Non-custodial ≠ Zero Responsibility.

Written by: Liu Honglin, Xu Yuewen

Last month, Lawyer Honglin attended the Web3 Summit in Bangkok. During the exhibition, I had discussions with several entrepreneurs focused on on-chain DeFi aggregation services. In the course of these discussions, I found that at least one entrepreneur had a serious misunderstanding of the relationship between "decentralization" and "legal compliance."

For example, many projects providing on-chain yield aggregator financial services believe that their entrepreneurial projects are based on completely decentralized smart contracts and do not "touch" user assets, so they do not need to worry about compliance issues. As a result, they simply registered a company in Singapore and started their business, with compliance costs being nearly zero.

Clearly, these friends have a significant misunderstanding of compliance. Taking advantage of the weekend at home, I decided to write an article to discuss this, hoping to provide some practical compliance advice and risk prevention guidelines for those planning to enter the on-chain financial entrepreneurship space.

Industry Status and Revenue Model Analysis

Yield aggregators are one of the classic applications in the DeFi ecosystem, primarily responsible for helping users optimize asset returns. Generally speaking, a yield aggregator acts like an automated "financial robot." Users deposit their crypto assets, and the platform monitors the yields of various DeFi protocols (such as Aave, Compound, Curve, etc.) in real-time, dynamically adjusting fund allocation based on market changes to ensure maximum returns. The term "yield aggregator" is used to better understand and describe its yield-generating properties, but essentially, it is "yield aggregation," or can be understood as "asset data and schedulers generated in pursuit of yield maximization," achieving optimal yield through intelligent scheduling strategies.

For users, depositing funds (such as BTC, ETH, USDT, etc.) into an aggregator platform for third-party DeFi projects for liquidity mining allows the platform to switch funds to higher-yielding DeFi projects based on the monitored real-time yield data, thereby helping investors achieve higher returns.

For yield aggregator platforms, they can obtain revenue in several ways:

First, from the services provided by the platform, there is a management fee, which is a certain percentage of user returns (e.g., 1%-2%) charged by the platform for monitoring relevant factual data, deploying smart contracts, and managing the funds deposited by users.

Additionally, some platforms adopt a performance-sharing model, where if user returns exceed a certain annualized return rate, the platform charges an additional performance fee on the excess (usually between 10%-20%).

Finally, there are platform incentives, where user funds are guided into cooperative agreements to obtain incentives or commissions from partners.

In theory, yield aggregators operate entirely based on on-chain smart contracts, with user funds always controlled by smart contracts, and project parties do not have access to users' crypto assets or private keys. However, if there are vulnerabilities in the contract design, hackers or project parties may exploit permissions to steal user funds. Furthermore, some centralized "yield aggregator" services require users to deposit funds into platform accounts, which means the platform has direct control over user funds, thus posing risks to fund security and transparency, which fundamentally differs from the decentralized non-custodial model.

Common Compliance Misunderstandings Among Entrepreneurs

1. Technical Decentralization ≠ Fund Security

Many entrepreneurs believe that as long as user assets are controlled by smart contracts, project parties do not need to be responsible for fund security. However, the security of smart contracts directly determines the project's survival. If there are vulnerabilities in the smart contract, hackers can exploit them through reentrancy attacks, permission control vulnerabilities, etc., leading to fund losses, and project parties cannot completely absolve themselves of responsibility. Therefore, even for decentralized projects, technical security remains crucial. Project parties must ensure that smart contracts undergo rigorous third-party security audits, regularly fix vulnerabilities, and maintain open-source code to enhance community trust and transparency. Otherwise, even decentralized technology cannot guarantee absolute security for user funds.

2. Decentralization ≠ No Need for KYC

Many yield aggregator project parties believe that as long as the platform does not custody user assets, they can bypass anti-money laundering (AML) and know your customer (KYC) requirements. However, global regulatory agencies are strengthening their scrutiny of DeFi, especially in the U.S. and EU markets, where projects providing financial services can hardly avoid KYC requirements. Ignoring this may lead to hefty fines and legal accountability.

3. Non-custodial ≠ Zero Responsibility

"We have never touched user funds," is a common explanation from many yield aggregator project parties. However, even if the platform does not directly custody user funds, project parties may still face legal responsibilities. If a smart contract has vulnerabilities or is attacked, leading to user fund losses, project parties still bear certain responsibilities. Therefore, project parties must clearly inform users of risks in the platform interface and user agreements, including potential issues such as market volatility and smart contract vulnerabilities. Additionally, consider providing users with extra protective measures, such as introducing insurance mechanisms or compensation mechanisms, which can not only mitigate user losses but also enhance the platform's credibility and trustworthiness.

4. Tax Compliance: Don't Think You Can Hide in the "Gray Area" Forever

Some entrepreneurs believe that the crypto industry is in a "gray area," so tax compliance is not an urgent matter. However, tax authorities in various countries have intensified their scrutiny of the crypto industry, and more and more countries and regions require crypto projects to report income and profits. Regardless of whether the project has engaged in cross-border transactions or whether there are partially anonymous transactions, tax compliance is an obligation that cannot be ignored. Failing to report in a timely manner may lead to hefty fines, interest, or even criminal liability in the future. Therefore, entrepreneurs should establish dedicated tax compliance teams to ensure that the platform's operating income, user profits, and any cross-border fund flows are reported in a timely and legal manner. For projects operating across borders, special attention should be paid to the differences in tax laws of various countries to avoid violations due to ignorance of local laws.

Lawyer Mankun's Compliance Recommendations

The charm of on-chain financial projects lies in innovation and technology-driven approaches, but compliance and security are the cornerstones of long-term project development. Decentralization does not equate to exemption from responsibility; entrepreneurs must not only focus on the design of smart contracts but also be well-prepared in KYC, AML, tax compliance, and market promotion. Technology may accelerate innovation, but only compliance can ensure that projects go further.

I hope this article can provide practical advice for those aspiring to enter the blockchain on-chain financial entrepreneurship space.

1. Strengthen Smart Contract Security: Security is Not a "One-Time Investment"

Smart contracts are the core of yield aggregator projects, but security should not be a one-time audit; it is a continuous process. Auditing is the starting point, and regular security monitoring, vulnerability fixes, and contract updates are equally crucial. Especially in core areas such as fund management and profit distribution, if contract vulnerabilities are exploited by hackers, the losses will be substantial.

Therefore, project parties need to establish a comprehensive contract security system to ensure that smart contracts can be continuously optimized with market changes and technological advancements. Additionally, open-source code allows the community to participate in contract reviews, which not only improves transparency but also enhances community trust. Moreover, if the platform's contract is attacked, the ability to respond quickly and fix issues is key to maintaining user trust.

2. Compliance Due Diligence: Anti-Money Laundering is Important

Do not hope to evade regulation simply because of "decentralization." Before launching a project, have a professional lawyer conduct compliance due diligence, especially regarding AML and KYC requirements. It is better to prepare for compliance in advance than to deal with regulatory investigations later, which could lead to hefty fines and legal disputes. Early reasonable compliance arrangements can not only avoid high fines but also mitigate potential legal risks. Project parties should collaborate with experienced legal advisors to ensure legal operation under the regulations of different countries and regions.

3. Tax Compliance: Post-Tax Income is Real Income

It is essential to have a compliance awareness regarding taxes! Ensure that project income and user profits are reported on time. Globally, tax regulation of cryptocurrencies and DeFi projects is gradually becoming a focus, and tax authorities have begun to intensify scrutiny of the crypto industry. Ignoring tax compliance may lead to hefty fines, interest, or even criminal liability, potentially affecting the long-term development of the project. Therefore, it is crucial to ensure tax reporting for project and user profits, ensuring compliance and avoiding unforeseen legal burdens on the project.

4. Cautious Market Promotion: Authentic Transparency for Longevity

Advertising should avoid exaggerating returns and must accurately reflect the platform's risks and returns. While short-term traffic may be tempting, long-term user trust is fundamental. Compliant market promotion not only avoids regulatory risks but also enhances brand image.

Especially in yield aggregator and other DeFi projects, the volatility of returns and contract risks are inevitable. The platform should accurately reflect key data such as risks, returns, and liquidity, and clearly inform users of potential risks. Through compliant market promotion, not only can regulatory penalties be avoided, but a stable brand image can also be established, laying the foundation for the platform's long-term development.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。