Meet the Top 101 in Crypto
Privacy
Complexity Icon Easy
7 min read

Traditional KYC Creates “Giant Honeypots” of Data, Says Shady El Damaty

Published 14 October 2025
Prashant Jha
Authors

The evolution of digital identity systems is critical in an era when data breaches and privacy concerns dominate headlines. 

CCN talked to Shady El Damaty, co-founder at Holonym, a digital identity-focused protocol, to discuss the transformative potential of decentralized identity systems, zero-knowledge proofs, and the future of privacy in the Web3 space.

The NeuroScience Connection

El Damaty’s journey into digital identity is unconventional. With a PhD in neuroscience, he initially focused on solving data-sharing challenges in scientific research. 

“My background is actually a little bit atypical… I was interested in looking at digital identity from the perspective of patient medical records. Specifically, how do we build better data sets for scientific analysis across different data consortia?” he explained. 

This led him to explore decentralized science (DeSci) and Web3 architectures in 2020 and 2021, where he “built really some of the very first functional implementations of what science running on Web3 architecture could look like.”

Addressing Real-World Problems with Decentralized Identity

Holonym’s early success came from addressing practical challenges in the Web3 space. One notable client was the former U.S. presidential candidate Andrew Yang, who launched a DAO called Lobby 3 to raise crypto funds for political campaigns.

“Andrew Yang… launched a DAO to raise crypto funds for political campaigns… The problem was that if they were going actually to use this for campaign finance, they needed to KYC all of the DAO members,” El Damaty recounted

Holonym stepped in with a zero-knowledge KYC solution, enabling users to prove U.S. residency without exposing sensitive data. “We stepped in and helped them out by… having users do ZK KYC and proving that an address was a US resident so that the treasury funds that they voted on could actually be used.”

The Risks of Traditional KYC Systems

El Damaty highlighted the vulnerabilities of traditional KYC (Know Your Customer) systems, which often rely on centralized data aggregators.

“Most existing models of KYC all do the same thing… they verify whether a government ID is valid… There are three or four data aggregators that let you interact with government databases,” he explained. 

These systems create “giant honeypots” of valuable data, making them prime targets for hackers. “It happens all the time. It happens to the best, right? Even Coinbase has suffered a massive data breach,” he added.

Holonym’s approach is different: it prioritizes user control and minimizes data exposure

“Wherever we can, we have a client custody of data… You do the verification, the computation occurs on the device, and you just share a proof that the computation ran correctly,” El Damaty said. This ensures that sensitive data remains with the user, reducing the risk of breaches.

Zero-Knowledge Proofs: Privacy Without Compromise

Zero-knowledge proofs are at the heart of Holonym’s technology, enabling privacy-preserving identity verification. For users unfamiliar with the tech, El Damaty keeps it simple: 

“We don’t explain it to them at all, actually… Just understand that this is a privacy-enhanced technology.” The computation happens on the user’s device, and “they might need to wait a little bit longer for the computation to occur… but not much longer.”

Holonym has also developed innovative solutions like “proof of clean hands” for Aztec, a privacy-focused Layer 2 blockchain

This allows users to prove they’re not on sanctions lists without revealing their identity. “Proof of clean hands basically lets you prove that your hands are clean, that you’re not on a sanctions list… and it does so with ZK,” El Damaty explained. This balances privacy with compliance, ensuring pseudonymity unless a valid court order is presented.

The Dangers of Biometric Data Leaks

When asked about the most dangerous types of identity leaks, El Damaty didn’t hesitate:

 “It’s absolutely biometrics… any sort of leak of iris data, fingerprint data, like face matched with other likeness… is really dangerous.” 

He warned of threats from both individual hackers and state actors. “On the flip side, the worst side is actually state actors… actual governments that now know everything about you,” he said, citing examples like tracking consumer behavior or monitoring compliance with state-approved activities.

Holonym’s design mitigates these risks by avoiding centralized data storage. “If a hacker was trying to get your information… there’s nothing there for them to hack… They would have to break post-quantum encryption to do so,” El Damaty noted, emphasizing the impracticality of such an attack.

Tips for Securing Digital Identity

El Damaty offered practical advice to non-expert users looking to protect their digital identities. First, “do a scan of the dark web… use tools like Have I Been Pwned” to assess data exposure. 

Second, privacy-enhancing browsing tech, such as custom operating systems on devices like the Google Pixel, can be adopted, which allows users to block trackers. 

“I can prevent trackers… creating profiles on me,” he said. Finally, for crypto users, he advised caution with on-chain activities: “Your entire on-chain history is like a fingerprint… use privacy tech whenever you can… [and] make sure you’re constantly rotating your keys.”

Weak Links in the Ecosystem

El Damaty identified RPC (Remote Procedure Call) endpoints as a significant vulnerability in the blockchain ecosystem. 

“The biggest one that people have been talking about… is the RPC endpoints… whoever’s running that service or that server… can see all the associations between everyone,” he explained. 

These centralized points, used by providers like Alchemy or Moralis, create risks that decentralized solutions like DRPC (Decentralized RPC) could address, though such solutions are still in development.

Winning Over Skeptics

For those skeptical of Web3 identity systems due to scams or complexity, El Damaty emphasized the technology’s roots in everyday applications.

 “The government already uses cryptography. If you have a passport, it has Web3 technology in it… a cryptographically signed attestation from the government,” he said. Web3 builds on this by distributing trust across a wider infrastructure, enhancing individual sovereignty through encryption and privacy.

The Future of Decentralized Identity

Looking five years ahead, El Damaty envisions a world where privacy is the default. 

“Transactions will probably be by default private, identity will be by default private… There’ll be no centralized honeypots where people can just hack,” he predicted. 

He expects greater adoption of zero-knowledge proofs, driven by their post-quantum security properties and growing concerns over data breaches, such as India’s Aadhaar system. “If you’re a government setting up a digital identity system… you’re thinking about security,” he said.

Integration with Traditional Systems

El Damaty sees immediate opportunities for Web3 identity solutions in traditional systems, particularly with mobile driver’s licenses. 

“There’s an opportunity right now with the digitization of mobile driver’s licenses… there’s a big opportunity for app developers to integrate privacy-preserving tech,” he noted. 

Financial markets, hesitant to fully embrace blockchain without privacy guarantees, are also poised for transformation. “The emergence of Maiden and Aztec… is really going to push institutions to adopt privacy technology,” he added.

El Damaty’s vision is clear: decentralized identity systems, powered by zero-knowledge proofs, pave the way for a more secure and private digital world. “This tech specifically is intended to enhance individual sovereignty and power through encryption and privacy,” he emphasized.

Disclaimer: The information provided in this article is for informational purposes only. It is not intended to be, nor should it be construed as, financial advice. We do not make any warranties regarding the completeness, reliability, or accuracy of this information. All investments involve risk, and past performance does not guarantee future results. We recommend consulting a financial advisor before making any investment decisions.
Prashant Jha

Prashant Jha is a seasoned crypto journalist based in Delhi, India, with a Bachelor’s Degree in Computer Science Engineering. Passionate about the evolving world of blockchain and cryptocurrencies, he has been a dedicated voice in the industry since 2018. Prashant’s expertise lies in regulatory reporting, where he unravels complex legal and financial developments with clarity and precision. Before joining CCN in 2024, he honed his craft at Cointelegraph, establishing himself as a trusted name in crypto journalism.

His coverage spans major industry events, including the high-profile collapses of FTX, Three Arrows Capital (3AC), and LUNA, offering readers insightful analyses of their regulatory and market implications. Prashant’s technical background enables him to bridge the gap between intricate blockchain technology and its real-world applications, making his work accessible to novices and experts.

Beyond his professional pursuits, Prashant is an avid music enthusiast, often exploring diverse genres to unwind. A sports lover, he has a particular passion for cricket and frequently engages in discussions about the game. His multifaceted interests and sharp journalistic instincts make him a valuable contributor to CCN, where he continues shaping the crypto landscape's narrative.

Related

Survey Icon
Help us improve
1 of 4
Is this your first time here?
What brought you here today?
What are you most interested in?
Would you be interested in:
Thank you icon
Thank you for your feedback!
DMCA.com Protection Status