Mitigating credit fraud in the world of web3

DeFi users are pseudonymous by default, so how do you prevent someone building up a good credit score, taking out a loan and then never repaying?

TLDR: where appropriate we verify identity!

With our focus on quantifying on-chain lending risk, we’ve had various flavours of this question, and it’s a good question!

We use proprietary on-chain analytics to mitigate fraud and partner with leading identity verification and attestation protocols to support the credit decisioning process. In addition, we’re also actively exploring privacy-preserving identity attestation approaches which combine security and pseudonymity. Let’s take a look.

Some credit use cases need verified identity, some do not

Blockchains are distributed ledgers that record open, fair and transparent data. We’ve built enterprise-scale data ingestion infrastructure to read, interpret, analyze and model on-chain activity and last year, we produced one of the world’s first predictive web3 credit scores. Our score is associated with the activity of a single address, but we can also score collections of addresses together to evaluate the activity of a single beneficial owner, what we call “identity-based scoring”.

While credit scores can be useful in their own right:

When it comes to lending, credit scores may be used in isolation (the “qualifying access” scenario described above), but most frequently they’re part of a credit decisioning process. If credit scoring is used to reduce the collateral requirements of over-collateralized loans, enabling capital-efficient loans, it may be that no other credit, asset or identity verification is needed. Fraud vectors, where a user intentionally defaults on a loan are mitigated because they’ve still supplied collateral with a higher value than the loan.

When we enter into the territory of under-collateralized, and un-collateralized loans (for example BNPL loans), additional credit decisioning factors are most likely needed: Is the loan applicant qualified? If so, what’s the maximum amount of loan that may be offered? What recourse is available if the user fails to repay? What pricing reflects the risk of the applicant?

Loan qualification and amount may be informed by credit score and credit reporting respectively. An account with an “Excellent” credit score should probably not be offered a 1000 USDC loan if their total assets are close to 1000 USDC, however they may be eligible if their total assets are worth 100,000 USDC — there is reasonable expectation that the account holder has the resources to fulfill their loan obligation.

Currently in DeFi lending, accounts are assumed to be unscorable and pseudonymous. The question of what recourse is available if a user fails to repay is answered by over-collateralization and smart contracts. This mechanism is “safe”, however, it restricts the productive use of capital and excludes common lending scenarios where users want access to finance beyond their current resources.

Recourse in under-collateralized lending usually happens by identifying the borrower, enabling the lender to take remedial action (note: other recourse mechanisms could involve escrow facilities, sanctions or other reputational consequences). The nature of identity attestation depends on the credit decisioning process and context:

Identity may be attested through a variety of mechanisms — typically the choice of the lending venue or the lender themselves. Users who prioritize anonymity may have to accept limitations on their access to under-collateralized lending products or accept less favorable terms for those products (note: there are exciting developments in ZK proofs which may enable credit risk assessment and anonymity, stay tuned!). Cred Protocol supports the full range of identity attestations from pseudonymity to full KYC, as appropriate:

Mitigating fraud isn’t a single activity, it’s a process of layering defenses to make “fraud” as costly as possible. We at Cred Protocol have in-house capabilities including on-chain analytics, transaction graph analysis, machine learning techniques, on-chain identity attestations and we also partner with an ecosystem of identity and KYC/AML specialists including:

Coinbase, Quadrata, Masa Finance, Oasis Protocol, (Consensys) MetaMask, (Celo) Valora (please reach out if we should be talking!)

If you’d like to engage our team, hop in our Discord or drop us a line at or follow @cred_protocol to learn more.



Cred Protocol is a decentralized credit score that quantifies on-chain lending risk at scale using open, fair and transparent blockchain data.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Cred Protocol

Cred Protocol is a decentralized credit score that quantifies on-chain lending risk at scale using open, fair and transparent blockchain data.