A project with a Treasury balance of $700,000 has all the funds disappear in a “hack.”” The wallet that deployed the contract, and wallets associated with that deployer wallet were not the wallets that received the stolen funds. The KYC’d party lives in Munich. A large group of investors are in London.
In this case, we would contact Munich police, German BKA and Interpol directly with the information we know – the project’s contract address, approximate amount stolen, the identity of the KYC’d individual, the agreement the KYD’c individual signed with Ape O’Clock as part of the KYC process, and any transactions associated with the theft. We would assist in connecting the investors who’s funds were stolen with the Munich police so law enforcement can continue to gather information to investigate the case.
At the same time, we would urge the investors in London, and elsewhere to file complaints with their local police and would release all information to those agencies as requested.
Please note that in this case, we (meaning Ape O’Clock and the general public) don’t know with 100% certainty that the KYC’d party executed the hack. That will be determined by law enforcement – was it a genuine hack, or was it an inside job? They will have the identity of the KYC’d party to begin their investigation.
A yield farm has all deposited funds transferred a wallet that also originally funded the deployer wallet, and that wallet was funded by a Binance hot wallet. The KYC’d party is in Buenos Aires. Investors are worldwide.
We would contact Binance, the Buenos Aires police, the Federal Police of Brazil, and Interpol with the identity information of the KYC’d individual as per example 1, above. We would urge investors to contact law enforcement to file a report in their locale, and we would release the KYC information to any additional police, government or regulatory bodies that request it.
This process has been in the planning stages for several weeks, but the CowsnAliens situation was such a disappointment it further solidified the need for a more stringent KYC standard in the defi space for devs and project owners. Like everything we do, our prices, policies, process and payment wallet is 100% transparent and available to the public.
We realize that the thorough and robust process we’ve put together might deter some projects from wanting to KYC with ApeOClock. Someone who intends to rug would likely choose a KYC service with less exacting standards.
Whether a project KYCs with Ape O’Clock or another KYC provider is irrelevant – what we want more than obtaining KYC customers is to urge investors to demand a higher quality KYC, for their own safety.
If a project will only KYC with a provider who’s process doesn’t actually verify the authenticity of the identity documents and furthermore matches those authentic documents to the individual submitting them, well, that could be a red flag. Demand they use a KYC provider who’s process is more rigorous, and if they won’t, reconsider investing with that project.
Ape safe, and as always, happy farming!