Multi-model research swarm + Ramp Network codebase audit of wallet ownership verification at embeddable crypto on-ramps. 8 gather agents, 12 debate agents, 3 frontier model lineages. March 31, 2026.
On-ramps verify who you are but not whether the destination wallet is yours. This identity-intent gap is the central finding across all three model lineages (Google Gemini, Kimi/Moonshot, Anthropic Opus). KYC proves identity. It does not prove wallet control. The $75B figure from the University of Texas study exists because every major attack vector exploits the gap between verified person and unverified destination.
lockWalletAddress userAddress pre-fill, HMAC-signed widget URLs. Host app sets destination programmatically. Deterministic prevention.
Sumsub identity verification, Chainalysis KYT real-time screening, Reactor for cross-chain fund tracing. Identity + known-bad matching.
EIP-191, BIP-137, Ed25519 via WalletConnect/Reown. Mathematical proof of private key possession. Only active for Ireland entity, transactions >990 EUR.
Sardine: 4,800+ risk features, typing rhythm, device-holding angle. 93.75% dispute reduction for neobank clients. Detects RATs and coerced sessions.
The most effective mechanism is Tier 1: the SDK integration itself. When a wallet app embeds the on-ramp widget, the destination address is set by the host application, not typed by the user. This closes clipboard hijacking and social-engineered address swaps by removing user input entirely. Tier 3 is the gold standard but its deployment scope is narrow.
| Jurisdiction | Mandate | Threshold | Methods | Ramp Status |
|---|---|---|---|---|
| Switzerland FINMA | Must prove "power of disposal" via technical means only | 1,000 CHF (30-day agg.) | Satoshi Test, AOPP, crypto signature | Not covered |
| EU TFR Art. 14(5) | Verify self-hosted address ownership | €1,000 | Technical means; "mere statement" rejected | IE only, 990€ |
| Singapore MAS PSN01 | Verify unhosted wallet control | SGD 1,500 | Signature test, deposit test | Not covered |
| UK FCA | Risk-based approach | €1,000 for EDD | Satoshi test for higher-risk | GB not gated |
| US FinCEN | No federal mandate (rule withdrawn Aug 2024) | N/A | OFAC SDN screening only | Compliant |
| FATF | Collect info; does NOT mandate ownership proof | USD/EUR 1,000 | Defers to national implementation | Compliant |
All three model lineages agreed: regulation is the primary driver where mandates exist, but it is not universal. Switzerland is the gold standard. The US has no federal requirement. The direction of travel is toward stricter requirements globally. FATF's 2025 expansion and the AMLR timeline (July 2027) point toward convergence on the Swiss/EU model.
checkbox_confirmation to Notabene as beneficiary proof for unhosted wallets.
Full review of the ramp-instant monorepo: NestJS backend, React widget-2 frontend, DDD wallet-ownership domain, Travel Rule Notabene integration, and signature verification service.
Cryptographic verification only fires for EntityIe, amount >990 EUR, unhosted wallets. GB entity has Travel Rule but zero ownership gate. A UK user buying 5,000 EUR of crypto to an unverified wallet faces no challenge.
Signed message is static plain text with wallet address. No nonce, no timestamp, no session ID, no domain separator. A captured signature is valid forever. Should use EIP-712 typed data with domainSeparator.
For unhosted wallets, Notabene receives { type: 'checkbox_confirmation', proof: 'checked' }. This is the "mere client statement" regulators explicitly reject. When user has signed, the actual signature should be sent instead.
The instant compliance check records wallet type but never blocks. Transactions to UNKNOWN wallet types proceed without friction. Monitoring only, not gating.
Legally defensible (FinCEN rule withdrawn Aug 2024), but FIN-2025-NTC1 says operators "may require" certification. The DC AG Athena case shows liability risk of doing nothing.
Zero Sardine, SEON, or ThreatMetrix integration. No device fingerprinting for fraud scoring. Behavioral signals detect RAT-controlled sessions that chain analysis cannot.
Chains without automatic signing redirect to a support form with undefined SLA. Cosmos (amino), Polkadot (sr25519), and Tron all support message signing natively.
A completed offramp proves wallet control (user sent crypto FROM the address). FINMA explicitly accepts this method. The handler exists. The flag is off.
All wallet ownership lookups use the GB VASP DID regardless of actual service entity. Per-entity VASP DIDs are already configured in TravelRuleProviderConfigService but not used.
Victim passes all KYC checks, then enters the scammer's wallet address in the payout field. The on-ramp has no mechanism to distinguish the victim's wallet from any other valid address.
Scammer controls victim's device via AnyDesk or TeamViewer during the on-ramp flow. All device-based security checks pass because the victim's device is legitimate.
Dust transactions from vanity addresses matching the first and last 4 characters of the victim's real address. Victim copies the wrong address from transaction history.
Malicious software monitors the clipboard for strings matching crypto address patterns and silently replaces them with the attacker's address during copy-paste.
AI-generated faces and motions bypass liveness detection (head movement, blinking) in automated KYC flows. Reported by Sardine and Sumsub security researchers.
| # | Action | Effort | Impact | Reg. Risk |
|---|---|---|---|---|
| 1 | Enable offramp Satoshi test flag | Trivial | Medium | Low |
| 2 | Add nonce/timestamp to signing message | Small | High | Medium |
| 3 | Fix Notabene entity hardcode | Small | Medium | Low |
| 4 | Extend signing to GB entity (risk-based) | Medium | High | High |
| 5 | Upgrade Notabene proof from checkbox to signature | Medium | High | High |
| 6 | Reject/flag UNKNOWN wallet type in compliance check | Small | Medium | Medium |
| 7 | Add Cosmos/Polkadot/Tron signing support | Medium | Medium | Low |
| 8 | Migrate to EIP-712 typed data signing | Medium | High | Medium |
| 9 | Evaluate behavioral biometrics SDK (Sardine/SEON) | Large | High | Low |
Resolution: Both cases are correct about different things. Embedded SDK flows with address locking are structurally safer than standalone on-ramps (like crypto ATMs where 93% of deposits were scams). But the identity-intent gap remains real. Cryptographic ownership proofs are the missing piece. The infrastructure exists in the Ramp Network codebase. The deployment scope is the problem, not the technology.
What are Ramp Network's actual third-party wallet fraud rates? No on-ramp publishes this data. Without it, we can't measure whether verification prevents fraud or merely creates compliance checkboxes.
Does enabling the Satoshi test flag affect offramp completion rates? The handler is tested and ready, but could the additional confirmation step introduce drop-off in legitimate flows?
How do fraud rates compare between SDK-locked wallet flows and manual-entry wallet flows? This counterfactual would quantify the real value of Tier 1 address locking.
Would EIP-712 typed data signing reduce user drop-off vs. current plain text signing? Structured signing shows human-readable fields in the wallet, which may build trust.
What's the false positive rate on Chainalysis KYT destination screening? If it's high, the monitoring-only compliance check might be the right call. If low, it should gate.
How does ERC-4337 account abstraction affect the signer-equals-owner assumption? Multi-sig and social recovery wallets break the model that the SignatureVerificationService relies on.
Gemini Flash + Grok Fast
4 angles × 2 models
Opus orchestrator
Data sufficiency check
Gemini Pro + Kimi K2.5 + Opus
4 angles × 3 lineages
4 research angles: Bull (what's working), Bear (failures and gaps), Regulatory (jurisdictional landscape), and Technical (mechanism assessment). Each angle gathered by 2 workhorse models with web search, then debated by 3 frontier models from different AI lineages to avoid monoculture bias.
No Phase 2.5 rebuttal was needed. All four angles showed strong 3/3 consensus or clear 2-vs-1 splits with identifiable reasoning differences. The only split (Bear angle: Opus vs. Gemini/Kimi) was on the strength of the counterfactual argument, not on the diagnosis itself.
Codebase audit: 3 parallel Explore agents read the full wallet-ownership DDD domain, Travel Rule Notabene integration, signature verification service, widget frontend flows, and SDK address locking implementation. Findings were mapped against research conclusions to produce actionable recommendations.