1 of 9

Does Bitcoin need AML-compliant metaprotocols?

PlebFi 2025

Josh Doman

2 of 9

Feb 6, 2025

- I opened a PR into ord for “AML-compliant freezable runes”

- Proved a little controversial

Controversy

3 of 9

Non-custodial Bitcoin capital markets require AML-compliance

  • A growing number of public companies are adopting Bitcoin treasury strategies

  • Bitcoin users want access but do not want to sacrifice self-custody

  • Real world assets (stocks, stablecoins, etc.) fall under physical jurisdictions, which require issuers to comply with AML laws

Why AML-compliance?

(AML = Anti-Money Laundering)

4 of 9

What does AML-compliance look like?

  • AML-compliance requires the ability to freeze or blacklist sanctioned addresses
    • Requires an order from the relevant agency
    • Ex: Office of Foreign Assets Control (OFAC)

  • Stablecoins and securities issued outside the US can otherwise remain freely transferable
    • Securities issued within the US must be KYC’d on each transfer under current regulations

Why AML-compliance?

5 of 9

Recent news

(All OFAC-compliant, but freely transferable)

Why AML-compliance?

6 of 9

Why Runes over Taproot Assets?

Technical Deep-Dive

Transparency

Simplicity

Popularity

  • Runes is an OP_RETURN based metaprotocol -> fully onchain

  • Taproot Assets requires off-chain proofs, and issuers can silently freeze balances at any time
  • Runes is simple, minimalist, and easier for wallets and marketplaces to support

  • Taproot Assets requires integrations with each issuer’s “Universe”
  • Runes has proven usage and is integrated into many wallets and PSBT-based marketplaces

7 of 9

How I built “freezable” runes

  1. Issuers etch a freezable rune by including an admin tag that identifies the admin rune

  • Balances are frozen and unfrozen using freeze and unfreeze tags followed by a freeze edict
    1. UTXOs are identified by the block number, tx index, and output index
    2. Edicts are only authorized if an input contains the admin rune

  • Frozen balances are considered lost if spent
    • Lost runes can be reissued by anyone who owns the admin rune

Technical Deep-Dive

(Uses even tag so that older versions of ord consider etching a cenotaph)

8 of 9

Future work

There are several areas where there’s room for improvement:

  1. The admin rune should be explicitly non-upgradeable, so that users always know which balances are frozen

  • For DOS protection, freezing a UTXO should freeze all future UTXOs with the same scriptPubKey

  • For efficiency, issuers should be able to delegate, freezing all UTXOs with a scriptPubKey frozen by another rune

Technical Deep-Dive

9 of 9

Questions?