ATTEST: OFAC and BSA compliance, proven on-chain and stored nowhere.
ATTEST is ZeroVaultID's attestation protocol. It proves an institution ran the checks an examiner cares about, OFAC sanctions screening, BSA and AML, KYC, source-of-funds, and returns a tamper-evident receipt with none of the underlying data retained. Live on a public testnet API today, anchored on Base Sepolia. The pivot now underway is portability: building on Canton, ATTEST extends into cross-rail attestation portability, a patent-pending protocol for carrying a compliance result between institutions and rails without re-running the check. This page is the plain-English version: what is live today, why the category matters, and what to verify in diligence.
ZeroVaultID's attestation protocol for on-chain finance. Prove the OFAC and BSA checks ran, return a tamper-evident receipt, and retain none of the underlying data. The proof is deterministic, so an examiner can re-verify it years later and get the identical result.
Zero-knowledge proof
Noir and UltraHONK. OFAC screening, BSA checks, KYC, and source-of-funds, proven without exposing the data behind them.
Tamper-evident receipt
A VRID anchored on Base Sepolia testnet, verifiable on-chain by an examiner with no vendor in the loop.
Deterministic by design
Re-run the proof years later for an audit and it returns the identical result.
Zero retention
No PII sits behind the receipt. Retention is zero by protocol, not by policy.
Building on Canton: cross-rail attestation portability, a patent-pending protocol for carrying a compliance result between institutions and rails without re-running the check.
OFAC and BSA compliance is the wedge. Portable attestations are the category.
Every regulated industry runs the same loop: verify a customer attribute, store the evidence, prove it to an auditor years later. The evidence is the file you keep. The file you keep is the breach you're going to suffer.
ZeroVaultID is the identity and attestation infrastructure for on-chain finance, built so institutions can prove compliance without re-sharing customer data. You already hold the verified credential you are legally required to hold. Our Noir stack generates a zero-knowledge proof from it, mints a VRID, anchors it on Base Sepolia testnet, and chains it into the customer's FCR Audit, a per-customer ledger with cryptographically enforced continuity. Counterparty onboarding, periodic re-KYC, auditor spot-check, regulator review, each is satisfied by a deterministic lookback across the chain. The PII never leaves your perimeter. The pivot now underway is portability: building on Canton, we are extending the same stack into cross-rail attestation, so a compliance result can travel between institutions and rails without re-running the check.
Sanctions screening and BSA reporting are where the pain is sharpest: every institution moving value on-chain has to prove OFAC and AML checks ran, to an examiner, years after the fact. The same engine proves KYC, source-of-funds, accredited-investor status, and counterparty eligibility, anywhere data minimization meets an audit requirement. One engine. Every regulated check.
Four layers. Each one provable.
The stack is composed of four production layers working together. Each layer is built on open standards and is independently verifiable, there is no proprietary trust assumption a regulator has to take on faith.
Verifiable credential
The customer holds a W3C Verifiable Credential issued by a trusted authority, a bank, government, or qualified issuer. We don't issue credentials. We don't store them. We work with whatever the customer already has.
Zero-knowledge proof
The proof is generated in the customer's browser. The required attribute (age, residency, accreditation) is mathematically demonstrated without revealing the data behind it. The proof is small, fast to verify, and reveals nothing else.
VRID attestation engine
Compliance attestation format. Records that a specific check passed at a specific time, without recording any of the underlying data. The attestation is the artifact your auditors and regulators verify. Replay-resistant, audit-compliant, lookback-ready.
On-chain anchor
Each VRID is anchored on Base Sepolia testnet and chained into the customer's FCR Audit, a per-customer compliance trail with cryptographic continuity. Every new attestation links to the previous one through on-chain enforcement, so the entire history is tamper-evident and walkable. Each event produces a replay bundle, proof, verification key, and audit factors, no PII, that auditors, regulators, and counterparties can independently verify, confirm continuity, and look back across every event for any customer, without ever touching the underlying data.
Banks, networks & financial institutions
- KYC & KYB attestations, prove the check happened, store nothing
- OFAC sanctions screening attestations, verifiable, replayable, audit-compliant
- AML transaction monitoring attestations, verified evidence for SAR support
- Accredited investor verification, Reg D / Reg CF–compatible
- Cross-border identity attestations, for correspondent banking and CMS
- Cross-rail attestation portability, carry a compliance result across rails without re-running the check (patent-pending, on Canton)
Regulators & government
The pitch in one sentence
An attestation format your regulated entities can give you that you can verify directly, without taking custody of citizen data and without trusting the regulated entity's word for it.
Why this changes audits
Today, when a regulator needs to verify that a bank ran KYC on a customer, the bank produces a file. The regulator trusts the file. The file is mutable. With mathematically verified attestations, the regulator verifies the math directly. The attestation cannot have been forged after the fact. It's a strictly stronger audit primitive.
- Selective disclosure by design, ZK proofs reveal only the attested predicate, never underlying data
- Independently verifiable, regulators verify proofs against the on-chain anchor without ZeroVault access
- BSA / FinCEN-compatible audit trails, without citizen data exposure
Investors & partners
What's been built
A live four-layer zero-knowledge compliance stack: nine Noir circuits compiled, CR-05 running on a public testnet API, and smart contracts deployed and verifiable on Base Sepolia, all under a Delaware C-Corp. Issuer-agnostic credential intake, with a static MATTR test credential on testnet today. Cross-rail attestation portability is in development on Canton. Solo founder build to date, actively recruiting a technical co-founder.
The market motion
Three forces converging on the same primitive: institutional settlement moving onto on-chain rails like Canton, US BSA and OFAC enforcement demanding verifiable, machine-readable compliance evidence, and tokenization under US digital-asset bank charters putting real assets on-chain. The buyers: regulated banks, tokenization platforms, and the institutions settling on those rails.
What we're working on
- Cross-rail attestation portability, patent-pending protocol, in development on Canton
- Technical co-founder, Aztec / Noir ecosystem, ZK engineer
- Pre-seed round, currently exploring
Verifiable, not claimed.
Everything below is independently verifiable by you, today, without our involvement. We don't ask for trust, we ask for verification.
Attestation registry on Base Sepolia
Validated on BaseScan. Anchors all VRID attestations. View the contract source, transaction history, and event log directly.
0xCB95671b9BB722caDfA67C462A9b0454354c3264Live anchor and verify endpoints
A public testnet API anchors and verifies VRID attestations on Base Sepolia. Issuer-agnostic intake; a static MATTR test credential feeds the testnet today.
/anchor · /verify · Base SepoliaEnd-to-end working stack
A W3C Verifiable Credential, Noir/UltraHONK proof verification in the browser via Barretenberg WASM, and on-chain anchoring on Base Sepolia testnet. CR-05 (KYC clearance) drives the live verification; nine circuits compiled and proven.
zerovaultid.com/demo →Verify the math. Then let's talk.
If you're a buyer, partner, regulator, or investor evaluating ZeroVault, start with the live demo. Then reach out and we'll walk through whatever's relevant to your context.