This Is HUGE
← February 26, 2026 edition

zyphe-decentralized-kyc-for-web3-developers

Decentralized KYC for a world that was supposed to be decentralized.

Crypto Built a Decentralized World. Then Asked You to Upload Your Passport to a Server.

By Sarah Munroe

Identity VerificationCryptoPrivacyWeb3Compliance
Visit Official Site →
Crypto Built a Decentralized World. Then Asked You to Upload Your Passport to a Server.

The Macro: Crypto’s Most Embarrassing Contradiction

The pitch for cryptocurrency was always about cutting out the middleman. No banks. No gatekeepers. No third party holding your assets, making decisions about your money, failing you during a wire transfer at 4 PM on a Friday. The blockchain was the infrastructure; you were in control.

Then you tried to actually use a crypto exchange, and the first screen asked you to upload a photo of your passport.

This is the central contradiction that the blockchain industry has spent a decade quietly ignoring. Decentralized finance runs on centralized identity. Every regulated exchange — Coinbase, Kraken, Binance, every compliant onramp to the crypto economy — must verify the identity of its users under Know Your Customer regulations. Those regulations exist for legitimate reasons: preventing money laundering, terrorist financing, tax evasion. The rules are not going away.

What those rules do not require, in their text, is that all the collected identity data be stored on a centralized server indefinitely. That is just how it has always been done. And it has created an enormous, predictable problem.

In 2021, a database breach at a major identity verification vendor exposed the KYC documents of users across dozens of crypto platforms — passport scans, selfies, utility bills, all in one place, all extracted in one attack. In 2023, Coinbase disclosed that approximately 6,000 customer accounts had been targeted using KYC data obtained from a third-party vendor. The list goes on. The pattern is consistent: centralized KYC creates a high-value target, the target gets hit, users pay the price.

For people who chose crypto partly because they did not trust banks with their money, discovering that their identity documents were sitting on a vendor’s server somewhere in a poorly-secured database was not a minor irony. It was a betrayal of the whole premise.

The Micro: Three Founders, One Obvious Problem

Michelangelo Frigo, Charlene Wang, and Manuel Tumiati founded Zyphe in 2021. They came from inside the crypto and compliance world — people who understood both the regulatory requirements and the technical architecture of decentralized systems — and they built the company specifically to address the contradiction they saw every day.

The insight was not complicated, but it required taking it seriously: the thing that makes centralized KYC dangerous is not the verification step. It is the storage. Financial regulations require institutions to verify identity. They do not require institutions to become permanent custodians of identity documents for every user who has ever passed through their onboarding flow.

Zyphe’s platform performs full KYC, KYB, and AML verification — government ID checks, liveness detection, document authentication, sanctions screening across 190+ countries — and then does not hold the raw documents. Credential data is sharded and distributed across nodes, so no single point of failure contains a complete, recoverable identity record. Verification results are stored cryptographically, satisfying regulatory audit requirements without maintaining a centralized archive that can be stolen in bulk.

For crypto exchanges and Web3 platforms — the natural first market — the value proposition is close to obvious. You can offer your users compliant onboarding without becoming a honeypot for the exact kind of centralized attack that the people using your platform chose crypto specifically to avoid.

“Zyphe’s decentralized model represents a critical leap forward,” said Jenny Fielding of Everywhere Ventures, one of Zyphe’s investors. “The demand for user-controlled data systems is not a niche concern. It is where the entire digital economy is heading.”

How It Actually Works

The technical foundation of Zyphe’s platform sits at the intersection of two distinct fields: compliance engineering and cryptography.

On the compliance side, Zyphe integrates the full stack of regulatory requirements — KYC identity verification, KYB business verification, AML screening — into a single API that platforms can connect to in days rather than months. The verification pipeline handles document capture, identity matching, sanctions list checks, and ongoing monitoring. The compliance output satisfies the requirements of regulated financial institutions in 190+ countries.

On the cryptography side, Zyphe uses sharded storage to distribute credential fragments across multiple nodes rather than consolidating them in one location. The sharding scheme ensures that the data required to reconstruct a full identity profile never exists in one place. A breach of any individual node yields fragments — mathematically useless without the others.

This is not a theoretical design. Protocol Labs, the organization behind IPFS and Filecoin, uses Zyphe for identity verification during global user onboarding. “Zyphe’s uncompromising commitment to privacy allows us to seamlessly onboard global users while ensuring enhanced data security,” said Galen McAndrew of Protocol Labs. The endorsement matters: Protocol Labs is one of the organizations that has done the most to build the infrastructure for a genuinely decentralized internet. When they choose a KYC provider, they are not choosing arbitrarily.

Other customers in the ecosystem include Supra, Yescoin, and Spendbase — each a Web3-adjacent platform navigating the same regulatory requirements as every other participant in the digital financial system, and each reaching the same conclusion about where to put their identity verification infrastructure.

The Money and the Mandate

Zyphe raised a funding round in July 2025 from a group of investors that includes Altitude Ventures, Azimut Group, Everywhere Ventures, ROI Ventures, and a consortium of angel investors across multiple continents. The capital is being deployed toward accelerating growth, expanding the platform’s geographic coverage, and building out the enterprise compliance product.

The timing of the raise reflects a broader market shift. Data privacy regulation is tightening globally — not just in the European Union, where GDPR has already moved institutions toward data minimization, but in the United States, where state-level privacy laws are proliferating and federal attention is increasing. For compliance platforms, that regulatory trend functions as a tailwind: institutions that were comfortable with centralized KYC five years ago are now actively asking whether they have to keep doing it that way.

Meanwhile, the crypto industry’s own maturation is creating institutional demand for compliant infrastructure that actually reflects the values of the ecosystem. Institutional asset managers entering the space, regulated custodians, and licensed exchanges all need KYC. Many of them are large enough to care about the reputational and liability risk of a mass identity data breach. A platform that decouples verification from centralized storage is, increasingly, the obvious choice.

What’s Next

Zyphe’s roadmap points toward deeper enterprise integration and broader geographic expansion. The compliance landscape in emerging markets — Southeast Asia, Latin America, Sub-Saharan Africa — involves fragmented regulatory environments and populations that have historically been excluded from formal financial systems. Decentralized identity verification, which does not require a legacy data infrastructure, has practical advantages in markets where that infrastructure does not yet exist.

There is also a longer-term technical trajectory. Zero-knowledge proofs — the cryptographic technique that allows a party to prove a fact without revealing the underlying data — are becoming more computationally practical every year, as proof systems improve and hardware accelerators catch up. Zyphe’s architecture is positioned to incorporate more aggressive privacy-preserving techniques as they mature.

The immediate story, though, is about fixing something that should have been fixed at the beginning. Crypto was built as a counterweight to concentrated financial power. Its KYC infrastructure, almost as an afterthought, recreated exactly the kind of centralized, high-value data repository that attracted every data thief with a competent engineering team.

Zyphe was built from inside that world, by people who understood both sides of the problem, and who decided that the contradiction had gone on long enough.

Follow Zyphe: LinkedIn · X · Facebook

Visit Official Site →
← Back to February 26, 2026 edition

More on this

Nobody Reads the Terms. Termsy Is Betting That's Actually a Product Opportunity.

A Chrome extension that summarizes the legal fine print you've been clicking through for twenty years — sensible idea, crowded-ish space, 105 users so far.