Privacy in DeFi

Web3’s mission is to decentralise and provide ownership to users. By design, transaction history is public on most blockchains. Privacy and decentralisation are a bit of a dichotomy.

We’re going to dig into this and talk about how folks are trying to solve it. In doing so, we’ll talk introduce two exciting developments in Web3: zero-knowledge proofs and soul-bound tokens.

Privacy in Web3

Antonio Garcia Martinez wrote an excellent post yesterday on how privacy is flipped in Web3.


Today, most websites expose our real identity, but do not expose user data. Real identity refers to data like your email address. User data refers to things you’ve bought on Amazon or watched on YouTube. User data is sold (to advertisers), but not exposed for any user to see.

This is flipped in Web3. When you transact in Web3, everything is public. Given a wallet, you can find all assets in the wallet and the wallet’s transaction history. Here’s an example wallet if you want to take a look. On the other hand, you can transact without disclosing who you are. Many crypto users choose to operate in this way.

Why privacy is critical

Transaction history

I can’t think of anyone who wants their information out in the open. People find their way around this is by separating their real world identity from their Web3 identity. You either know my wallet address or my real identity, but not both.

I don’t believe this approach works for mainstream users. It creates a lot of friction. A good example of this is the Ethereum Name Service. It turns your wallet address into something recognisable, like an email address (for example, mine is ntkris.eth). One of the great things about Web3 is the ability to sign-in, pay and receive using a single ID. But if you don’t want to be associated with a wallet, you can’t use it. What’s the point?

Personally identifiable information

Certain use cases are not possible with this public-by-default design choice. I wrote about how DeFi will scale when it can lend to the masses. For this to happen, you need to measure the risk of each individual.


A decentralised protocol will need access to a user’s credit rating. Where do you put this data? There’s virtually no reason to expose a user’s credit score on chain and expose it to the public. If the data is stored elsewhere, you have the issue of trust. How do you know the data is accurate?

A reminder that DeFi is only useful if there are no third parties. If you need a human to verify the risk profile, DeFi will not provide meaningful advantages to the infrastructure we have today.

Solving the privacy dichotomy

There are two exciting developments in crypto that are trying to solve this problem. We’ll introduce each one, and then talk about how they come together to solve this.

Zero-knowledge proofs


Zero knowledge (zKProof) proofs allow users to prove a piece of information is correct without actually revealing what it is. zkProofs were invented years ago. Their utility has become very relevant in the context of blockchains.

They solve two problems. First, they help you send information privately. Second, they can increase scalability by reducing the amount of data that is stored on a blockchain. Anything recorded on the blockchain needs to be stored on multiple databases, the less data you need to store, the more efficient it is.

Soul bound tokens

Soul bound tokens are tokens that cannot be transferred once they are issued to someone. It’s a terrible name, and has its origins in World of Warcraft (a game).

The idea here is to issue a “permanent token” to a specific wallet. Think of your driving license, college degree or vaccination certificate. These documents are cumbersome to carry around. Scanned copies don’t really work because they can be easily forged.

Bringing it all together

Let’s see how the two solutions above can address privacy concerns.

Transaction history

With zkProofs, you can build private blockchains. Transaction history and the balance in a wallet are private. They are encrypted and only the owner of the wallet can access the data.

This is because zkProofs enable a wallet to prove something (that they sent X amount or received Y amount) without actually disclosing what that amount was. Check out Espresso if you’re interested in this use case.

Personally identifiable information

If you combine soulbound tokens and zkProofs, you can do really interesting things with blockchains.

Let’s use an example to demonstrate. Alice wants to order a beer at a bar and needs to prove that she is at least 18 years old.

  1. Alice’s uses her drivers license, which is a soulbound NFT issued by the motor vehicle authority in her country.
  2. This soulbound NFT is represented as a QR code on Alice’s phone.
  3. When the bar scans the QR code, the bar’s application is asking if Alice is whether Alice is at least 18 years old.
  4. zkProofs help establish that Alice is 18 years old. However, Alice’s birthdate is not shared with the bar.

This is a trivial example, but illustrates the point around privacy. Suddenly, we have technology that allows the user to remain in complete control of their data and prove ownership without an intermediary.

The data in the soulbound NFT (driving license in this case) is encrypted. Only the holder of the soulbound NFT has the ability to access the information.

Some critics argue that you can achieve the above without having the information (i.e. Alice’s driving license) on the blockchain at all. It could be stored privately by the individual (this is called a verifiable credential). The outcome is very similar, but the data is stored off a blockchain, privately by the user. I’d like to cover this in detail in a future essay. I recommend this video where Vitalik Buterin and Evin McMullen debate the two, if you want to learn more.

To close

This design space in Web3 excites me because it can unlock real-world use cases. I do want to call out that it’s really, really early. Soulbound tokens aren’t live yet. zkProofs are still being developed. If you’re interested in Web3 though, pay attention to this space.