What Coinbase isn’t telling you about Base

On February 23, 2023, Coinbase announced that it would be developing a Layer 2 network built on Ethereum called Base, promoting it as offering “a secure, low-cost, developer-friendly way for anyone, anywhere, to build decentralized apps.”

If you’re new to the concept of Ethereum Layer 2 (L2) networks, think of them as blockchains that are built on top of Ethereum, essentially adding another “layer” of transactions on top of Ethereum’s proof-of-stake network. These L2 blockchains typically use ETH as their base currency and offer bridges to and from Ethereum for moving funds around. (If you’d like to learn more about L2s, L2Beat’s FAQ page is a good place to start.)

Among the best known Ethereum L2 networks are Arbitrum, Optimism, zkSync and Aztec. Coinbase chose to utilize the Optimism software stack as its starting point for building its own Layer 2.

All of the existing L2 networks can be considered to be quite centralized from an infrastructure point-of-view. They all utilize centralized “sequencers”, which are nodes that construct and execute L2 blocks while also transmitting users’ actions from L2 to L1. In essence, these sequencers are responsible for “processing” all user transactions on the L2.

Due to the centralized nature of networks like Arbitrum and Optimism, questions have been raised about how much responsibility the companies behind these two networks should have for the contents of the transactions that they’re processing. However, since Arbitrum and Optimism are not (yet) recognized as “money transmitters” by any government, they have largely escaped regulation.

Coinbase, however, has been a recognized money transmitter for years and is registered with FinCEN as a “Money Services Business”. You can learn more about Coinbase’s compliance efforts from their own website.

Now, here’s where things get a bit concerning: Coinbase, has announced, via Bankless, that it will be running Base’s sole sequencer at launch.

This means that Coinbase, a licensed money transmitter that is required to comply with the Patriot Act and Bank Secrecy Act, will be entirely responsible for processing all Base L2 transactions.

This begs the question: will all funds that are bridged to Base require identify verification by Coinbase (KYC) before the bridging is allowed? If so, then Base will be the first-ever KYC-only Ethereum L2.

In interviews, tweets and blog posts, Base lead Jesse Pollak and Coinbase proxies like Bankless have been very careful to say that Base will be permissionless… to build on (see above tweet). However they have never explicitly said that it will be permissionless to use and have gone out of their way to avoid saying this. In fact, during an entire 1+ hour interview that Bankless did with Pollak, the question about KYC or permissionlessness for users never came up (despite many, many opportunities for it to do so).

I have directly asked both Coinbase and Pollak the following questions several times through Twitter and Discord:

  • Will KYC compliance be required to bridge funds to Base?
  • If not, then as sole sequencer, how does Coinbase plan to comply with its existing obligations under the Bank Secrecy and Patriot Acts?

The only reply that I’ve received so far is in this interaction from Pollak:

In this reply, Pollak has artfully dodged giving any direct answers to the questions that I posed. Instead, he has stated yet again that Coinbase intends for the network to be “permissionless” and “decentralized” and “open, global, accessible”. To the average bear, it would appear that he’s saying that anyone will be able to use Base. But he didn’t say that at all. Instead of directly answering the questions I posed, Pollak offered up a statement that sounded like it’s been carefully vetted by Coinbase Legal. It’s what he didn’t say – and what’s not mentioned in the blog post that he included – that we need to pay very careful attention to here.

Why would Coinbase be dodgy on answering these questions? It seems like they simply don’t want DeFi users to be thinking about these issues and don’t mind obfuscating the reality of the situation while developers start building on their network.

Any rational and logical thinker in this space can see the following:

  • Coinbase has been a recognized money transmitter, subject to the Bank Secrecy Act and the Patriot Act, since its inception in 2012.
  • Coinbase is required, by law, to perform KYC identity verification on all of its depositors so that its depositors’ funds can be adequately tracked and surveilled by the US Government.
  • Coinbase will be the sole sequencer for Base L2, meaning that it will be solely responsible for all transactions that pass through the network.
  • As the sole sequencer, Coinbase has the ability to block or re-order transactions on Base in any way that it sees fit. It’s in the perfect position to censor Base transactions.
  • Permitting open bridging to Base (either from Ethereum L1 or other L2s and sidechains) would mean that non-KYC funds from unknown sources would be processed by Coinbase’s sequencer, placing Coinbase in violation of US law.
  • Therefore, it’s entirely reasonable to believe that Coinbase will only allow users to bridge funds on to Base from the Coinbase exchange itself, since all funds there are already KYC-verified by Coinbase.

Coinbase’s failure to confirm or deny this completely rational conclusion leads me to believe that the answer is something that DeFi users who are excited about Base won’t want to hear. That’s likely why Coinbase is pushing off answering this question until it gets enough devs and projects building on Base. Announcing that Base will be Ethereum’s first KYC-only Layer 2 network will be a headline-grabbing event and will bring attention that Coinbase doesn’t want or need right now, since it could easily result in builders choosing to back off of the new L2.

Why does any of this matter? DeFi was originally marketed as a way to “fight back against banks” in 2019-2020. This was the common theme until we discovered just how much centralized control (via admin keys) was retained by dev teams and their investors in early 2020. Since then, it has been a constant struggle to force DeFi teams to stay honest about the level of centralized control that they have over users’ deposits. Now, if we see the introduction of a KYC-only chain, that centralized control will just be one step away from being handed off to the government and the banks that they prop up.

Isn’t it ironic that “DeFi” is heading toward being controlled by the entities that it was originally supposed to be battling? Is this an accident, or is this the way that its creators always knew it would end up? Personally, I believe the latter.

Whether or not Coinbase will require KYC to bridge funds to Base, it is clear that they are being evasive about the issue by refusing to answer direct questions. Organizations like Coinbase going to great lengths to hide hard truths is unfortunately a common (and deceptive) practice in crypto. Exposing these situations is the exact reason that I created Blec Report.

I’ll post more updates on this topic as the situation develops. Stay tuned.