Close Menu
Crypto Valley Journal
    Facebook X (Twitter) Instagram
    Crypto Valley Journal
    • Hot Topics
      • News
      • Minds
    • Focus
      • Background
      • Blockchain
      • Legal & Compliance
      • Non-Fungible Token (NFTs)
    • Investing
      • Markets
      • Financial Products
      • Decentralized Finance (DeFi)
      • Exchange overview
    • Education
      • Basics
      • Glossary
      • Politicians on crypto
    • Statistics
      • Bitcoin-ETF-Flows
      • Ethereum-ETF-Flows
      • Crypto market data
      • On-chain data
    • Academy
      • Overview
      • Part 1: Blockchain
      • Part 2: Money
      • Part 3: Bitcoin
      • Part 4: Cryptocurrencies
      • Part 5: Decentralized Finance
      • Part 6: Investing
    • English
      • Deutsch
    Crypto Valley Journal
    You are at:Home » Focus » Background » Understanding wallet ownership verification methods for VASPs

    Understanding wallet ownership verification methods for VASPs

    By 21 Analytics on 13. April 2023 Background

    With the growing use of virtual assets, the Financial Action Task Force (FATF) has issued guidance for virtual asset service providers (VASPs) to verify wallet ownership during transactions. This is to prevent the risk of processing a transaction to a sanctioned entity, especially when it involves an unhosted wallet.

    An unhosted wallet is used to store digital assets. The wallet owner has complete control of their private key, which is needed to conduct transfers. Unhosted wallets are also called self-hosted wallets, private or crypto wallets. VASPs do not provide these wallets; popular examples include hardware wallets like BitBox 02 and Trezor or mobile wallets like BlueWallet and Edge. Other examples of unhosted wallets include paper wallets, where the wallet user records their private key and addresses on a piece of paper or desktop wallets like Electrum and Metamask.

    VASPs have to prove wallet ownership

    The Financial Action Task Force (FATF) released its final Travel Rule guidance in October 2021. The guidance stipulated that virtual asset service providers (VASPs) are to verify, obtain and hold originator and beneficiary information for transactions. Virtual asset service providers (VASPs) can prove wallet ownership in 4 manners, namely, via visual proofs, a Satoshi Test, manual signing or through Address Ownership Proof Protocol (AOPP).

    Subscribe to our newsletter

    The best articles of the week, directly delivered into your mailbox.

    In addition to this, unhosted wallets have fallen into its scope. Unhosted wallets are privately owned; VASPs have no way of knowing to whom they are transferring funds and could stand the risk of processing a transaction to a sanctioned entity. The FATF recommended that for transactions involving an unhosted wallet and a VASP, VASPs are to request proof of wallet ownership to remedy this issue.

    Visual Proofs explained

    A visual proof can include a screenshot of the wallet software displaying the address the wallet user wants to use for the transaction or a video clip showing the wallet address. The proof is then sent to a VASP who verifies that the address in the image matches the desired withdrawal address; if the addresses match, the transaction will go ahead.

    Visual Proof pros:

    • It’s familiar and easy to perform for users
    • It works with every wallet

    Visual Proof cons:

    • Visual proofs are sensitive to fraud and can be tampered
    • Time-consuming and error-prone, as the image needs to be examined by the VASP’s compliance staff
    • Transfer turnaround time is slower due to the manual inspection element, resulting in a poor user experience
    • It’s impossible to automate due to the vast amount of unhosted wallets available
    • It encourages address reuse due to VASPs trying to avoid inspections

    The Satoshi Test

    The wallet user will initiate the withdrawal process. The user and the VASP will agree on sending a very small number of funds - in Bitcoin, a couple of Satoshis - in a specific timeframe to verify wallet ownership. If the user is able to do this, it serves as wallet ownership proof.

    Satoshi Test pros:

    • The process can be automated on the VASP’s side
    • It’s safer than screenshots, as anyone with basic computer or cellphone knowledge can manipulate screenshots
    • It’s easier than manual signing; most crypto users face difficulties when requested to sign a message with their wallet

    Satoshi Test cons:

    • It’s not free, while the transferred amount can be returned; transaction fees can't
    • The process can be slow as it is not fully automated; manpower is needed for reviews and responses to the proof
    • Some VASPs charge users for the process due to manpower used for review; in turn, address reuse is encouraged to save money
    • Sending from specific addresses is a non-trivial task with UTXO-based cryptocurrencies, like Bitcoin, and often not possible with a wallet
    • It’s a cumbersome and friction-filled process resulting in a poor experience for the customer, who usually requires support to perform it

    Verification through Manual Signing

    The manual signing method verifies wallet ownership through a digital signature. The wallet user will initiate the transaction then the VASP will issue a message for the user to sign. This message issued by the VASP will need to be copied and pasted into the user’s wallet software and signed by the user. This signed message is then returned to the VASP. A VASP can manually add this signature to its software, or the user can manually add it to their software (where it will appear on the VASP’s software).

    Manual Signing pros:

    • It’s a cryptographically secure proof of ownership
    • The process can be automated for the VASP

    Manual Signing Cons:

    • Not all wallets support it
    • Only advanced wallet users know how to execute this method; therefore, it isn’t ideal for average crypto wallet users

    Address Ownership Proof Protocol (AOPP): the easiest method?

    AOPP is very similar to the manual signing method above - it provides ownership proofs through digital signatures but is entirely automated. AOPP connects to the VASP without the wallet user having to copy and paste any messages or addresses. The VASP provides the user with a link, or QR code, that, when clicked or scanned, sends a message to the unhosted wallet. The user signs this message, which is automatically sent back to the VASP, all in under 3 minutes.

    AOPP pros:

    • The process is fully automated upon user demand
    • It’s safer than the screenshot option
    • It’s easier than manual signing
    • There's no reason to reuse addresses, thus enhancing the privacy of the user and the VASP
    • Malware attacks are minimised as there is no copying and pasting of addresses
    • It’s fast; wallet ownership can be verified in seconds
    • It’s Travel Rule and General Data Protection Regulation (GDPR) compliant

    AOPP cons:

    • Only some wallets support it, but there is ongoing work on wallet support for various hardware and software wallets.
    Share. Facebook Twitter LinkedIn Email Telegram WhatsApp

    About the author

    21 Analytics
    • Website

    21 Analytics provides Travel Rule Compliance Software that enables transactions with VASPs and unhosted wallets, with guaranteed data protection. Founded by Bitcoiners working in the blockchain industry since 2014, 21 Analytics leverages its knowledge and experience to advance its ethos of combining compliance with data protection.

    Related Articles

    18 percent hold crypto assets in Switzerland, an IFZ and LUKB study shows. Banks see potential for up to 1 million advisory clients.

    HSLU and LUKB study: 18% of the Swiss population hold crypto assets

    The four-year Bitcoin cycle remains intact

    The EU Parliament's ECON committee has approved the legal framework for the digital euro and ordered trilogue negotiations to begin.

    EU Parliament approves legal framework for the digital euro

    Ethereum Institutional launches as a non-profit from Bitmine, Sharplink, and Joe Lubin, a new point of contact for banks and asset managers.
    3. July 2026

    Ethereum Institutional becomes Wall Street’s point of contact

    Six Swiss crypto service providers secured MiCA authorization. AMINA was the world's first; Sygnum and Bitcoin Suisse followed later.
    2. July 2026

    Seven Swiss crypto service providers secure MiCA authorization

    Robinhood Perpetual Futures in Europe now cover commodities and currencies, and the broker plans a crypto launch in the United Kingdom.
    2. July 2026

    Robinhood Perpetual Futures expand to commodities in Europe

    twitter image button instagram image button linkedin image button youtube image button

    About Crypto Valley Journal
    About Crypto Valley Journal

    On the pulse of the movement

    • Academy
    • Contact
    • Advertising
    • About us
    • Partner
    • Imprint
    • Privacy
    • Disclaimer
    Search

    Type above and press Enter to search. Press Esc to cancel.