CoinW Research Institute

Abstract

Decentralized Identity (DID) and On-chain Identity Verification (KYC) have garnered continuous attention in recent years, but their practical implementation remains in the early stages. The key driving forces behind them mainly come from three aspects: the increasingly stringent global compliance requirements, the demand for trusted identities in DeFi and on-chain applications, and the growing awareness among users regarding privacy and data autonomy. Nevertheless, the current market demand for a fully decentralized identity system has yet to take shape, with mainstream products primarily serving identification and social attributes rather than constructing reusable, cross-scenario on-chain identity structures.

From a technical perspective, Zero-Knowledge Proofs (ZK) and Verifiable Credentials (VC) are pushing identity systems towards higher privacy and standardization, but they are more likely to be embedded in applications through "seamless integration" rather than relying on users to actively manage complex credentials. In the short term, the industry's more realistic path remains an extension of traditional KYC forms, such as front-end KYC or lightweight compliance solutions like "off-chain verification, on-chain credentials," which can meet regulatory requirements without altering on-chain logic and are more convenient for project parties to implement in DeFi, RWA, and fiat currency deposit and withdrawal scenarios.

It is noteworthy that with the rapid development of AI Agents, new variables may emerge in the long-term evolution of identity systems. Compared to ordinary users, Agents are more likely to become the core users of on-chain identity systems in the future. As Agents gradually acquire autonomous behavior, they may require verifiable, traceable, and cross-scenario reusable DID structures to prove their permissions, model versions, and credibility, and to automatically complete lightweight KYC or risk control verifications on-chain. Although there are still many uncertainties on the technical and regulatory fronts, the rise of AI Agents is expanding the potential demand for DID from the "user side" to the "machine side," bringing new possibilities for the long-term development of identity infrastructure.

This report will systematically analyze the basic concepts of DID and on-chain KYC, key technologies (including ZK, VC, composable credentials, etc.), practical applications, and regulatory requirements, and provide medium- to long-term trend judgments in conjunction with the current stage of industry development. Overall, the future identity infrastructure is more likely to present a hybrid development: front-end KYC as a short-term executable compliance layer, "off-chain verification, on-chain credentials" as a mid-term evolution direction, with related technical systems gradually maturing at the underlying level, while DID may welcome genuine functional demands within the AI Agent system. The ultimate vision of identity self-sovereignty still requires time to validate, but the pragmatic capabilities surrounding privacy, credentials, and compliance have already become an important component of the infrastructure for Web3 development.

Table of Contents

Abstract

1. Industry Background and Policy Drivers

1.1 Global Major Regulatory Trends

1.2 Compliance Pressure: Why Does Web3 Need an Identity System?

2. DID: Definition and Standards of Decentralized Identity

2.1 Basic Concepts and Key Features of DID

2.2 Autonomous Generation of DID

2.3 W3C DID Specifications

2.4 Core Architecture of DID

2.5 Application Scenarios of DID

3. On-chain KYC: From Off-chain Review to On-chain Proof

3.1 Definition and Evolution Logic of On-chain KYC

3.2 Classification of Technical Paths for On-chain KYC

3.3 Typical Application Scenarios of On-chain KYC

3.4 Front-end KYC: The Connection Layer for Identity Verification and On-chain Compliance Systems

4. Typical Project Overview

4.1 Typical DID Projects

4.2 Typical On-chain KYC Projects

4.3 Integration of DID and On-chain KYC

5. Technical Challenges and Privacy Trade-offs

5.1 Technical Challenges: Lack of Standardization, High Usage Barriers, Compatibility and Performance Still Need Improvement

5.2 Distributed Storage and Persistence Issues in the DID System

5.3 Privacy Trade-offs: How to Find a Balance Between Compliance and Anonymity?

5.4 Decentralization vs Centralization: The Trust Dilemma of Issuers

6. Industry Trends and Future Outlook

References

1. Industry Background and Policy Drivers

1.1 Global Major Regulatory Trends

In recent years, several major jurisdictions around the world have introduced or updated regulatory policies for crypto assets, particularly emphasizing compliance with identity verification (KYC) and anti-money laundering (AML) requirements. This trend may directly drive the rapid development of Decentralized Identity (DID) and on-chain KYC technologies, making them key infrastructures for the compliance and scaling of the Web3 ecosystem.

In the European Union, the "Markets in Crypto-Assets Regulation" (MiCA), officially passed in 2023, established a unified compliance framework requiring crypto asset service providers (CASPs) to fulfill the same KYC and AML obligations as traditional financial institutions. Particularly, when users transfer amounts exceeding €1,000 from the platform to private wallets, the platform must collect and record user identity information.

In June 2025, the U.S. Senate passed the "GENIUS Act," which established a regulatory framework for the issuance and circulation of stablecoins at the federal level for the first time. This act requires stablecoin issuers to maintain 1:1 reserve backing, undergo audits, disclose asset structures, and fulfill AML and BSA obligations. This series of regulations makes identity verification a necessary condition for entering the stablecoin market. In other words, if one cannot accurately identify the identity of the token holder, it becomes impossible to determine whether the funds are being used legally or to meet regulatory requirements. In this context, the importance of on-chain identity systems is no longer a theoretical possibility but a technical prerequisite for the compliant operation of stablecoin businesses.

The Monetary Authority of Singapore (MAS) has long required crypto platforms to implement strict KYC and AML processes based on obtaining licenses under the "Payment Services Act." Notably, in recent years, MAS has actively guided the exploration of DID and privacy protection technologies like ZK in compliant identity verification through its regulatory sandbox Plus mechanism.

Hong Kong is also gradually improving its regulatory framework. The Hong Kong Securities and Futures Commission (SFC) and the Hong Kong Monetary Authority (HKMA) have released several guidance documents for virtual asset trading platforms in the past two years, particularly under the push for "non-face-to-face account opening" policies, leading to a significant increase in market demand for on-chain identity verification mechanisms. For virtual asset platforms operating in Hong Kong, proving the connection between account control and actual user identity has become an important part of the compliance process.

Additionally, in emerging markets such as Latin America and Africa, on-chain identity technology is not only a regulatory response tool but also directly addresses the practical issues of digital financial inclusion. A large population has long been excluded from the financial system due to a lack of official identification. In 2023, the Brazilian government launched a national digital ID program, with some modules integrating blockchain functionality. In Africa, countries like Nigeria and Uganda are also providing digital identity registration for refugees and stateless individuals on DID platforms through partnerships with NGOs. These explorations indicate that the application of on-chain identity systems in developing countries has shifted from passive regulatory adaptation to actively empowering social governance and financial access.

Overall, global regulatory trends are evolving from basic KYC to a compliance system that is verifiable, auditable, and considers privacy protection throughout the identity process. This not only raises higher identity governance requirements for Web3 but also pushes the entire industry towards standardized and compliant identity solutions. On-chain identity systems are no longer just a technical concept but a core facility driving the legitimate development of DeFi, stablecoins, RWA, and other sectors, with their construction and adoption speed being transformed from policy pressure to industry awareness.

1.2 Compliance Pressure: Why Does Web3 Need an Identity System?

As global regulations on crypto assets tighten, Web3 projects can no longer avoid a core question if they wish to operate compliantly: Do you truly know your users? As mentioned above, both the EU's MiCA policy and the U.S. Senate's GENIUS Act for stablecoins require platforms to be able to identify, verify, and record user identities. This means that the simple model of wallet address as user is no longer sufficient to meet regulatory requirements; a verifiable, traceable, and privacy-protecting on-chain identity system is becoming a necessity for compliance.

Especially for new Web3 applications like stablecoins, DeFi, and RWA (real-world assets on-chain), they are gradually being incorporated into the regulatory framework. For instance, the GENIUS Act explicitly requires stablecoin issuers to fulfill AML and KYC obligations, with regulatory logic akin to that of traditional financial institutions. Without support from an on-chain identity system, these protocols cannot determine who the real users are or whether they are compliant, and thus cannot legally issue or operate.

For example, the privacy protocol Tornado Cash on Ethereum was sanctioned by the U.S. Treasury (OFAC) because it could not identify user identities. The reason was that it was used by North Korean hackers to launder over $1 billion. Although the protocol itself is neutral, its complete anonymity and inability to prevent illegal use ultimately made it the first target of crackdown. This indicates that the inability to verify identity itself has become a compliance risk. Similarly, in 2023, the cross-chain wallet Mixin Network was attacked, resulting in losses exceeding $200 million, but due to the lack of identity verification and on-chain account protection mechanisms in its architecture, the flow of funds from the attackers was difficult to trace, and post-incident compensation and responsibility allocation fell into chaos due to the lack of user identification. This further confirms that without an identity mechanism, not only is it non-compliant, but it is also unsafe.

Moreover, building an on-chain identity system is crucial for the development of Web3 itself, not just to meet regulatory requirements. Without an identity system, DAOs are vulnerable to witch hunts, NFT lending cannot assess credit, airdrop activities are easily exploited by bots, and DeFi protocols struggle to connect with real-world users and assets. In other words, if Web3 wants to attract institutional participation and connect with the real economy, it must have a set of identity infrastructure that is both compliant and decentralized.

In recent years, several leading DeFi protocols, including Aave, dYdX, and Uniswap, have been forced to restrict functionalities or access for U.S. users precisely because they cannot determine whether users belong to regulated regions or high-risk groups. For instance, dYdX once attempted to introduce facial recognition KYC but faced strong opposition from users. Ultimately, these projects found themselves caught between compliance and user freedom, affecting market expansion. Such situations highlight a core issue: if a balance cannot be found between decentralization and identity verification, the globalization process of DeFi will be limited. If on-chain identity systems can achieve privacy protection + verifiability, they will become the optimal solution.

In the future, whether it is on-chain KYC, decentralized identity (DID), or new technologies like zero-knowledge proofs and verifiable credentials, they will all become important components of the Web3 identity system. The gradual implementation of regulatory policies is becoming the biggest driving force behind the construction of this system.

2. DID: Definition and Standards of Decentralized Identity

2.1 Basic Concepts and Key Features of DID

In a centralized world, users' identity information is controlled by large companies. Whether it is social accounts, transaction records, or credit histories, they are tied to centralized platforms and services, making it difficult to migrate or take control. Decentralized Identifier (DID) aims to break this pattern, allowing users to truly own, control, and manage their identity information autonomously. In simple terms, DID is like a digital ID card in the Web3 world. One of the key reasons it is called decentralized identity is that it is not issued by a centralized institution but is autonomously generated by users locally through technologies like cryptography and blockchain, and is widely recognized.

To understand DID (Decentralized Identity), it is essential to recognize its fundamental differences from the traditional identity systems we encounter daily. In the traditional internet, a user's identity often relies on a specific platform, such as accounts issued by WeChat, Google, or Facebook. These accounts may seem to belong to us, but they are actually controlled by the platform, which can restrict or ban them at any time, or they may completely disappear if the platform goes offline. DID represents a self-sovereign identity (Self-Sovereign Identity, SSI), meaning users have complete control over their identity. This is not just a technical decentralization but a return of rights. Identity is no longer an accessory to a platform's service but is maintained and controlled by the user themselves.

Another key feature of DID is verifiability. It allows third parties to verify the authenticity of an identity through cryptographic signatures without relying on centralized institutions or exposing sensitive user information. This is akin to proving to someone that you graduated from a certain university without having to show all your personal information or original certificates. Combined with the selective disclosure mechanism, users can disclose only the necessary information based on actual needs, thus completing verification while protecting privacy.

DID is also persistent, meaning that a DID identity does not disappear if a platform shuts down or services are discontinued. DIDs are typically stored on blockchains or decentralized networks (such as IPFS, Ceramic, Arweave), which are not as prone to downtime or tampering as traditional servers. Instead, they are maintained by thousands of nodes, ensuring that your identity data exists long-term, is not easily lost, and can be verified as genuinely published by you. This decentralized storage mechanism avoids the single point of failure associated with centralized servers (where data across different platforms is not interconnected, leading to repeated registrations of user identity information in various places, making sharing difficult and limiting the flexible use of data) and the risk of data tampering.

Interoperability is also an important foundation of the DID system. DID is not an isolated technology but a set of universal standards that are being promoted by the W3C (World Wide Web Consortium) to become a global standard. As long as different platforms and applications adhere to a unified protocol, they can recognize and use the same DID, significantly reducing the cost for users to switch between different services. This is similar to email; regardless of whether you use Gmail or Outlook, you can communicate with each other.

2.2 Autonomous Generation of DID

The autonomous generation of DID is essentially a process where users create, own, and manage their digital identity without relying on traditional centralized platforms, such as governments, social media, or companies. We can think of it as issuing an ID card to oneself rather than applying for an account or certificate issued by an institution.

Specifically, when a user generates an identity in a DID-supported system, the system creates a pair of cryptographic keys locally (usually in the user's device or wallet application): one is a private key (kept secret and belonging only to you), and the other is a public key (which can be shared and used by others to verify you). Subsequently, the system generates a unique identifier based on the public key and other information, which is the DID (usually in a format like did:example:123456789abcdefghi). This DID can be registered on a blockchain or decentralized storage network, ensuring it is public, verifiable, and tamper-proof.

The entire process does not involve a centralized registration authority, no usernames or passwords, and no forms to fill out; it relies solely on cryptography to ensure the uniqueness and security of the identity. Users only need to safeguard their private key, and the DID will always belong to them. The benefit of this approach is that identity no longer depends on a specific platform and will not become invalid due to platform shutdowns or policy changes, truly making the identity belong to the user.

2.3 W3C DID Specifications

The Web3 ecosystem has gradually formed several mainstream DID standards and protocols. The core of these is the W3C DID specification, which provides a unified format for global decentralized identities. Around this specification, many implementation frameworks and tools have emerged, all aiming to enable users to use a unified identity across applications, chains, and platforms while ensuring privacy, security, and verifiability of the identity.

The W3C DID specification not only defines the format of DID (for example: did:example:123456abcdef) but also details how to retrieve the associated DID Document by parsing the DID. The DID Document is a JSON file that records public information related to that identity, such as verification public keys, service endpoints, etc. This information allows DID holders to prove ownership of their identity through cryptographic means, achieving true decentralized identity control.

Additionally, the W3C DID specification introduces the concept of DID Methods. A DID Method defines the specific ways to create, read, update, and deactivate a certain type of DID, allowing DIDs to adapt to different underlying infrastructures, such as blockchains, distributed storage systems, or even traditional databases. For example, did:ethr: represents the DID method on Ethereum, while did:key: generates DIDs directly based on public keys without relying on a blockchain. This method mechanism design greatly enhances the standard's extensibility and cross-platform compatibility.

The greatest significance of the W3C DID specification lies in providing a unified, open, and extensible identity representation standard, enabling global developers and organizations to build and integrate DIDs based on a common language. This standard breaks down platform silos, allowing users to truly control their identity and migrate and interact freely across different platforms. It is the cornerstone of the entire decentralized identity ecosystem and lays a trustworthy identity foundation for a series of upper-layer applications.

2.4 Core Architecture of DID

The technical architecture of the DID (Decentralized Identifier) system is centered on building a decentralized, user-controllable, verifiable, and cross-platform interoperable identity system. This architecture relies on a complete set of open standards and protocols developed by the W3C and the Web3 community, ensuring that identities can be uniformly used and securely verified across different platforms, blockchains, and applications. Its main components include the following key elements.

2.4.1 Decentralized Identifier (DID Identifier)

DID is a globally unique identity identifier that does not rely on centralized registration authorities but is generated through local key pairs and published or resolved using specific DID methods. Its structure typically looks like this: did:method:unique-id

did: — a fixed prefix indicating that this is a decentralized identity

method: — specifies the DID method used, i.e., the protocol for generating and resolving the DID

unique-id: — a unique identifier defined by that method

Different DID methods support different network environments. For example:

did:ethr: is suitable for the Ethereum ecosystem

did:key: is suitable for scenarios that do not require on-chain and are completely generated locally

did:ion: is an extension scheme based on Bitcoin and IPFS

DID methods not only determine the format of the DID but also define how to create, resolve, update, and revoke that DID. This mechanism realizes self-sovereign identity (SSI), allowing users to fully control and manage their identity without account registration or institutional authorization, solely through their private key.

2.4.2 DID Document and Resolution Mechanism (DID Resolver)

Each DID corresponds to a DID document that describes the metadata associated with that identity, such as authentication public keys, service endpoints (like data storage, communication addresses), etc. These documents are stored in decentralized networks (such as IPFS or on-chain), and users or applications can retrieve the document and verify identity information through a DID resolver. This approach avoids the data silos and single point of failure issues found in traditional centralized identity systems.

In traditional centralized identity systems, for example, if you registered accounts with a bank, social platform, and e-commerce website, each platform retains your identity information and behavioral data, but they do not communicate with each other. This is akin to each platform building an "information island," requiring you to repeatedly submit your ID card, phone number, photos, etc., on each platform, which is not only cumbersome but also prone to inconsistencies or data leaks. This is the data island problem.

A single point of failure refers to an identity system that relies too heavily on a single centralized platform or institution. If this platform encounters issues, such as server downtime, being attacked, or even policy changes or company bankruptcy, your identity information may become inaccessible or even permanently lost. For instance, if you log into many applications using a social media account, once that platform bans your account, all associated services may become unusable.

In contrast, DID allows users to control their identity information, which is distributed and stored in decentralized networks, meaning no single platform can prohibit your identity. Different applications can share the same DID, reducing redundant verification and avoiding the problems of "data islands" and "single points of failure."

2.4.3 Verifiable Credentials (VCs) and Verifiable Presentations (VPs)

DID itself does not carry all the information about who you are but works in conjunction with VCs to achieve a rich expression of identity. VCs are digital proofs issued by trusted issuers (such as schools, governments, platforms, etc.), which may state that you are a university graduate or that you own a certain NFT. These credentials come with cryptographic signatures, allowing the recipient to verify their authenticity without trusting any intermediaries, thus achieving minimal trust information exchange.

VPs are a way for users to package these credentials when they need to present their identity. Users can selectively combine and display some or all of the credentials and prove the integrity and authenticity of this information through cryptographic signatures. For example, you can prove to a platform that you are of legal age while only displaying your age without disclosing other information. VPs are a crucial part of the DID architecture, enabling users to securely verify their identity and share information while maintaining control over their privacy.

2.4.4 Privacy Protection and Selective Disclosure Mechanism

Privacy protection and selective disclosure mechanisms are crucial parts of decentralized identity systems. In simple terms, when you need to prove a certain identity information (for example, that you are an adult), you do not necessarily have to expose your full date of birth or ID card information. To protect privacy, some projects utilize cryptographic techniques like zero-knowledge proofs, which allow you to prove that something is true without revealing how you know it.

For example, if you want to enter a bar that only allows adults, the doorman only needs to know whether you are over 18, not your specific birthday. Traditionally, you might show your ID card, exposing a lot of personal information. With a selective disclosure mechanism, you only need to present an encrypted credential, allowing the doorman to verify that you are indeed an adult without seeing any other information.

In the Web3 environment, on-chain data is publicly transparent. Without such privacy protection mechanisms, users' sensitive information could be publicly accessible. Therefore, introducing selective disclosure and zero-knowledge proofs helps strike a balance between on-chain verifiability and personal privacy.

2.5 Application Scenarios of DID

As Web3 users increasingly demand identity sovereignty and data privacy, DID (Decentralized Identifier) is gradually becoming the infrastructure connecting users with various Web3 applications. It not only changes the way identities are generated and managed but also provides new pathways for compliance, security, and trust. Below are several typical application scenarios of DID.

2.5.1 Web3 Login and Unified Identity

In the traditional internet, users typically need to register an account, bind an email or phone number, set a password, and even undergo real-name verification to log into various websites and apps. To simplify the process, many platforms have introduced social login methods, such as logging in with Google or Apple accounts. However, the problem behind this method is evident: identities are controlled by centralized platforms, personal data is collected for commercial purposes, and users lose control over their accounts and privacy.

The solution provided by DID to this problem is to build a cross-platform reusable, user-held, privacy-protecting identity system, achieving true decentralized single sign-on (dSSO).

First, DID helps users unify their identities without needing to register repeatedly. Theoretically, when a user first uses a Web3 application, they can generate a DID by signing with their wallet. Subsequently, when accessing other DApps, the user no longer needs to register or fill out information again; they just need to connect their wallet to verify their identity and continue using their existing account data, permission settings, or reputation records. Unlike the centralized single sign-on methods of Web2, the decentralized single sign-on method of Web3 does not rely on third-party providers but is built collaboratively by users and on-chain protocols, ensuring that identity is in the hands of the user.

Second, data is stored locally, effectively protecting user privacy. In the DID login system, identity data, permission settings, login records, and other information do not need to be stored on centralized servers but are kept locally by the user or in distributed storage systems (such as IPFS, Ceramic Network). Thus, even if a particular application experiences a data breach or attack, the user's complete identity information cannot be exposed.

Additionally, the DID system often works in conjunction with Verifiable Credentials (VCs) and zero-knowledge proofs (ZKPs), allowing users to prove "I meet a certain condition" (such as having completed KYC, being of legal age, or not being a U.S. resident) during the login process without exposing all identity details, achieving selective disclosure and minimal trust.

2.5.2 Verifiable Credentials and Compliance Identity Verification

In financial or legal scenarios such as DeFi, RWA, and on-chain fundraising (like IDO/Launchpad), compliance verification of identity has become a fundamental prerequisite for project operation. For example, platforms may need to block users from specific regions (such as U.S. users) or only allow qualified investors to participate in fundraising activities. These involve compliance processes like "Know Your Customer" (KYC) or "Know Your Business Partner" (KYB).

However, traditional centralized KYC models have a pain point: on one hand, users must repeatedly submit sensitive data such as ID proof, address, and financial information, increasing the risk of privacy breaches; on the other hand, every time a user enters a new platform, they must go through the verification process again, leading to a lengthy and fragmented user experience.

To address these issues, the DID (Decentralized Identifier) system combined with Verifiable Credentials (VCs) technology is becoming a superior identity compliance solution. VCs are encrypted digital proofs issued by trusted institutions (such as Fractal, Polygon ID, Galxe Passport, etc.), which can include identity attributes like "I have completed KYC," "I am over 18," or "I am not a U.S. resident," and come with signatures to ensure authenticity and immutability. Once a user obtains a VC, they can reuse this certification result across multiple applications or platforms without needing to re-verify, significantly enhancing efficiency and user experience.

Furthermore, VCs are often combined with zero-knowledge proof (ZKP) technology. When users interact on-chain, they only need to generate and submit a cryptographic proof stating "I meet a certain requirement" (such as compliance age or residence) without exposing complete personal information, thus achieving a balance between selective disclosure and privacy protection. This compliance identity verification mechanism based on DID and VCs is becoming a key infrastructure in the Web3 financial ecosystem to address the dual demands of "compliance + privacy."

2.5.3 On-Chain Reputation and Social Credit Systems

In the Web2 system, users' credit records are primarily controlled by centralized institutions, such as banks' credit systems, social platforms' account levels, and internal talent evaluations of enterprises. In the Web3 world, although users have on-chain identities (like wallet addresses), the lack of a unified, trustworthy, and composable social credit system often leaves users in a state of having no history or background, making it difficult to establish a foundation of trust, especially in scenarios like cross-platform collaboration, DAO governance, and credit lending. DID provides a foundational framework to address this issue. It grants users autonomous control over their identities and gradually builds an inheritable, composable, and verifiable on-chain reputation system through the binding of Verifiable Credentials (VCs) and on-chain behavioral data.

Specifically, while the DID system does not directly record user behavior, it can serve as an identity container, binding reputation data related to the user. This data can come from DAO governance participation (such as voting frequency, proposal records), DeFi protocol usage history (such as stable lending behavior, liquidity contributions), or interaction activity on GameFi or social platforms (such as task completion, social network connections, etc.). These behaviors can be certified as specific credentials, such as SBTs (Soulbound Tokens), VCs, or on-chain reputation scores, and thus become part of the DID identity, promoting the idea that behavior is identity.

On this basis, the integration of DID with on-chain behavioral data builds an open, decentralized social credit network for Web3. For example, users can bind their experiences in DAOs, project development, and community governance to their DID as an on-chain resume; DeFi protocols can calculate reputation scores based on users' historical behaviors to implement unsecured credit lending; DAOs can use reputation to filter real users and prevent Sybil attacks; users can reuse their identity and credit across multiple platforms with a single DID, eliminating the need to build trust relationships from scratch.

2.5.4 Web3 Social Networks and Content Creation Platforms

In traditional Web2 social and content platforms, users' identities, content, and earnings are tightly controlled by the platform. For instance, users' follower data, posting records, and reward income depend on specific platform accounts. Once an account is banned or a platform shuts down, users lose their connection to the outside world and may even be unable to migrate their existing creative works, significantly limiting creators' autonomy and rights to earnings. In the Web3 world, DID is opening a new path for content creators and social participants. As a user-managed digital identity, DID can be reused, migrated, and combined across multiple platforms, allowing users' content assets and social relationships to truly belong to them rather than the platform.

Specifically, in Web3 social platforms, DID can bind a series of on-chain identity assets, such as ENS domain names (Ethereum identity), POAP (Proof of Attendance Protocol), and Lens Handle (social username). These assets not only constitute the user's public identity but also serve as reputation assets, providing a foundation of trust in social relationships and content dissemination.

Additionally, DID can also be bound to users' content behaviors and interaction records. For example, on the Lens Protocol, every piece of content published by a user, every like and favorite received, and the number of followers are recorded on-chain, forming a verifiable content history. In Farcaster, social connections between users (follow, mention, interaction) can be bound to DID and called by third-party applications, constructing a real social graph. On platforms like Mirror, the content creation itself (articles, NFT content) can also belong to a specific DID identity, with related earnings directly distributed to the user's wallet rather than being taken by the platform.

In this way, everything users have done and created can be consolidated within the unified identity system of DID. Users' follower bases, content works, social interactions, and income histories can all be bound to a verifiable, inheritable, and composable identity, building a digital reputation that truly belongs to the user.

2.5.5 DAO Governance and Voting Rights Certification

In DAO organizations, traditional practices usually base voting on wallet addresses, but this can easily be manipulated by bots, sockpuppets, or whale multi-signatures. The phenomenon of one person operating multiple addresses, vote stuffing, and abusing governance rights severely affects the effectiveness of community decision-making. DID provides a more solid identity foundation. By binding each user's on-chain behavior, reputation records, or identity credentials to a verifiable identity, the system can determine whether "a person" truly exists and whether they are a qualified member of the community, rather than relying solely on the number of wallets. This approach introduces identity uniqueness and participation qualification recognition mechanisms to DAOs.

At the same time, with the help of zero-knowledge proofs, users can submit proof of "I have a certain qualification" without revealing specific personal information. For example, a high-privilege proposal may only allow users who have "participated in community governance at least twice and completed KYC" to vote. Ordinary members can view the proposal content but cannot participate in the voting. The entire process does not rely on centralized platforms and does not expose user privacy, thus achieving a triple balance of "compliance, security, and privacy."

2.5.6 On-Chain Permission Management and Data Access Control

DID not only answers the question of who you are but, more importantly, it can also grant or restrict "what you can do." In the Web3 world, identity is not just a login tool but a carrier of access permissions. Through DID, users can specify in an encrypted manner which people or contracts can read which data or trigger which operations.

For example, a DAO's document system can set it so that only users holding a "core member credential" can view the governance budget, while ordinary observers cannot access that content. This access control does not rely on centralized servers but is automatically determined by the identity credentials bound to the DID, achieving an on-chain management model where "permissions equal identity."

The same mechanism also applies to cross-chain bridge operation permission settings (for example, restricting certain identities from triggering transfers), on-chain data storage (such as access control for encrypted data stored on IPFS or Arweave), and scenarios like paid content distribution and DePIN network node management in Web3 applications.

With the development of DID technology, users can authorize "only allow viewing whether I have been certified, without exposing the certification content," thereby enhancing data collaboration efficiency and user privacy protection while ensuring security.

2.5.7 Cross-Chain Identity Interoperability and Ecological Bridging

The W3C DID standard has inherent cross-chain capabilities. Users only need to create a DID to use the same identity across multiple chains such as Ethereum, Polygon, Polkadot, and Cosmos, reducing fragmented account management and facilitating the collaborative use of assets and identities across chains. This provides strong support for enhancing user experience in multi-chain ecosystems, wallets, trading platforms, GameFi, and other scenarios.

3. On-Chain KYC: From Off-Chain Review to On-Chain Proof

The importance of on-chain KYC stems from its ability to balance privacy protection and compliance requirements. Combined with the current industry development context, its rise is mainly driven by the following practical needs.

First, global regulatory pressure continues to intensify. As various countries introduce regulatory systems for virtual assets, compliant identity verification has become an unavoidable infrastructure in crypto financial scenarios such as DeFi and RWA. On-chain KYC serves as a bridge connecting on-chain operations with off-chain compliance, providing a technical path for identity review and permission management without sacrificing user experience.

Second, DeFi and RWA are accelerating institutional evolution. As more traditional capital enters Web3, permissionless financial protocols urgently need to build compliance gateways to distinguish whether users meet participation conditions (such as whether they are U.S. residents or certified investors). On-chain KYC can be embedded in the protocol layer in a standardized and composable manner, becoming the identity entry point for institutions.

Third, the concept of user sovereignty and privacy protection emphasized by Web3 is gaining traction. Compared to the data breach and abuse risks present in traditional centralized KYC models, on-chain KYC leverages technologies such as zero-knowledge proofs (ZK) and decentralized identity (DID) to achieve minimal disclosure verification, meaning users only need to prove that they meet certain requirements without revealing specific identity information, thus balancing privacy security and compliance.

3.1 Definition and Evolution Logic of On-Chain KYC

3.1.1 What is On-Chain KYC? What are the Essential Differences from Traditional KYC?

On-chain KYC refers to recording the results of user identity verification in an encrypted, secure, and verifiable manner on the blockchain for on-chain compliance screening, access control, and identity recognition. Unlike traditional KYC, which involves submitting identity materials and relying on centralized institutions for manual review and data storage, on-chain KYC focuses more on result verification rather than process disclosure, emphasizing user sovereignty, privacy protection, and reusability, making it a new generation of identity compliance method suitable for Web3.

In the traditional financial system, users must upload sensitive materials such as passports, ID proofs, and address proofs, with centralized platforms or banks manually reviewing whether they meet regulatory requirements (such as anti-money laundering, anti-terrorist financing, etc.). This data is stored in centralized controlled databases, making it impossible to use across platforms, and users cannot control how their data is used, facing long-term risks of privacy breaches and abuse.

On the other hand, on-chain KYC uses technologies such as encrypted markers, Verifiable Credentials (VC), or zero-knowledge proofs (ZK) to write the fact "I have been verified" onto the chain. Third-party protocols can determine whether users meet entry standards without accessing any original materials. For example, a DeFi or IDO project can set "only addresses that have passed KYC can participate," where the contract only needs to verify whether the user holds a specific credential or generated ZK proof without requesting ID proof.

3.1.2 Three Technical Characteristics of On-Chain KYC

At the same time, on-chain KYC is no longer a one-time, closed identity review process but an on-chain component that can be called in real-time by smart contracts for dynamic judgment. It has three major technical characteristics: programmability, composability, and privacy protection capability.

First, on-chain KYC is programmable. The results of identity verification are no longer just records in the backend but can be directly written into contract logic as triggering conditions. For example, developers can set "if the address has passed KYC and does not belong to a certain country or region, then allow participation in financing." All of this does not require centralized manual intervention; the contract automatically judges and executes.

Second, on-chain KYC is composable. Once users complete identity verification, they can reuse the certification results (such as SBT, VC, or off-chain signatures) across multiple DApps or protocols without needing to upload materials again. For example, after completing verification on Fractal ID, users can apply that certification to protocols like Polygon ID, Gitcoin Passport, etc., that support universal identity standards, achieving "one certification, multiple accesses."

Finally, on-chain KYC has certain privacy protection capabilities. Especially when using zero-knowledge proof technology, users only need to prove that they "meet certain conditions," such as "I am not in the U.S." or "I am over 18," without exposing any specific identity information. This "minimal disclosure" approach maximally protects user privacy while meeting compliance requirements.

In summary, on-chain KYC is driving the transformation of the Web3 compliance identity system from centralized review to decentralized verification. It not only empowers users with control over their identity data but also enhances the automation level and flexible composability of compliance systems, providing a solid identity infrastructure for compliant DeFi, DAO governance, and RWA ecosystems.

3.2 Classification of Technical Paths for On-Chain KYC

On-chain KYC does not have a unified implementation method; different projects choose different technical solutions based on their needs for privacy, security, deployment difficulty, and compliance depth. Overall, there are currently four common paths in the industry, each suitable for different use scenarios, which we will introduce one by one.

3.2.1 Hash Record Type Solution: A Lightweight On-Chain KYC Method for Quick Integration

The hash record type on-chain KYC is currently the simplest and most widely deployed on-chain identity verification solution. Its basic principle is that users complete identity verification off-chain (such as uploading documents and passing manual review), and the verification institution hashes the fact "this user has passed KYC" and then submits that hash value as an immutable record on-chain. This method emphasizes "whether passed" rather than "who you are," avoiding the exposure of sensitive information on-chain.

The advantage of this solution lies in its ease of deployment, low on-chain costs, and strong compatibility. Verification institutions only need to generate a hash and submit it on-chain after the user successfully verifies, and the frontend requires almost no complex identity structure support. This makes it particularly suitable for scenarios that have certain identity compliance requirements but do not wish to introduce complex privacy systems, such as many lightweight IDO platforms, whitelist management contracts, etc.

For example, some Launchpad platforms require users to pass KYC before allowing participation in token sales. The project team can package the list of addresses that have passed KYC and upload it on-chain, setting the contract to recognize "users who have passed KYC" as valid, thus achieving on-chain whitelist verification. This method supports batch management and has high verification efficiency.

3.2.2 Verifiable Credentials + Zero-Knowledge Proof: The Mainstream Technical Path for On-Chain Compliance Identity

The most representative on-chain KYC solution currently combines Verifiable Credentials (VC) with Zero-Knowledge Proof (ZKP) technology. This type of solution not only aligns with Web3's privacy-first and user-control principles but is also gradually becoming the mainstream implementation method for on-chain compliance identity systems.

Its basic mechanism is:

The certification process is completed off-chain: Users complete identity verification (KYC) off-chain through platforms like Fractal ID, Polygon ID, etc.;

Generate Verifiable Credentials (VC): The certification institution encapsulates the user's identity information (such as "passed KYC," "not a U.S. resident," "over 18 years old," etc.) into an encrypted signed credential (VC) issued to the user;

Users store VC locally: Users keep the credential in their local wallet or dedicated identity tool, having absolute data control;

On-chain display of zero-knowledge proof: When users need to prove "I meet a certain condition," they generate a ZK proof locally and submit it to the on-chain verification contract for judgment without revealing the original information in the VC.

For example, a DeFi protocol only allows non-U.S. users to participate. Users only need to present a zero-knowledge proof stating "I am not a U.S. citizen," and the on-chain system can verify the proof's validity without revealing nationality, passport number, or true identity. This principle of minimal disclosure greatly enhances user privacy security while meeting regulatory compliance requirements. Represented by Polygon ID and Fractal ID, these solutions highly align with Web3's privacy and self-sovereignty principles, supporting cross-application reuse of identity credentials, suitable for compliant DeFi, DAO voting, RWA asset access, and other high-privacy scenarios. Although the deployment threshold is slightly higher, it is increasingly becoming the mainstream route for on-chain compliance identity.

3.2.3 SBT/NFT Type On-Chain KYC

The third type of on-chain KYC technical path issues non-transferable identity tokens to users through NFTs or SBTs (Soulbound Tokens). After completing the identity verification process off-chain or on-chain, users receive a token bound to their wallet address as proof of having passed KYC on-chain. This token is typically non-transferable and belongs only to the address that completed the verification, hence it is also referred to as a soulbound credential.

Compared to the previously mentioned zero-knowledge proof model, this type of solution has a more intuitive structure and clear on-chain status. The protocol only needs to check whether the user holds a specific token to determine whether they have passed KYC. For example, a DAO can set that only users holding a Civic Pass SBT have voting rights, without needing to introduce external verification interfaces or complex logic, making the development integration threshold lower and suitable for Web3 scenarios with less stringent compliance requirements.

Overall, the SBT/NFT type solution is more suitable for lightweight, one-time compliance checks, especially in community governance, access control, and Web3 threshold social systems. For high-privacy scenarios such as DeFi financial protocols and RWA investment platforms, reliance on VC+ZK type solutions is still necessary to achieve a balance between privacy and compliance.

3.2.4 Off-Chain Verification + On-Chain Signature Type Solution

The core idea of the off-chain verification + on-chain signature type solution is that users complete identity verification (such as KYC, qualification checks, etc.) off-chain, and after verification, the certification institution issues an authorized credential with an encrypted signature to the user. Users can use this credential to interact with smart contracts on-chain, thereby achieving functional access after identity verification.

Unlike traditional centralized verification processes, this solution keeps the verification process off-chain, handling only encrypted signatures or authorization data on-chain without recording users' original identity information, effectively reducing the risk of privacy breaches. Smart contracts can determine whether users have specific permissions, such as being qualified investors or meeting certain activity qualifications, by verifying the signatures. This method enhances the security of on-chain operations while maintaining privacy protection, resulting in a more user-friendly experience.

This approach is often confused with the previously mentioned hash record type solution, but there are significant differences in core mechanisms and user experience. The hash record type solution typically involves completing verification off-chain and then hashing the user's identity information to put it on-chain. Its role leans more towards "evidence," proving that a certain identity has been certified, facilitating post-verification or auditing. However, such solutions have poor scalability, as the hash itself cannot convey more identity attributes, and users cannot carry the credential for use across different applications.

In contrast, the off-chain verification + on-chain signature solution places greater emphasis on the portability of identity and privacy protection. It is usually combined with decentralized identity (DID), verifiable credentials (VC), and zero-knowledge proof (ZKP) technologies, allowing users to selectively disclose proofs such as "I am of legal age" or "I have completed KYC" without exposing specific information. This mechanism balances the security of on-chain interactions with the flexibility of regulatory compliance, aligning more closely with the current dual goals of compliance and decentralization.

3.3 Typical Application Scenarios of On-Chain KYC

As the Web3 ecosystem continues to develop, compliance demands are increasingly emphasized. On-chain KYC, as a key means of balancing identity verification and privacy protection, is accelerating its implementation in various scenarios.

Compliance DeFi: Restricting Users from Specific Countries, Verifying Investor Qualifications

For DeFi protocols open to the global market, ensuring that services are not provided to specific regions (such as the U.S.) and only allowing KYC-compliant investors to participate is crucial for avoiding regulatory risks. Such scenarios often adopt the off-chain verification + on-chain signature solution, verifying user identities through off-chain compliance platforms and generating encrypted signatures or VC credentials for them. When users interact on-chain, they only need to present this signature to prove their compliant identity, allowing the protocol to grant or restrict access without exposing information. Aave Arc is a typical representative in this direction, launching a permissioned market for institutional users that requires off-chain identity verification, with the verification results managed through on-chain whitelist contracts for access control. This is a classic off-chain verification + on-chain signature model that ensures compliance while securing on-chain operations.

DAO Governance: High-Permission Operations Require Identity Verification

In DAO governance, certain high-permission proposals (such as treasury management or core protocol upgrades) may require proposers or voters to have certain qualifications, such as verified identities, non-robotic status, or specific geographical restrictions. To prevent governance manipulation or abuse, DAOs can use a combination of zero-knowledge proofs and VC models to require participants to present statements like "I have been verified" on-chain without disclosing complete identities. This method effectively blocks Sybil attacks, ensuring the representativeness and credibility of governance. For instance, Gitcoin Passport integrates off-chain identity verification data from BrightID, POAP, etc., along with a scoring model to provide proof of human uniqueness for participants. Although it does not directly use Verifiable Credentials, it achieves an innovative governance verification mechanism through off-chain verification + on-chain reputation scores.

RWA Projects: Real-World Assets on Chain Require Verified Identities

RWA (Real World Assets) projects, such as tokenized real estate, bonds, and artworks, involve traditional finance and legal compliance, necessitating that participants are real, compliant users. These projects often adopt a hybrid solution combining hash record type schemes and verifiable credentials, retaining verified traces on-chain to meet auditing needs while also supporting users in reusing identity proofs across multiple platforms. Some leading projects have begun to introduce ZKP mechanisms to enhance privacy protection capabilities. For example, RWA projects like Centrifuge and Goldfinch require users to complete off-chain KYC first and manage permissions through on-chain address whitelists or access control contracts. Some projects are also exploring the integration of VC and ZKP into their processes to enhance privacy protection and identity reusability.

Launchpad / IDO: Restricting Non-KYC Users from Participating in Primary Offerings

Primary market issuance activities, such as Launchpad or IDO, typically face strong compliance pressures, especially when it involves fundraising or token sales, where platforms need to prove the compliance of user identities. The most common practice is for off-chain KYC platforms to complete verification and issue credentials (such as VC or off-chain signatures), which users must submit on-chain when participating. This method allows smart contracts to automatically recognize and control qualifications, reducing manual reviews and improving efficiency. Platforms like CoinList and Polkastarter have long adopted the "off-chain KYC + on-chain whitelist" approach to control access qualifications. The Galxe Passport Launchpad, based on Verifiable Credentials, provides users with reusable on-chain credentials, enhancing cross-platform participation experiences.

Web3 Token Economy: Taxation, Income Sharing, and Para-Financial Applications

The Web3 token economy has expanded to scenarios such as on-chain labor, content creation, and P2E games, where the binding of identity and income has gradually become a necessary condition. For example, verifying whether users have tax obligations or the legality of their income. In such applications, combining VC and ZKP for on-chain KYC can achieve verifiable identities while protecting privacy, providing guarantees for platform operations and compliance. For instance, Quadrata offers NFTs carrying compliant identity and tax information, supporting on-chain identity management and data verification. Galxe Passport generates verifiable digital passes for users, supporting task incentives and income-sharing scenarios. Polygon ID implements on-chain identity verification with "default privacy" based on ZKP, supporting more complex economic models.

3.4 Front-End KYC: The Connection Layer Between Centralized Identity Review and On-Chain Compliance Systems

In the current stage where on-chain KYC and decentralized identity systems are not yet fully mature, an increasing number of Web3 products are choosing "front-end KYC" as a transitional layer between centralized review and on-chain interaction. Front-end KYC refers to the project team not processing identity information on-chain but embedding identity verification processes in the interface layer of DApps, Web3 wallets, or applications, allowing users to complete verification before accessing key functions. It essentially still belongs to centralized KYC but moves the review process from the exchange backend to the first touchpoint of on-chain interaction, enabling regulatory requirements to be implemented in more granular detail in specific use scenarios.

Although centralized exchanges do not have front-end KYC processes in their main operations, as their business extends into the Web3 space, their new product lines, such as Web3 wallets, cross-chain bridges, payment gateways, and on-chain asset management tools, have adopted this model. For example, the Web3 wallet HashKey Me from the licensed Hong Kong exchange HashKey Exchange requires users to complete KYC and bind target addresses before withdrawing to external addresses, and deposits from unbound addresses will not be automatically credited. By moving the review point forward, the product maintains a degree of decentralized user experience while ensuring the controllability of regulated operations. Coinbase's Base App demonstrates another front-end structure: users access on-chain operations, wallets, payments, and trading functions within the same application, with different scenarios triggering different levels of identity verification requirements. For instance, before using regulated payment or specific asset functions, the application automatically invokes identity verification based on the Coinbase account system. Although this model does not belong to DID or on-chain KYC, it allows users to complete regulated on-chain operations without needing to understand complex on-chain processes through "front-end encapsulated compliance."

The rapid proliferation of front-end KYC is supported by mature third-party identity verification infrastructure providers. Tools like Sumsub, Jumio, Onfido, Persona, and Veriff offer modular SDKs and APIs, allowing project teams to directly integrate capabilities such as document recognition, live detection, sanctions list screening, address proof verification, and wallet address risk assessment in the front end. With these components, Web3 projects can meet regulatory requirements at low cost without building their own compliance teams.

As more projects incorporate front-end KYC into their product systems, this mechanism is transitioning from "platform-based review" to "scenario-based review"; identity verification will be dynamically triggered based on capital flows, asset types, and user behaviors, tightly binding regulatory logic with on-chain operation paths. Although in the future, with the development of verifiable credentials (VC) and zero-knowledge proofs (ZK), a more decentralized identity system may gradually replace this model, at the current stage, front-end KYC is one of the important paths for Web3 products to achieve secure operations and compliance implementation.

4. Typical Project Overview

4.1 Typical DID Projects

4.1.1 Galxe Passport: On-Chain Reputation and Credibility System

In the field of decentralized identity, projects like on-chain reputation and credibility systems aggregate user behavior data both on-chain and off-chain to generate reputation identifiers with a certain level of credibility, used for airdrop screening, Sybil protection, governance weight distribution, and various application scenarios.

Galxe Passport is a representative project in this category, launched by the Web3 data platform Galxe, aimed at helping users build a unified, trustworthy, and cross-platform usable digital identity. Essentially, Galxe Passport is a Soulbound Token (SBT) used to store verified user identity information, protected by encryption to safeguard personal privacy. It effectively prevents Sybil attacks while achieving identity compliance.

Galxe Passport supports binding various on-chain and off-chain identity elements, including social accounts (such as Twitter, GitHub, Telegram), email addresses, and multiple wallet accounts across chains. The platform generates verifiable on-chain identity profiles for users through encrypted signatures, allowing them to reuse their identities across different platforms and participate in various Web3 activities without repeated authentication. This passport-like DID system significantly enhances the portability and usability of identities.

Figure1. Galxe passport website. Source: https://app.galxe.com/passport

Galxe Passport is built on a user-managed decentralized identity model. All data binding and verification processes require user consent, and the Galxe platform itself cannot read or alter users' sensitive information. This mechanism ensures that users have complete control over their identity assets, aligning with the user sovereignty data concept emphasized by Web3.

How to Generate a Galxe Passport:

1. Visit app.galxe.com/passport and click Log in.

2. Connect your self-hosted EVM wallet (such as MetaMask).

3. Click “Mint Now” to start creating your Passport (current version is Passport V2).

4. Read and agree to the terms, then enter the verification process.

5. Complete identity verification through Sumsub (upload ID + selfie).

6. If you are a Galxe+ member, you can waive the initial identity verification fee (otherwise, it is about $5 USD).

7. After verification, set an encryption password for encrypting identity data.

8. The system will generate a Galxe Passport SBT (Soulbound Token) for your wallet.

Figure2. How to mint Galxe passport. Source: https://app.galxe.com/passport

Application Scenarios

Currently, Galxe Passport is widely used in various interactive scenarios such as task platform certification, event whitelist screening, and DAO governance identity verification. For example, users can quickly prove "I am a certain Twitter user" or "I have participated in a certain DAO governance" through the Passport to unlock specific rewards, qualifications, or access permissions. Some Web3 Launchpad platforms have also integrated Galxe Passport, using it as a credential carrier for KYC verification results to achieve decentralized identity management and access control.

In addition, Galxe Passport is gradually introducing Verifiable Credentials (VC) and Zero-Knowledge Proof (ZKP) mechanisms, allowing users to only display verification results such as "I have completed KYC" or "I am not a U.S. user" without revealing sensitive information like name or address. In this way, Galxe Passport becomes a bridge connecting off-chain compliance certification with on-chain privacy interactions, meeting compliance needs while protecting user privacy.

Galxe Passport V3 and Collaboration with Sumsub

In May 2025, Galxe officially launched Passport V3, introducing comprehensive compliance identity verification capabilities and forming a strategic partnership with Sumsub, a global leader in identity compliance technology services. Sumsub (https://sumsub.com) is a UK-based identity compliance technology company that provides KYC (Know Your Customer), KYB (Know Your Business), and AML (Anti-Money Laundering) services to Web2/Web3 enterprises worldwide. It serves over 2,000 clients, including Binance, Bybit, OKX, and MoonPay, with strong identity verification technology, document review systems, and global compliance experience, supporting user identity recognition and regulatory requirements in over 190 countries and regions.

In this collaboration, Galxe Passport V3 incorporates Sumsub's KYC verification process, allowing users to obtain an encrypted credential (VC) issued by Sumsub after completing a single compliance identity verification, which can then be bound to their Passport. When subsequently using platforms like Transak and Banxa (both integrated with Passport) for on-chain interactions, asset bridging, or participating in IDOs, users do not need to verify their identity again. As compliance fiat entry service providers, Transak and Banxa allow users to exchange fiat for crypto assets after completing KYC. Additionally, by combining Zero-Knowledge Proof (ZKP) and encrypted storage, users can hide sensitive information such as name and address when proving they have completed KYC, ensuring privacy security. This collaboration greatly enhances the user experience and access efficiency for Web3 users, while allowing developers and project teams to easily integrate compliance identity verification logic, helping to build more trustworthy DeFi, RWA, and on-chain payment scenarios.

As one of the most widely used and interconnected DID applications in the current Web3 world, Galxe Passport is becoming an important entry point for on-chain identification and providing a solid foundation for future on-chain reputation systems, decentralized social interactions, and compliance identity verification scenarios.

4.1.2 Spruce: On-Chain Login and Data Permission Management

In the various sub-tracks of on-chain identity, on-chain login and data permission management are gradually becoming key infrastructure connecting users with Web3 applications. These projects help users manage identity information and private data autonomously through decentralized identity identifiers (DID), verifiable credentials (VC), and access control technologies.

Spruce is an important player in this field, dedicated to building a secure, portable, and compliant identity verification and data authorization system. It provides a complete set of Web3 identity management tools for developers and users, with the core goal of giving users complete control over their digital identity and personal data.

In the traditional Web2 system, user identities and data are often controlled by centralized platforms, posing risks of misuse or leakage. The DID and VC system built by Spruce follows W3C standards and combines on-chain technologies like Ethereum, allowing users to reuse identity information across multiple platforms, achieving privacy protection, data minimization, and cross-platform interoperability.

Spruce's core product system includes:

1. SpruceKit: A modular development toolkit that supports developers in quickly integrating on-chain login (such as Sign-In with Ethereum), identity verification, VC issuance and verification, data authorization, etc., supporting iOS, Android, and Web application development, simplifying the process of building DID applications.

2. Credible: A mobile identity wallet for users that supports local storage and display of various digital credentials (such as KYC, educational certifications, DAO badges, etc.), making it easy for users to manage and authorize identity data, with good user experience and encryption security.

Spruce allows users to create decentralized identities (DID) using Ethereum addresses or other on-chain identifiers, combined with VC and Zero-Knowledge Proof (ZKP) technologies to achieve verifiable identity authentication, and users can selectively disclose specific attributes (such as "I am over 18 years old") without exposing their full identity.

In terms of data control, Spruce adopts a "user fully in control" model, where all identity credentials are encrypted and stored on local devices or decentralized storage systems controlled by users. Spruce itself cannot access, modify, or transfer user data, ensuring that data sovereignty is not interfered with by the platform. Spruce also provides a "data vault" function to help users uniformly manage sensitive credentials such as KYC results, educational certificates, and DAO contribution records in an encrypted manner. Users can selectively authorize partial information verification based on different application needs, achieving minimal data exposure.

As of now, Spruce's Credible wallet has not yet launched a formal version on the iOS/Android App Store, only providing source code for developers to build test versions. The VC/DID technology system provided by Spruce has been applied in multiple Web3 scenarios, including DeFi, DAO governance, Web3 social interactions, and NFT certification. For example, some platforms complete user compliance identity verification through tools provided by Spruce, issue verifiable credentials (VC), and allow users to reuse them on other VC-supported platforms, thus achieving the identity interaction logic of "one-time certification, multiple uses." Spruce's identity components are often integrated into third-party DApps or wallets through the SpruceKit SDK, helping projects meet compliance requirements and enhance user experience.

In May 2025, Spruce announced a strategic partnership with Galxe to support the identity verification logic of Galxe Passport V3, promoting the universal application of compliance identity credentials across multiple on-chain ecosystems. Users can use VC across platforms after completing a single identity verification through Spruce, enabling operations such as participating in IDOs and fiat deposits/withdrawals (such as Transak and Banxa), greatly enhancing compliance efficiency and user experience.

Through its open, modular tool system (SpruceKit) and user-end identity wallet (Credible), Spruce provides a complete set of decentralized identity infrastructure that meets compliance, security, and privacy protection needs for Web3 users and developers.

4.1.3 Lens Protocol: Social Relationships & Web3 Social Graph

Social graph-type DID projects aim to record and map users' social relationships, content behaviors, and influence, and assetize them on-chain to form transferable and composable decentralized social identities. The core function of these projects is no longer just to provide a unique identity identifier but to build a complete relational network and identity profile around users' social connections, content interactions, and on-chain reputation.

Lens Protocol is a foundational protocol launched by the Aave team for building Web3-native social networks, aiming to break the monopoly of Web2 platforms over user data and give users complete control over content, relationships, and identities. In Lens, each user's social identity, content publishing, and follow relationships are recorded on-chain, belonging to the user themselves, and no third-party application can arbitrarily ban, alter, or manipulate them. This decentralized social model allows users to truly own portable social relationships.

Unlike traditional social platforms, Lens modularizes social activities, where each follow, retweet, or post is an independent NFT asset. For example, a user's Profile is an NFT, and actions like Follow and Collect will also generate corresponding NFTs, thus achieving the assetization of social data. This design not only gives users data ownership but also brings new incentive mechanisms for content creators, such as the realization of creator economies and content copyright revenues on-chain.

In the Lens Protocol, every piece of content published by users (such as a post or article) is recorded on-chain in the form of an NFT, becoming a recognizable, collectible, and even tradable digital asset. This means that content creators not only have "ownership" of their content but can also set mechanisms through smart contracts to determine who can collect it and whether there are fees involved, thus enabling content monetization. For example, if a user publishes a valuable analysis article, others who wish to collect it can do so by paying a certain amount of tokens, with the proceeds going directly to the creator's wallet without any intermediary platform taking a cut. This approach establishes a model where content is treated as an asset, allowing users not only to own the content but also to continuously earn economic returns from it, thereby stimulating creator engagement and forming a creator economy within Web3. Additionally, since the original publisher and the collection chain of each piece of content are publicly transparent, it naturally establishes copyright ownership and dissemination paths, fundamentally addressing the issue in Web2 where content is easily plagiarized but difficult to hold accountable.

Figure 3. Lens explore page. Source: https://onboarding.lens.xyz/explore

At the identity layer, the Lens protocol inherently supports integration with DID (Decentralized Identity). When users create a Lens Profile, they can confirm their identity through an on-chain address or a connected DID wallet, meaning users can directly bind their decentralized identity to social assets, achieving a fusion of on-chain reputation and social influence. At the same time, Lens is compatible with various on-chain reputation mechanisms, such as integrating POAP, ENS, Gitcoin Passport, etc., to build the on-chain social resume of Web3 users.

Currently, Lens has been widely integrated into multiple Web3 applications, forming a diverse ecosystem. Users only need to create a Lens account with their wallet to use the same identity to publish content, comment, like, and earn rewards across more than a dozen social platforms, including Hey and Orb, with all data fully controlled by the users themselves. In addition to the officially recommended applications, an increasing number of third-party platforms are integrating the Lens protocol, making it an important infrastructure for unified social identity in the Web3 world.

4.1.4 ENS: On-Chain Identity Naming Service

In Web2, we are accustomed to identifying a person's online identity through email, phone number, or username. In Web3, user identity is often represented by a long, hard-to-remember, and poorly readable wallet address (e.g., 0x8f3…4b9d). On-chain identity naming services are designed to address this pain point. By using readable domain names (such as .eth), wallet addresses are mapped to concise, memorable, and socially attributed identity identifiers. These domain names can not only be used for transfers but also support binding social accounts, avatars, profiles, links, and other information.

Ethereum Name Service (ENS) is the earliest and most mature on-chain naming system in the Ethereum ecosystem. Since its launch in 2017, it has developed into a core infrastructure in the field of Web3 identity. ENS provides users with a decentralized, verifiable naming system through a set of smart contracts deployed on the Ethereum mainnet, mapping complex wallet addresses (like 0x1234…abcd) to readable domain names (like alice.eth) for various scenarios such as transfers, logins, signatures, and DApp usage, enabling more convenient and secure human interactions.

Each ENS domain name is essentially an NFT based on the ERC-721 standard, fully owned and controlled by the user's wallet. In addition to address mapping, ENS has various functions and has gradually evolved from an "address alias tool" to an on-chain identity aggregator and Web3 digital business card system:

1. Multi-chain address binding function: ENS supports configuring multiple on-chain addresses for a single domain name, covering Ethereum mainnet, Arbitrum, Optimism, Polygon, Bitcoin, Litecoin, Dogecoin, etc., allowing ENS domain names to be reused across multiple chains, simplifying cross-chain asset reception and identity management processes.

2. Text record function: Users can bind social and identity information such as Twitter, GitHub, Telegram, email, personal website links, avatar URLs, etc., under their ENS domain name, helping to showcase credible identities in Web3 social interactions, content creation, and DAO governance.

3. Subdomain system: Users who own .eth domain names can create an unlimited number of subdomains (e.g., nft.alice.eth, team.alice.eth), suitable for project member division, multi-role management in DAOs, and structured scenarios like internal account naming, which can also be authorized for third-party use.

4. Reverse resolution function: ENS supports mapping wallet addresses back to ENS domain names. When users connect their wallets in ENS-supported wallets or DApps, the system will automatically recognize and display names like alice.eth, enhancing identity recognizability and credibility.

Figure 4. ENS website page. Source: https://ens.domains/

The registration and management process of ENS is completely decentralized, with all operations completed through smart contracts. Users must pay the registration fee (charged annually, with costs varying based on domain length) and the Ethereum network's gas fees. The registration process includes three steps: submitting a registration request (Commit), waiting period, and confirming registration (Register), ensuring domain name protection against squatting and on-chain verifiability.

At the same time, ENS is not controlled by any centralized entity, and its future development is governed by the ENS DAO. ENS token holders can participate in system rule-making and feature upgrades through proposals and voting. ENS has been widely integrated into mainstream Web3 products and protocols, including MetaMask, Uniswap, OpenSea, Farcaster, Zora, Rainbow, etc., and can interoperate with other DID systems (such as Gitcoin Passport, Lens Protocol) to become a cornerstone of on-chain identity aggregation and reputation systems.

4.1.5 POAP: Recording On-Chain Memories and Reputation with Badges

In the Web3 world, building user identity should not rely solely on wallet addresses or asset quantities but should also reflect their participation trajectory, contribution behaviors, skill accumulation, and learning outcomes within the community. To this end, an increasing number of projects are beginning to record these behavioral data through non-transferable digital badges or credentials (such as SBTs, VCs), constructing an on-chain "digital resume" that provides infrastructure for the reputation and trust system in Web3.

POAP (Proof of Attendance Protocol) is one such system, aimed at recording users' experiences of participating in specific activities or events in the form of non-transferable NFT badges. POAP originated in the Ethereum ecosystem, initially deployed on the xDai chain (now renamed Gnosis Chain) to reduce transaction costs and accessibility barriers. Today, POAP supports free minting on the Gnosis Chain and can be optionally migrated to the Ethereum mainnet.

Figure 5. POAP website page. Source: https://poap.xyz/

Each POAP badge is essentially an NFT based on the ERC-721 standard but has strong behavioral binding characteristics. Although technically transferable, the POAP platform is designed by default for non-transferable use cases and encourages viewing them as proof of genuine user participation rather than circulating assets. This "experience binding" characteristic makes it widely regarded as one of the early practical forms of the Soulbound Token (SBT) concept.

The creation and distribution process of POAP is simple and free. Event organizers can create events, design badge graphics, and generate distribution links or QR codes through the POAP official website. Users can claim their POAP badges after participating in the event through the aforementioned methods. Each POAP contains verifiable metadata, such as event name, description, time, location, organizer identity, and image, all publicly accessible, providing strong identity narrative power. Currently, POAP has been widely applied in the following scenarios:

1. Proof of event participation: For events like hackathons, DAO community meetings, Web3 summits, Twitter Spaces, etc., users receive POAPs during the event to prove "I participated," which can be used for tickets, identity verification, and other purposes;

2. Community incentive mechanisms: Communities can issue POAPs to active members, governance participants, and content contributors as proof of contribution, combined with governance weight, airdrop distribution, and other incentives;

3. On-chain digital resume: The accumulated POAP badges form a visual participation history, showcasing users' experience, influence, and reputation in the Web3 world;

4. NFT interaction and commemorative collections: Some projects use POAPs for specific collections, time-limited tasks, or achievement systems, enhancing user engagement and enjoyment.

Users can view their or others' badge collections on the POAP official website or third-party platforms (such as DegenScore, Guild.xyz, Zapper, etc.), and some platforms also support using POAPs to filter user behaviors, assign roles, or unlock permissions. Many well-known projects and DAOs, including Gitcoin, BanklessDAO, ETHGlobal, ENS, Zora, and Uniswap, have adopted POAP as an important tool for community operations, governance identification, and contribution tracing.

Although POAP technically still uses standard NFT protocols, its behavior-binding attributes are bringing a new "reputation asset" mechanism to Web3, addressing the key identity challenge of "how to prove I did something" rather than "I bought something." In key scenarios such as DAO governance, decentralized credit, compliance screening, and on-chain resume building, POAP is becoming an important component of trusted identity identification and on-chain trust systems.

4.1.6 Snapshot: Gas-Free Web3 Governance Voting Platform

In traditional DAO governance, the common 1 token = 1 vote model, while simple to operate, is susceptible to issues such as witch attacks and manipulation by large holders, leading to a concentration of governance power and undermining fairness. To enhance the inclusivity and credibility of governance, an increasing number of projects are adopting weighted voting mechanisms based on identity, reputation, or contribution, leveraging on-chain behavior records, reputation credentials, SBT (Soulbound Token), and ZK (Zero-Knowledge) technology to promote a more reasonable distribution of voting rights.

These tools help DAOs more accurately identify truly active and trustworthy community members while also accelerating the deep integration of on-chain identity systems (DID) with governance models. Among them, ZK technology can achieve privacy protection and resistance to witch attacks, while SBT is used to record users' non-transferable identities and contributions, serving as two key pillars in decentralized governance.

Snapshot is currently one of the mainstream decentralized governance voting platforms, widely used for proposal decision-making and community consensus in DAOs. Its biggest feature is the off-chain voting and on-chain signing mechanism: users can complete voting simply by signing with their wallets, without needing to pay gas fees, significantly lowering the participation threshold and increasing the activity and efficiency of community governance.

The system architecture of Snapshot is highly flexible, allowing project teams to freely set voting rights rules based on token holdings, NFT ownership, POAP badges, ENS domain names, and even combine reputation credentials like Gitcoin Passport and Sismo for weighting. This modular mechanism makes Snapshot suitable for various organizations, from DeFi protocols and NFT projects to governance DAOs, and allows for adjustments to participation standards based on actual needs.

The process for users to use Snapshot is very simple: the project team creates a governance space (Space), sets the proposal content and voting conditions; community members connect their wallets and can sign and vote on proposals within a specified time frame, with the entire process not requiring on-chain actions, and the voting results presented instantly through visual charts. Snapshot itself does not execute on-chain operations but can integrate with governance tools like Safe and Tally to automate proposal execution.

Figure 6. Snapshot spaces. Source: https://snapshot.box/#/explore

Currently, Snapshot has been integrated by mainstream projects such as Aave, Uniswap, ENS, Gitcoin, Curve, and dYdX, becoming one of the foundational infrastructures for DAO governance. With the continuous development of decentralized identity systems (DID), zero-knowledge proofs, and reputation mechanisms, Snapshot is gradually evolving into a more precise, secure, and trustworthy community governance tool.

4.2 Typical Projects for On-Chain KYC

As mentioned earlier, how Web3 applications can meet compliance requirements while ensuring user privacy has become a key issue that many projects must face. On-chain KYC (Know Your Customer) projects have emerged to resolve this contradiction. Unlike traditional KYC, these projects attempt to combine the identity verification process with on-chain applications through decentralized identity (DID), verifiable credentials (VC), and zero-knowledge proofs (ZK), helping users complete necessary identity authentication without disclosing sensitive information.

Such protocols typically first complete compliance audits (such as document verification, live identification, etc.) through off-chain partners, and then store the certification results in the form of non-transferable credentials or privacy proofs on-chain or in the user's local wallet. When users need to access certain Web3 services that require compliance (such as participating in IDOs, fiat deposits and withdrawals, governance voting, etc.), they can present these credentials as proof without having to repeatedly upload identity information.

4.2.1 Fractal ID: Web3 KYC Compliance Service Provider

Fractal ID is a platform focused on providing compliant identity authentication solutions for Web3, dedicated to helping users complete one-time identity verification on-chain through decentralized identifiers (DID) and verifiable credentials (VC), and reusing the authentication results across multiple applications, thereby simplifying compliance processes and protecting user privacy data. It serves not only on-chain native scenarios like DeFi and DAOs but is also widely applied in financial gateways that require strong compliance, such as fiat deposits and withdrawals.

Fractal ID employs a verification mechanism that combines short-term data storage with decentralized credentials. After completing the KYC process, users' identity data will be retained in a centralized system for a maximum of 14 days to support the verification process, after which all related data will be completely deleted, leaving no backups. Subsequently, Fractal will issue a cryptographic VC credential to the user, recording identity status (such as being over 18, passing KYC, being an EU resident, etc.), which is non-transferable, controlled by the user, and stored in their local identity wallet or in the decentralized identity system idOS built by Fractal.

Fractal itself does not retain users' original identity data long-term, only keeping anonymized system logs (such as event timestamps, API call records, etc.) to support system operation and compliance audits. In the future, if third-party projects need to access identity information, they must obtain user authorization (Access Grant) through idOS, and the authorization can be revoked at any time. This mechanism ensures compliance while also guaranteeing data sovereignty and privacy control.

To enhance service compliance, Fractal ID collaborates with several regulated KYC/AML verification service providers, including leading international verification platforms like Veriff. These partners provide passport/ID recognition, live detection, address verification, anti-money laundering (AML) screening, and other services, and work with Fractal to complete the credential issuance process.

In terms of ecosystem, Fractal ID has integrated with multiple Web3 projects and protocols, including Polkadot, NEAR, KILT Protocol, Galxe, etc., particularly occupying a leading position in the compliance identity infrastructure in the European market. Since 2024, Fractal has also actively participated in multiple ZK identity authentication solutions and DID alliance plans, continuously exploring the integration of its compliance advantages with on-chain privacy technologies. Meanwhile, the project is promoting deep integration of VC credentials with L2 networks and mainstream wallets, with the potential to achieve one-stop identity management and authorization in the future. According to the official website, Fractal ID has been operating stably for over 8 years, serving more than 1.2 million users and establishing partnerships with over 250 Web3 projects, becoming one of the leading solution providers for on-chain KYC and identity compliance.

Figure 7. Fractal ID data. Source: https://web.fractal.id/

4.2.2 Polygon ID: On-Chain KYC and Privacy Identity Infrastructure Driven by Zero-Knowledge Proofs

Polygon ID is a decentralized identity protocol launched by Polygon Labs, aimed at providing users with a privacy-protecting, verifiable, user-sovereign on-chain identity solution. Its biggest highlight is the combination of DID (Decentralized Identifier) and ZK (Zero-Knowledge) technology, allowing users to complete on-chain identity verification, KYC compliance certification, access control, and qualification proof without disclosing original identity data. This protocol is not only a typical application practice of on-chain KYC in Web3 but also provides strong support for DAO governance, Web3 gaming, and threshold social scenarios.

Polygon ID adopts a modular design, consisting of four core components:

1. Identity Wallet: Users can locally generate and manage their own DID and credentials, with built-in ZK computation capabilities to ensure that privacy data is never disclosed.

2. Issuer Node: Governments, platforms, or project teams can act as issuers to issue encrypted identity credentials (such as "KYC completed") to users.

3. Verifier Node: Any DApp or platform can act as a verifier, reading and verifying the ZK proof submitted by users to confirm their identity status.

4. On-chain Protocol: Supports credential registration, revocation, and cross-protocol interoperability.

Specifically, after a user completes KYC at a certain institution, they will receive an encrypted credential issued by the Issuer, which is stored locally in their wallet. When they need to prove "I am over 18" or "I do not belong to a certain region," the wallet will automatically generate a mathematical proof (ZK Proof) that only exposes the necessary information. The Verifier verifies the validity of the proof without accessing the original data, completing the identity review. This mechanism greatly enhances the privacy, flexibility, and compliance of on-chain identity verification.

Multiple Roles and Usage Thresholds

In the design of Polygon ID, different user roles bear different responsibilities, with significant differences in involvement and technical thresholds, mainly divided into three categories: End Users, DApp Developers (Verifiers), and Identity Issuers.

For ordinary end users, using Polygon ID requires almost no technical background; they only need to download the official wallet (such as Polygon ID Wallet) to receive identity credentials issued by trusted institutions and use zero-knowledge proofs to verify their identity attributes by clicking to generate proofs when needed. The entire process is a black box for users, who do not need to understand the underlying cryptographic mechanisms. For example, users can prove "I am over 18" without revealing their date of birth.

For DApp developers, integrating Polygon ID requires a certain level of technical foundation. Developers need to understand the principles of verifiable credentials (VC) and zero-knowledge proofs (ZK), use the official SDK, or deploy verification nodes to integrate identity verification functions into front-end or back-end systems. If more complex verification rules are needed, they may also need to use ZK circuit tools, making basic blockchain development experience suitable.

For credential issuers (Issuers) such as DAOs or KYC service providers, the integration difficulty is higher. Issuers need to deploy Issuer nodes, configure credential templates and issuance policies, and sometimes need to use Circom to write custom ZK circuits. The overall process involves identity modeling, contract integration, and the use of cryptographic tools, suitable for teams with strong technical capabilities. Overall, while the identity system of Polygon ID is user-friendly for end users, it still presents certain technical thresholds for developers and infrastructure providers.

Project Evolution: From Polygon ID to Privado ID

In 2024, Polygon ID officially separated from Polygon Labs, operating independently and rebranding as Privado ID, reaffirming its neutral and open protocol positioning. Privado ID aims to become an identity infrastructure that supports multiple chains and is compatible with traditional data systems, dedicated to solving the issues of fragmented on-chain and off-chain identities, privacy protection, and interoperability. As a decentralized, trustless identity intermediary, Privado ID connects applications, credential issuers, and users, using zero-knowledge proofs and cryptographic tools at its core to prevent users from exposing sensitive information during the identity verification process. Privado ID is no longer limited to the Polygon network but supports all EVM-compatible chains and plans to expand to non-EVM chains. At the infrastructure level, Privado ID has collaborated with several institutions, including ConsenSys's zkEVM chain Linea and DigiShares asset platform, to provide verifiable credentials (VC) for scenarios such as RWA compliance, DeFi access control, anti-Sybil attacks, and AI deepfake content governance. Meanwhile, Privado ID adheres to W3C standards, supports interoperability with traditional Web2 systems, and actively builds cross-chain identity sharing and reputation systems.

Figure 8. Privado ID website page. Source: https://www.privado.id/

Application Scenarios

Privado ID provides an efficient and privacy-friendly identity verification solution, with its core advantage being "verification without disclosing information." It helps users complete KYC (Know Your Customer) certification through zero-knowledge proof technology without exposing sensitive data, meeting the compliance needs of platforms while significantly enhancing user experience and security. Users only need to complete a one-time KYC verification to generate a reusable encrypted credential, which can be used for one-click identity verification across multiple platforms in the future, eliminating the need to repeatedly submit identification, greatly reducing data storage risks.

In terms of resisting bots and Sybil attacks, Privado ID employs specialized anti-bot mechanisms to identify and limit malicious account behavior, ensuring fairness in airdrops, governance voting, and reward distribution, thereby enhancing community trust. For the sensitive need for age verification, Privado ID offers a privacy-protecting and compliant solution, allowing users to prove "I am of legal age" without disclosing specific birth dates, applicable to various Web3 applications and communities that require age thresholds.

Privado ID also supports the construction of digital identity systems, assisting governments and institutions in launching secure, interoperable national digital identity frameworks, applicable in areas such as cross-border certification, citizen services, and e-government, promoting the extension of on-chain identities into the real world. In response to the challenges posed by AI-generated content and deepfakes, Privado ID provides a content authenticity certification mechanism that binds content to real identities, ensuring the credibility of information sources and effectively curbing false dissemination, suitable for industries such as elections, public trust dissemination, and digital media.

Additionally, Privado ID's architecture is flexible, adapting to a wide range of identity interaction scenarios. It supports identity tickets and access control in Web3 games and offline events, preventing ticket scalping and malicious account creation, and can verify users' ownership of NFTs or membership identities to activate exclusive rights. In the realm of real-world assets (RWA), Privado ID has collaborated with platforms like DigiShares as a compliance identity verification tool, helping investors complete KYC, sign contracts, and obtain digital credentials.

At the same time, Privado ID is collaborating with institutions across finance, payments, and hardware wallets to promote the integration and implementation of decentralized identity systems in both Web2 and Web3 scenarios, gradually becoming an important infrastructure for on-chain privacy identity and digital reputation management.

4.2.3 Worldcoin (Iris Authentication, Providing World ID)

Worldcoin aims to provide a decentralized, unique, and privacy-protecting digital identity verification system for global users. Its core product is World ID, an identity identifier based on iris biometric technology. Users scan their irises using a specially designed hardware device called "Orb," generating a unique biometric identity tag. This process ensures that each person can only have one unique World ID, effectively preventing identity forgery, multiple registrations, and bot attacks.

Worldcoin utilizes zero-knowledge proof (ZKP) technology, allowing users to securely prove the uniqueness and authenticity of their identity to Web3 applications without disclosing sensitive biometric information such as their iris. In other words, users can prove "I am the only one" without revealing specific biometric data, thus balancing privacy protection and compliance needs.

In terms of the usage process, users must first visit offline locations equipped with Worldcoin "Orb" iris scanning devices, such as designated event venues or partner stores, to complete the iris scan using the Orb device. The scanning process is quick and painless, with the Orb capturing the unique biometric features of the user's iris and generating a unique World ID. The user's iris data is not stored or leaked after being converted into an encrypted identity identifier, ensuring privacy security. Subsequently, users can utilize zero-knowledge proof technology to verify their identity's uniqueness to various Web3 applications without exposing original biometric information. With World ID, users can participate in various identity-based activities, including receiving cryptocurrency airdrops, participating in governance voting for decentralized autonomous organizations (DAOs), joining exclusive communities, and completing compliance verification. World ID can be seen as the user's unique identification in the digital world, supporting secure and private identity verification across different platforms, facilitating long-term management and use.

It is evident that World ID has broad application value in multiple scenarios. For example, users can use it to participate in cryptocurrency airdrops, governance voting for decentralized autonomous organizations (DAOs), or access specific communities and services through identity verification thresholds. Additionally, Worldcoin hopes to promote inclusive development of the global digital economy by popularizing a secure and fair identity system, enabling more people to participate in the digital asset and Web3 world without barriers.

As of now, Worldcoin has deployed hundreds of Orb devices in various regions worldwide, collecting iris data from millions of users, helping to build a vast decentralized identity network. As a cutting-edge project that combines biometric technology with blockchain, Worldcoin not only enhances the security and reliability of on-chain identity verification but also opens up new possibilities for protecting user privacy and promoting digital equity.

4.2.4 Humanity Protocol: Based on Palm Print Recognition, Emphasizing "Human Uniqueness"

Humanity Protocol is a decentralized identity protocol based on biometric recognition, dedicated to providing unique identity verification services for global users. Its core mechanism generates an encrypted human identity (Humanity ID) through palm print scanning and utilizes zero-knowledge proof technology to prove to the outside world that the user is "a unique real human" without exposing original biometric information. The protocol is launched by the Human Institute, aiming to establish a scalable, secure, and Web3-compliant human identity network.

Users only need to download the Humanity app, complete phone number binding, learn through video tutorials, and perform a one-time palm print scan to obtain their Humanity ID. The entire process does not collect users' real names, identification documents, or other personal data; all biometric information is locally encrypted and stored, ensuring users' privacy sovereignty. In subsequent use, users can participate in applications within the ecosystem, such as social platforms, DAOs, GameFi, and airdrop verification, without needing to repeat verification or disclose sensitive information.

In terms of on-chain KYC, Humanity Protocol allows users to prove they are real human individuals without providing original identity information through its uniqueness + zero-knowledge proof identity mechanism, significantly reducing the compliance, security, and privacy balancing costs for Web3 applications. This mechanism is particularly suitable for scenarios requiring basic identity authenticity verification, such as IDO registration, airdrop screening, governance voting, and anti-witch attacks, providing pre-filtering for on-chain compliance.

At the same time, the protocol also has the potential to collaborate with other identity systems. Developers can integrate Humanity ID into existing DID/KYC architectures, such as Fractal ID, Polygon ID, Gitcoin Passport, etc., as a first-layer verification, further enhancing resistance to witch attacks and trust mechanisms. Additionally, in scenarios such as DAO governance, threshold social interactions, and on-chain real-name logins, Humanity Protocol can serve as proof of being a real person, helping communities filter genuine participants and improve governance efficiency.

Figure 9. Humanity protocol website page. Source: https://www.humanity.org/

4.3 The Integration of DID and On-Chain KYC

In the Web3 identity system, DID (Decentralized Identifier) and on-chain KYC (Know Your Customer) both serve the core issue of on-chain identity systems, but their starting points and paths are entirely different. It is precisely because of this that their integration demonstrates a powerful synergistic effect in practice.

DID focuses more on the generation, control, and privacy protection of identity. It emphasizes user self-sovereignty, meaning that identities are generated, held, and managed by users themselves, with the system achieving decentralized verification of specific identity attributes through Verifiable Credentials (VC) and zero-knowledge proofs. In the DID system, users can choose to display "I am over 18" or "I have certain qualifications" without disclosing sensitive information such as names or birth dates. This approach emphasizes privacy and cross-platform reusability, making it suitable for building an open and trustworthy identity network.

On the other hand, on-chain KYC focuses more on identity certification and compliance implementation, essentially designed as a trust verification mechanism to meet regulatory requirements (such as restricting U.S. users, identifying institutional investors). It typically completes user real-name authentication through off-chain centralized service providers and then stores the verification results on-chain in the form of signatures, whitelists, or hash records for access control or behavior auditing, ensuring that on-chain behavior is legal and compliant.

Despite the different technical paths, both are often used in conjunction in practical applications. For example, users complete an identity verification through KYC service providers like Fractal and Synaps, obtaining a cryptographically signed Verifiable Credential (VC). They then use a DID wallet (such as Polygon ID or Galxe Passport) to store this credential. When interacting with on-chain protocols, users only need to present a zero-knowledge proof to demonstrate "I have passed KYC" without disclosing identity details. The contract reads and verifies this proof, achieving the triple goals of identity usability, privacy control, and compliance auditing.

This integration retains the compliance and authority of KYC while introducing the privacy protection and decentralized control represented by DID, making it one of the optimal solutions for the current Web3 identity infrastructure. Typical representative projects such as Polygon ID, Quadrata, and Galxe Passport have developed along this path and have found practical applications in scenarios like DeFi, DAOs, RWAs, and Launchpads.

From a macro perspective, DID serves as the structural layer, while KYC is the source of trust; the former provides the identity model, and the latter provides identity verification. With the maturation of technologies like VC and ZKP, the integration of DID and KYC is driving the evolution of the Web3 identity system from "identifiable" to "trustworthy."

5. Technical Challenges and Privacy Trade-offs

In the Web3 world, identity is an important bridge connecting users and protocols. Users must verify their identity information to participate in DAO governance, DeFi operations, airdrop activities, or even deposit and withdrawal transactions. To meet compliance regulatory requirements while protecting user privacy, many projects are beginning to explore new paradigms of decentralized identity (DID) and on-chain KYC. However, this system faces numerous technical challenges and trade-offs in practical applications.

5.1 Technical Challenges: Lack of Standardization, High Barriers to Use, Compatibility and Performance Still Need Improvement

Firstly, the lack of standardization in identity is one of the biggest technical pain points currently. Although most DID and on-chain KYC projects claim to adopt the W3C Verifiable Credentials (VC) framework, they differ in specific field definitions, issuance logic, credential formats, and metadata structures. The lack of a universal protocol between different projects makes it difficult for credentials to be used across platforms or chains. For example, a "passed KYC" credential obtained by a user in Project A may not be directly recognized and verified by Project B. This greatly limits the reuse value of VCs and affects the composability of the identity layer.

Secondly, while zero-knowledge proof (ZK) technology ensures privacy, it presents significant barriers in practice. The process of building ZK circuits, generating proofs, and deploying verification contracts involves complex cryptography and on-chain programming logic, requiring developers to have a high level of technical expertise. Even though leading projects like Polygon ID have launched SDK tools, there are still learning curves and integration costs, which are particularly unfriendly to small and medium-sized projects.

Furthermore, even if technical integration is completed, ZK KYC still faces real bottlenecks in performance and user experience. Generating ZK proofs often requires substantial computational resources, and some complex proofs can take tens of seconds to generate, affecting users' immediate interaction experience. Additionally, the hardware burden of generating ZKPs on mobile devices is significant, and some wallets have yet to fully integrate the relevant engines. This makes balancing "privacy-friendly" and "convenient and easy to use" difficult.

Finally, the challenges of cross-chain deployment cannot be ignored. Currently, mainstream ZK projects have significant differences in their technology stacks across different chains, such as circom/snarkjs (Polygon ID) and Semaphore (Sismo) using different circuit standards, complicating the cross-chain reuse of credentials and identity interoperability. This directly limits the scalability and network effects of on-chain identity systems.

In summary, the implementation of DID and on-chain KYC faces not only the problem of standard fragmentation but also requires continuous efforts in usability, cross-chain compatibility, and ZK technology performance to truly support the next phase of large-scale applications.

5.2 Distributed Storage and Persistence Issues in the DID System

In decentralized identity (DID) systems, users' identity information and verification records are typically not entirely stored on-chain but are kept in distributed storage networks, such as IPFS, Arweave, or decentralized identity systems like idOS and Ceramic. This approach can reduce costs and protect privacy, but it also raises a practical issue: can this data be accessed long-term, securely, and stably?

Taking IPFS as an example, while its design ensures data immutability, it is not always online like traditional servers. If no one continuously "pins" a piece of data, it may become inaccessible due to a lack of node retention. For identity credentials, if users or verifiers cannot access this data in a timely manner, it will affect the verification of KYC certification results, confirmation of voting rights, and even the execution of DeFi compliance.

Another challenge is that identity data is often not static. For instance, if a user's identity credential has expired, been revoked, or needs to update address information, many current DID systems lack unified standards for credential updates and revocation mechanisms. This can lead to verifiers receiving outdated data, making it impossible to determine whether it is still valid.

To address these issues, some projects are working to improve the situation. For example, idOS attempts to store user credentials across multiple nodes and supports an authorization mechanism for "who can view which data," ensuring that data is not lost due to node downtime. Ceramic allows users' identity data to be continuously updated (e.g., adding a new KYC proof), ensuring that credentials are dynamic rather than static. Arweave and Filecoin provide incentive mechanisms to encourage more nodes to store users' identity information long-term, enhancing data availability.

Thus, ensuring that users' identity data is secure, private, and persistently available for verification is a core challenge for DID projects. This relates to whether on-chain identity can truly be implemented and determines whether future scenarios like on-chain KYC, DAO governance, and Web3 social interactions can be scaled. Currently, there is no perfect solution to this problem, and the industry still needs to continuously optimize standards, protocols, and storage systems.

5.3 Privacy Trade-offs: How to Find a Balance Between Compliance and Anonymity?

One of the major challenges in Web3 identity verification is how to meet compliance requirements without disclosing privacy. Traditional KYC methods typically require uploading sensitive information such as ID cards, addresses, and ID photos, storing this data on centralized servers, which is prone to leaks and gives users no control over their data. The new trend in on-chain KYC is to use encrypted credentials and ZK proofs to allow users to disclose only the necessary minimum information. For example, when a DeFi platform only allows "non-U.S. users" to participate, users only need to generate a ZK proof stating "I am not a U.S. citizen," without revealing specific nationality or address, thus satisfying compliance checks while protecting personal privacy.

However, there are still certain challenges in real-world scenarios. For instance, in scenarios involving fiat currency deposits and withdrawals, RWA compliance custody, or high-risk asset transactions, some platforms and service providers (such as Transak, MoonPay, Banxa, etc.) still need to verify and archive users' complete identity data under regulatory requirements. This makes it impossible for solutions relying solely on ZK proofs to completely replace traditional KYC processes in certain applications, creating a structural contradiction between privacy protection and compliance review.

To address this issue, some current DID and on-chain KYC projects have introduced more flexible mechanisms, including Revocable Credentials and Granular & Time-limited Access Control designs. The former allows credential issuers or users to revoke their credential status when necessary, addressing situations like identity expiration or permission changes. The latter allows users to grant one-time or time-limited access to a verifier, which can be revoked at any time, effectively preventing data from being occupied long-term.

In practice, Fractal ID + idOS provides a relatively complete privacy authorization and revocation mechanism. After users complete identity verification, their KYC data is encrypted to generate a Verifiable Credential stored in a decentralized identity system, with the platform itself not retaining the original data. Only with user authorization can third parties read the credential content, and access rights can be revoked at any time. Polygon ID has also introduced a credential status registry in its identity protocol, supporting on-chain revocation and status management, and providing programmable permission control solutions to support diverse use cases. Solutions like Sismo primarily use one-time zero-knowledge proofs to avoid data flow and storage, thereby minimizing conflicts between compliance and privacy from a mechanistic perspective.

For DID and on-chain KYC projects, achieving a balance between compliance verifiability and minimal data disclosure remains a common challenge at both technical and institutional levels.

5.4 Decentralization vs. Centralization: The Trust Dilemma of Issuers

The ideal state of decentralized identity systems is that users control their data, and anyone can verify it without relying on intermediaries. However, currently, most on-chain identity systems still depend on trusted issuers to issue identity credentials, such as the Issuer nodes in Fractal ID, Worldcoin, and Polygon ID.

On one hand, the higher the degree of centralization of the issuer, the lower the user privacy and system resistance to censorship. On the other hand, a lack of trusted issuers can lead to insufficient credibility of credentials, making them difficult to adopt widely. Establishing a decentralized, multi-signature, standardized network of issuers remains one of the core challenges in the on-chain identity ecosystem.

Overall, on-chain identity systems are striving to find a balance between privacy protection and identity verifiability, technical usability, and standard interoperability. Although still in the early stages, with the maturation of ZK tools, standardization of VC structures, and collaborative development of ecosystem projects, future on-chain KYC will be more secure, decentralized, and compatible, truly becoming the infrastructure for compliance and trust in the Web3 ecosystem.

6. Industry Trends and Future Outlook

The discussion around DID and on-chain KYC has continued to heat up over the past few years, but practical implementation has always been limited. Therefore, the future evolution of the identity system is more likely to seek a compromise between "concept" and "reality," rather than a linear path toward complete decentralization.

User awareness of privacy and data autonomy is increasing, but this awareness has not yet naturally translated into a strong demand for DID. Current identity products, such as ENS and Base ID, although they have a considerable user base in the ecosystem and are integrated by some leading projects (like Base and Uniswap Wallet automatically generating xxx.uni.eth, etc.), their functionalities mostly remain at the level of "readable domain names," "address labels," and "account binding," failing to provide verifiable, transferable, and reusable on-chain identities. This reflects that while ENS is integrated by many projects, it has not formed credentials that can be trusted across different scenarios; Base ID is primarily used for basic human-machine recognition rather than serving as a long-term identity; users frequently switch between addresses, and the scenarios are highly fragmented; all of these make it difficult for DID to truly become a "universal ID card." Therefore, self-sovereign identity currently resembles more of a concept and cultural trend rather than an infrastructure with large-scale demand and demonstrable necessity.

Zero-knowledge proofs (ZK) and verifiable credentials (VC) remain important technologies driving the field forward, but they are more likely to develop in a form that is "seamlessly" embedded in applications. Their advantage lies in allowing users to complete verification without "exposing sensitive information" and providing standardized credential formats, but these capabilities are more likely to be integrated at the underlying level in a seamless manner rather than requiring users to actively manage a complex credential system. From a practical standpoint, what users truly need is automated, embedded identity capabilities, rather than a toolkit that requires self-maintenance.

The composability of credentials will gradually enhance, but in the short term, it will primarily focus on "reusability within scenarios." The fragmentation caused by different projects, chains, and regulatory requirements makes the ideal of "one credential applicable to all applications" difficult to achieve in the foreseeable future. A more realistic situation is that DAO governance credentials, whitelist proofs, risk levels, etc., will be repeatedly used within their respective vertical fields, rather than forming a unified identity that covers the entire chain ecosystem.

In the stage where DID is not yet mature and users are unwilling to actively manage on-chain identities, "front-end KYC" is becoming a more pragmatic and easier-to-implement intermediate form. It still belongs to traditional KYC but is positioned at the interface layer of DApps, wallets, or applications. When users trigger sensitive operations for review, such as withdrawals, payments, or accessing regulated assets, it does not require changing the execution logic on-chain. While it does not embody the decentralized ideal of DID, it excels in usability, low cost, and the ability to directly reuse mature Web2 identity verification infrastructures, such as Sumsub, Jumio, and Persona. Users can complete compliance operations without needing to understand ZK and VC. Therefore, front-end KYC has become one of the main ways to connect regulatory requirements with on-chain scenarios at this stage. As VC, ZK, and other technologies continue to mature, more decentralized identity models theoretically have the opportunity to gradually replace it. However, for a considerable period, front-end KYC will remain the most executable solution for Web3 products amid compliance pressures and technological maturity.

At the same time, the industry is exploring a more advanced yet still realistically feasible path: a lightweight compliance model of "off-chain verification, on-chain credentials." Users complete traditional KYC off-chain, generating encrypted and reusable credentials verified by third parties, which users hold and present on-chain in a manner that minimizes privacy exposure. Compared to building a completely decentralized identity system from scratch, this model is easier to embed in existing DeFi, RWA, or compliant wallet scenarios and is closer to a compromise between Web3 ideals and regulatory requirements.

From a longer time scale, the evolution of on-chain identity systems will not stagnate, but it is also unlikely to develop explosively. A more probable path is gradual penetration into specific use cases, from governance permissions and anti-witch-hunt attacks to lightweight compliance and access control. The composability of credentials will improve, but it will be closer to "reuse within scenarios" rather than "one credential to rule them all." Identity verification can only enter a large-scale application phase when it truly becomes seamless for users.

If in the future DID can transition from a concept to a genuine infrastructure-level demand, AI Agents are likely to become one of the important forces driving this change. For ordinary users, actively managing DID, VC, ZK, and other structures is both complex and lacks intuitive benefits, making it difficult to achieve large-scale usage. However, for AI Agents, the identity system is a foundational capability for their operation. When they execute operations on-chain, invoke permissions, complete tasks, and participate in economic activities, they need a verifiable and transferable way to prove "who I am," "what I can do," and "whether I am trustworthy." As on-chain Agents increasingly operate like "autonomous individuals," they require identities that can be reused across applications to handle permission management, risk control checks, and reputation accumulation. In this model, DID is significant for Agents much like an "on-chain passport": it helps them execute tasks in a traceable manner in DeFi, governance, RWA, or cross-application collaboration, thereby taking on real operational roles in the machine economy.

Moreover, since the potential scale of Agents far exceeds that of the actual user base, once they adopt DID in bulk, it will naturally create a demand for cross-scenario reuse, potentially driving the unification of credential formats, identity standards, and security mechanisms, thus fostering the scaling effect of on-chain identity. This has already appeared in some pilot projects, where certain AI Agent networks are using DID/VC as the registered identity of Agents for task distribution and reputation accumulation. However, significant obstacles remain: the current standards for DID are still highly fragmented, lacking a unified structure between different chains and applications; the boundaries of privacy and permission disclosure are ambiguous; and regulations have yet to clarify "whether AI can hold identity," among other issues. Therefore, the vision of AI Agents widely using DID still requires long-term development. Nevertheless, the rise of Agents is indeed quietly changing the demand structure for on-chain identity, making it possible for identity to shift from "for human use" to "for machine use." In the long run, this may redefine the core value of DID and open a new development path for future on-chain identity systems.

The future identity infrastructure is more likely to be a hybrid system: front-end KYC provides a practically implementable compliance entry point, "off-chain verification, on-chain credentials" reduces user burden, and DID, ZK, and VC gradually mature as underlying capabilities, with DID potentially welcoming genuine functional demand first within the AI Agent system. The grand ideal of DID may not be fully realized, but the pragmatic capabilities surrounding credentials, privacy, and compliance will become an indispensable direction for infrastructure in the long term within Web3.

References

1. Introducing Galxe Passport. Link: https://help.galxe.com/en/articles/9424571-introducing-galxe-passport

2. Galxe passport docs: https://help.galxe.com/en/articles/9424571-introducing-galxe-passport

3. Spruce dev docs. Link: https://www.sprucekit.dev/

4. Spruce docs: https://docs.spruceid.com

5. Spruce Credible: https://github.com/spruceid/wallet

6. A Beginners Guide to Ethereum and ENS. Link: https://ens.domains/blog/post/beginners-guide-to-ethereum-and-ens

7. How to Create a POAP Drop. Link: https://poap.zendesk.com/hc/en-us/articles/9702718846989-How-to-Create-a-POAP-Drop

8. How to Make Great POAP Drops. Link: https://www.poap.news/how-to-make-great-poap-drops/

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。