Perpetually KYC'd Coins Using Evil Covenants

The discussion revolves around the intricacies and potential vulnerabilities of the Know Your Customer (KYC) covenant mechanism, specifically highlighting how it could be manipulated despite its intended security measures. The KYC covenant allows for secure transactions by enabling governments to sign transactions offline using air-gapped devices and by permitting them to remove addresses from the whitelist on a bi-weekly basis. However, this feature also presents a significant drawback; if an address is compromised, authorities may find the two-week window too lengthy, as it gives ample time for malicious use before removal.

The safety assured by the KYC covenant in preventing theft is questioned, given the prevalent fraud within existing KYC banking systems. Attackers have devised numerous methods to bypass security measures and steal funds, which could similarly be applied to the KYC covenants. These include employing money mules, taking over accounts, and identity theft to circumvent restrictions and illicitly transfer KYC'd coins. Such tactics highlight the potential for sophisticated fraud schemes that mimic those found in traditional banking, suggesting that claims of the impossibility of theft under KYC covenants might be overly optimistic.

Furthermore, the conversation touches upon the possibility of implementing alternatives to current systems, such as trustless mechanisms that do not rely on conventional KYC protocols. Specifically mentioned are Railgun and Privacy Pools, which could theoretically be established on Bitcoin through the use of OP_CAT. This operation would facilitate the creation of a trustless bridge to an Ethereum Virtual Machine (EVM)-compatible rollup, onto which open-source smart contracts for Railgun or Privacy Pools could then be deployed. This approach offers a glimpse into how blockchain technology could evolve to incorporate privacy and security features without relying heavily on potentially fallible KYC measures.