AegisGate

AegisGate is a privacy-preserving compliance layer for decentralized finance (DeFi). It allows DeFi protocols to verify that their users are accredited investors and have passed KYC/AML checks — without ever exposing sensitive personal or financial data on the blockchain. Think of it as a bridge between traditional finance regulation and the on-chain world, where a protocol can ask "is this wallet compliant?" and get a simple yes or no, with zero access to the underlying personal data.

‍

What problem does it solve?

DeFi protocols face a fundamental conflict: regulators increasingly require them to verify users (checking identity, financial status, and accreditation), but users don't want their bank balances, Social Security numbers, or identity documents stored on a public blockchain — and centralizing that data defeats the entire purpose of decentralization. Today, protocols either skip compliance entirely (risking legal action) or collect sensitive data centrally (risking data breaches). AegisGate eliminates that tradeoff.

‍

How does it work?

AegisGate combines three technologies to make verification possible without data exposure:

‍World ID confirms that the user is a unique, real human being using a zero-knowledge proof — no personal identity information is revealed in the process.

‍Plaid is used to connect the user's bank account and check their balance. The balance is verified, but never stored or transmitted beyond the moment of verification.

‍Chainlink CRE (Confidential Runtime Environment) is the core innovation. It runs the entire verification process inside a Trusted Execution Environment (TEE) — a hardware-isolated enclave within the processor where even the Chainlink node operators cannot see the data being processed. The enclave verifies the World ID proof, exchanges the Plaid token, reads the user's bank balance, checks it against a configurable minimum threshold stored on-chain, and then destroys all sensitive data once the check is complete.

The only thing that ever reaches the blockchain is a signed attestation containing an anonymous nullifier hash and a boolean: isAccredited: true or false. No bank balance. No name. No identity documents.

DeFi protocols can then call a single function — isCompliant(wallet) — to gate access to their platform.

‍

The user journey in five steps:

1. The user enters their Ethereum wallet address
2. They scan a QR code with the World App to prove they are a unique human
3. They connect their bank account through Plaid Link
4. The data is bundled and sent to the Chainlink CRE enclave for confidential processing
5. The compliance result is written on-chain, and any approved DeFi protocol can verify it instantly

‍

What goes on-chain vs. what stays private:

On-chain (public): an anonymous nullifier hash, a true/false accreditation flag, a verification timestamp, and a cryptographic attestation proof.

Never on-chain: bank balances, account numbers, names, SSNs, passport data, Plaid tokens, or any financial history.

‍

Why it matters:

AegisGate makes it possible for DeFi to meet real-world regulatory requirements without becoming a surveillance system. It proves compliance without revealing the evidence — giving regulators what they need, giving users privacy, and giving protocols a legally defensible path forward.