What are non-KYC exchanges, and who uses them?

Crypto trading platforms that don’t require identity verification are known as non-KYC exchanges. These exchanges allow you to trade without the inconvenience of following Know Your Customer (KYC) procedures that include submitting documents such as identification or proof of address. 

Two examples of non-KYC exchanges that allow trading cryptocurrencies without requiring personal identification are Uniswap and PancakeSwap. Uniswap is the top non-KYC exchange, with 12 million monthly active users in August 2024 and a 60% market share. On the other hand, PancakeSwap had 1.9 million unique onsite users in August 2024.

Here are some reasons why many use non-KYC crypto exchanges:

  • Privacy and anonymity: Users who stress privacy and anonymity are keen on using non-KYC exchanges. In a world where surveillance and data breaches are becoming more frequent, the prospect of trading cryptocurrencies privately appeals to a lot of individuals. 

  • Easy access: Non-KYC transactions eliminate long, drawn-out verification procedures. You don’t need to wait for account approval or provide identification paperwork. These exchanges are especially attractive for individuals living in nations where cryptocurrency trading may be prohibited or for those without access to traditional financial systems.

  • Speed: For individuals who wish to swiftly enter the cryptocurrency space without having to wait around for identity verification, non-KYC exchanges are a huge draw. Moreover, non-KYC platforms enable the creation of multiple accounts and unrestricted fund transfers.

  • Regulatory evasion: Evading regulations is another reason why some users are drawn to non-KYC exchanges. It helps them bypass regulatory restrictions or avoid penalties. While this may lead to severe repercussions if detected, some users believe the benefits of flying under the radar outweigh the potential risks.

Risks and challenges of using non-KYC exchanges

Non-KYC exchanges offer convenience and privacy, but several risks and challenges are associated with them. Broadly, these include security and regulatory risks and limited features.

  • Security concerns: Anonymity on non-KYC exchanges may also pull in fraudsters. Moreover, if a code malfunction or a fraud-related issue occurs, there is little to no support available due to the lack of accountability from the service provider.

  • Regulatory risks: Governments worldwide are monitoring non-KYC exchanges, and it is just a matter of time before they are made a subject of law. If regulatory agencies identify individuals transacting on these exchanges via their crypto wallet addresses, these users may face stringent legal challenges.

  • Limited features: The efficiency of features on non-KYC exchanges is generally lower than on KYC exchanges. For example, on platforms like Uniswap, fiat currency withdrawals are not possible. Additionally, cryptocurrencies with low liquidity often result in fewer available trading pairs.

Did you know? By November 2023, the amount of money stored in decentralized finance (DeFi) had been worth about $50 billion. The use cases shifted to liquid staking and lending from yield farming earlier.

Decentralization: A double-edged sword among non-KYC exchanges

While decentralization aligns with the core values of privacy, freedom and autonomy, the same decentralization can lead to significant risks. Non-KYC exchanges could become fertile ground for illegal activities like money laundering and fraud. 

As the central authority is absent and the exchange is in autonomous mode, propelled by smart contracts, users may struggle to get support in case of fraud or malfunctioning of code. While some exchanges may have a community that could help the users regarding frequently asked questions, the absence of an authority means there is no one to complain to.

In most regular banks, depositors’ money is protected under insurance schemes. For instance, the Financial Services Compensation Scheme (FSCS) guarantees protection for your money up to 85,000 British pounds per person per financial institution. For joint accounts, the protection extends up to 170,000 pounds. In the United States, the Federal Deposit Insurance Corporation (FDIC) offers similar protection, insuring deposits up to $250,000 per depositor per insured bank.

Some crypto exchanges provide insurance to protect against losses caused by system or application failures. This coverage is limited and may not protect against all potential losses. In case of non-KYC exchanges, no such protection is available. In case of disputes, hacks or scams, users may suffer because of the lack of adequate protection.

Regulatory bodies have also been increasingly cracking down on decentralized platforms, putting users at risk of legal consequences, frozen assets or criminal investigations.

Notably, most cryptocurrency exchanges, even those that require KYC compliance, are not covered under traditional insurance schemes like the FSCS in the UK or FDIC in the US. 

However, some exchanges offer their own insurance policies to cover specific losses, such as theft due to hacks. These policies vary by exchange and typically cover a limited portion of users’ funds. It’s important to check the terms of the insurance offered by the exchange before trading, as the level of protection is often much lower than what traditional insurance schemes offer for fiat currency deposits.

Examples: Decentralized non-KYC exchanges being used for money laundering

While decentralized exchanges (DEXs) offer several advantages, they are often used for organized money laundering. 

Here are a couple of examples of when decentralized non-KYC exchanges were used for illegal financial activities:

Case study 1: Hydra Darknet

A well-known darknet marketplace called Hydra mostly used decentralized, non-KYC cryptocurrency exchanges for money laundering. The marketplace, primarily active in Russia, was engaged in illegal activities like fraud and the selling of drugs, funded by crypto transactions, mainly Bitcoin (BTC). 

Hydra’s operators laundered millions of dollars worth of cryptocurrency using a combination of non-KYC exchanges and Bitcoin mixers, which blend various cryptocurrency transactions to mask their source.

As DEXs don’t require identification verification, it’s simple for criminals to exchange illegal Bitcoin for legitimate cryptocurrencies without disclosing their identities. 

Hydra kept operating for years while avoiding regulatory attention, as they didn’t follow KYC procedures. As transactions are anonymous and scattered over multiple blockchains, these decentralized systems made it difficult for law enforcement to follow the flow of funds.

Case study 2: Money laundering using Tornado Cash and Ethereum

Tornado Cash, now discontinued, was used for laundering illegal Ethereum funds. Tornado Cash was a crypto mixer used for mixing potentially identifiable funds to make funds’ original source untraceable. It was revealed in 2022 that the North Korean hacking collective Lazarus had laundered more than $600 million dollars, stolen from the Axie Infinity hack by using the tumbler.

What the hackers did to hide the transaction trail was to use Tornado Cash to transfer stolen Ether (ETH) tokens to non-KYC decentralized exchanges. Multiple smart contracts in Tornado Cash accepted different quantities of ETH and ERC-20 deposits. The hackers later withdrew these deposits to a different address by providing cryptographic proof. The process broke any link between the sender and the recipient in the chain.

Did you know? The Internet Crime Complaint Center (IC3), a division of the US Federal Bureau of Investigation, recorded a surge in cryptocurrency-related financial fraud in 2023, with over 60,000 complaints filed and estimated losses exceeding $5.6 billion.

How to protect yourself when using non-KYC exchanges

When using non-KYC exchanges, it is important to be mindful of a few steps to keep your funds safe. As there is no central authority on these platforms that you could complain to, taking these security measures is imperative:

  • Use strong passwords: Create long, complicated passwords for all of your accounts. To safely store passwords, you could think of using a password manager.

  • Turn on 2FA: Activate two-factor authentication (2FA) to add an extra layer of security to your non-KYC exchange account

  • Use a virtual private network (VPN): A VPN can hide your location and encrypt your internet connection, offering more privacy.

  • Withdraw your funds:  When using DEXs, your funds should already be safe in your non-custodial wallet. But for additional security, you could transfer excess funds to a hardware wallet and keep only what’s needed in your connected wallet for trading.

  • Avoid falling for phishing schemes: To avoid visiting fraudulent websites, double-check URLs, verify smart contract addresses, and confirm emails and links.

Following these guidelines will help you lower the risks associated with using non-KYC exchanges.