Incognito addresses triggering KYC?

I recently sent some coins from my Incognito Wallet through Coinswitch in order to swap for another token.

The exchange partner that Coinswitch used to make the exchange (Changenow), blocked the exchange of the tokens pending KYC authentication, also requesting “proof of acquisition” of the coins.

It would seem that Changenow’s terms would suggest that they would refund the original tokens if the user refused to submit this info. This hasn’t happened, and if it did/does, I imagine there’s no way for the Incognito wallet to receive the refund.

Am I correct?

More than likely this has nothing to do with Incognito. ChangeNow indicates that their KYC/AML system is automated. They also will not make their criteria for flagging a transaction public. Therefore there is really no way to say that this is for sure an issue with incognito or just a random flagging.


It’s hard to know what triggered it but I do think soon incognito’s wallet address will be tagged as a privacy layer/mixer/whatever and cause some problems in the future.

I’m hoping with the decentralized holding of funds coming there won’t be one wallet address that so clearly tracks all funds. This is probably a complex topic and definitely a moving target.

If you are withdrawing directly from incognito to a 3rd party, and that 3rd party wants to send the coins back to where they came from, they will coming from the smart contract and NOT tagged to your account. Whether the team can or will retrieve them for you using their private keys is another story–I have no idea.

It’s a pain but once you experience a situation like this you know why I do it—As a general practice I never send funds from a 3rd party to another 3rd party. I always send to a wallet address I control and then send again. Wastes some gas but better than having funds seized. (It’s not a guarantee either—firms like chainalysis say on their website they look at the last 4 transactions in chain to determine if any of those wallets are tagged with any blacklist or tagged as high risk).


@marko Thanks, had I suspected this kind of thing might have happened, I may not even had utilized Incognito to begin with. I’m now in the predicament of all my assets having at some point been filtered through Incognito. I wonder whether I will encounter problems when cashing out time comes.

In your opinion, is asset seizing a likely outcome if an exchange like binance identifies a blacklisted/high risk address in the last transactions before having arrived to their wallet? And if you’re comfortable sharing, what is your personal approach to avoiding this possibility?

Thanks Marko

1 Like

Are you using a vpn or Tor?? Which exchange is it?

I had a very long post that I saved and might post later—it’s a complicated answer because we don’t really know what what they risk factors they are looking for. Your IP address is also probably a factor. I doubt using incognito by itself will cause a problem. It’s probably some other risk factors like IP address being a VPN or maybe even being in a high risk jurisdiction like Iran (or the USA haha).

1 Like


I sent the tokens from my Incognito Wallet, on my phone, and I don’t use a VPN on my phone’s connection. And I’m not in Iran, or the US :slight_smile:

So if I had to guess, I’d guess it had mostly to do with the Incognito address. But who knows, could have been “random” which perhaps is even worse.

And if you do post (or have a link to) your “strategy” I, and I believe other, will really appreciate taking a look.


1 Like

Where else have you sent coins to from YOUR incognito address??

@jtmh I have sent from Incognito wallet to other private wallets I have generated where I plan to store long term

1 Like

That really doesn’t matter as coins for everyone are sent from the same address. In theory a bad actor could get incognito’s address flagged (it’s probably multiple issues that slowly, and over time, assign a higher risk score). And depending on the transaction you are doing, and who you are, and how the exchanges want to set the thresholds of what triggers risks—will determine if you get flagged.

I don’t know what exchanges do if they recieve coins, request KYC, but the user does not comply. I don’t have experience with binance specifically but I know that HitBTC held my funds for turning on 2FA–my account had a small balance so I didn’t bother but I was planning to use it so I enabled security and bam—account locked, kyc requested. I actually sent them KYC but they said my ID is from a different country than it was from and it’s been ongoing for 8 months I think for them to review it. However, when they determined I was from an ineligible country, they let me withdraw. I think it took 4-5 months to get them to make even their first determination on KYC and I’ve been waiting 3-4 months for the escalation.

That’s very different than attempting a transaction that gets flagged, rather than my apparent user behavior.

My strategy for centralized exchanges is logging in through a residential IP address (not work or VPN) regularly, doing more and more transactions, refrain from changing my security settings once everything is set up including 2FA, and don’t try to change your email address. I figure that keeps their systems knowing I am a frequent customer and doing normal things. (It’s akin to the credit card companies freezing your credit card if they suspect unusual behavior. Just do lots of stuff and it all becomes usual behavior). My theory (unproven) is that if a questionable deposit comes in and my other risk factors on my account is good, that it’s more likely to go through.

My next step is to use DEXes when I can, if it’s all on ethereum. You will pay gas but there is zero chance of funds getting locked. There are very few players that do cross chain swaps in a trustless way.

There is no prescription for you or even myself because:

  1. There are other factors that assign your account risk besides your incoming deposit transaction and the history of those coins
  2. We don’t know what blockchain analytics firms actually know about us and furthermore we don’t know what risk is acceptable to each exchange. The analytics firms are probably not telling an exchange not to process it unless the address is specifically on a blacklist. They are probably providing a scoring model similar to a credit score perhaps.

Oh—and although I have sent transactions from incognito directly to a 3rd party exchange, I think it’s a best practice to always send to an intermediary wallet first. That way if the coins get returned to the wallet that sent them, it will be your wallet. That begs the question, @Peter if the OP happens to get the coins sent back to the smart contract wallet address because he can’t pass their kyc trigger, is the team able and/or willing to manually retrieve them? I know this isn’t something you want to always do but at least for now this is likely an isolated incident.


Thanks Marko, I really appreciate your insight, and it all makes pretty good sense. I’ve come to the conclusion that VPNs are more of a risk than anything else.

@Peter if I do manage to get the coins returned, are you able to help me retrieve them to my wallet? I think I may have finally convinced them to proceed with a refund… hopefully.


ChangeNow swap ETH -> ???
If you didnt try to swap eth, i dont know, but that might be one of the reasons

1 Like