21 Analytics logo
Request a Demo

Address Ownership Proof Protocol (AOPP)

In Switzerland a Virtual Asset Service Provider (VASP)—any financial intermediary dealing with crypto assets such as Bitcoin—is legally obliged to require proof of ownership of a customer's wallet address before withdrawals and deposits can be made. AOPP is a simple and automated solution for providing proof of ownership of an self-hosted wallet's address.

Regulations

Switzerland

As of August 2019, Swiss VASPs are obliged to require proof of ownership of a wallet address for withdrawals and deposits to the non-custodial wallets of their customers.

FINMA Guidance 02/2019
Payments on the blockchain
"A transfer from or to an external wallet belonging to a third party is only possible if, as for a client relationship, the supervised institution has first verified the identity of the third party, established the identity of the beneficial owner and proven the third party´s ownership of the external wallet using suitable technical means."
Swiss Financial Market Supervisory Authority (FINMA) is the Swiss government body responsible for financial regulation.
VQF Regulations
Art. 14, Paragraph 1
"Payment transactions to and from external wallets are only permitted where the wallets are owned by a member´s own customer. The customer´s authority over the external wallet must be verified using suitable technical measures. Transactions between customers of the same member are permitted."
The Financial Services Standards Association (VQF) is Switzerland's leading self-regulatory organisation (SRO) for VASPs. As an SRO officially recognized by the FINMA, the VQF is obliged to supervise its members with regard to the combating of money laundering and the prevention of the financing of terrorism.

Features

Icon For Wallet

Compliant

Full compliance with FINMA guidance, VQF regulations, and DNBs' interpretation.

Icon For Settings-1

Excellent User Experience

Proves ownership with digital signatures instead of sending crypto assets or asking for screenshots, thereby enhancing user experience.

Icon For Cloud-upload

Private

Does not require address reuse and so preserves conventional best-practices for privacy.

Icon For Group

Easy to Implement in Wallets

Adopting the digital signature standards that Bitcoin uses makes it straightforward to implement for developers.

Icon For Chart-line#1

Decentralized

The wallet communicates directly with the VASP. No intermediary needed.

Icon For Pantone

Increases Security

Reduces risks of Man-in-the-middle attack (MITM) from crypto-malware by avoiding copy/paste of addresses.

Does AOPP Reduce My Privacy?

Copy
Link Icon

No. AOPP is a protocol that is used between a VASP (virtual asset service provider, e.g. exchange) and an end user. The VASP already knows the personal details of the end user. Nothing changes there. When a user withdraws coins from a VASP he needs to specify a destination address. Nothing changed there, too. AOPP merely digitally signs that information with the key corresponding to that address. This is a step that is non-trivial for users without a technical background. No information about the user's own wallet is leaked.

Does AOPP Automatically Share Information about Me?

Copy
Link Icon

No. AOPP requires user interaction. After clicking an AOPP URI the user has the chance to inspect the signed message and, in the case it is deemed unsuitable, abort the process.

Why Is the Signed Message In The Demo Video so Verbose?

Copy
Link Icon

The verbose signed message comes from an explainer video. The goal of an explainer video is to be very explicit, and simplify and breakdown information to the most digestible depiction possible. The signed message is configurable by the exchange and a mere user identifier or hashed value could be used. But those are concepts too confusing for an explainer video. Currently, all VASPs that use AOPP only use a unique identifier or hashed value.

Why Have Some Wallets Removed AOPP Support?

Copy
Link Icon

Upon pressure from social media users some wallets have decided to remove AOPP support. We are surprised that those wallets deem their users incapable of deciding on their own if they want to use AOPP. We can also imagine that fear of the cancel-culture has contributed to those decisions. The end result is that their users cannot easily withdraw into their own wallets and will likely keep their coins custodial.

Is This What Satoshi Envisioned?

Copy
Link Icon

The success of Bitcoin stands on the shoulders of very engaged libertarians, cypher punks and crypto-anarchists. Without their educating, evangelising and persistent efforts the world of Bitcoin wouldn’t be where it is today. We thank them a lot for this! And we see ourselves as a vital part of this community. We believe that the adoption of Bitcoin has reached a new phase. We are talking about mass adoption. Bitcoin can only succeed in its original mission if the user experience is as accessible as possible. If the community doesn’t improve usability then the trend towards custodial ownership (storing your Bitcoin on an exchange) will continue to further increase in dominance. The failure in mass adoption of PGP is a good example of how crucial the user experience is. The privacy community has failed to understand what actions were required to improve the situation. We have ended up with the monopolistic, cloud-based messenger landscape that we see today. Accounts can be blocked or deleted, and messages intercepted. AOPP is our contribution to empowering users to hold their coins in their wallets. We ask the early adopters to support the effort to make the mass adoption of Bitcoin a success story, and bring Bitcoin to a new height.

My Wallet Supports AOPP but I Don't Want to Send Additional Information to Other Parties. Should I Be Worried?

Copy
Link Icon

No. No information is sent without the wallet owner's consent. Supporting AOPP does not mean a wallet will share your information with any other party. In fact, the exchange will only send a message to the user's wallet via AOPP upon user request.

What Information Will My Wallet Send to My Exchange?

Copy
Link Icon

The information the wallet sends to the exchange is a signed message. This message can contain whatever details the exchange considers enough to fulfill their compliance obligations, but only data the exchange already knows, since it is the one who crafts the message.

What Is AOPP?

Copy
Link Icon

AOPP is designed to simplify the user experience of non-expert users who are dealing with difficulties withdrawing their funds from exchanges to their own wallets. The user experience of signing messages with wallets can be challenging and this is precisely what AOPP solves. It just makes wallet message signing easier.

How Does AOPP work?

Copy
Link Icon

AOPP allows the wallet to receive a text from a VASP (e.g. an exchange), request the user to sign it and send it back to that VASP. This means the content of the message is crafted by the exchange, so it can only have information previously known by the exchange. The user is presented with that message and asked for consent to sign it.

Just like our Travel Rule solution, our website also respects your privacy. That is why we don't use any tracking cookies.
Ok, nice!