Turn your bank account into a crypto wallet — IBANovich.com

Mountains

Saturdays are my favorite days to work from the coworking space of the coliving I’m staying at in the French Alps: it’s quiet and since I’m already (nordic) skiing almost every day there’s no FOMO to join the others.

Anyway I was there, surrounded by mountains, when I stumbled upon Stefan’s thread. It resonated with me. A lot. Bridging crypto with the real/legacy/fiat world had been my focus at Multis, and then last year with the crypto.coliving attempt.

One of the tweet mentioned Monerium. It sparked something inside me, I had to dig deeper.

Monerium

From their website:

Monerium is authorised and regulated as an Electronic Money Institution (EMI). Monerium offers services to residents of the European Economic Area, the UK, and Switzerland. Issuing authorised and regulated e-money tokens, like the EURe, provides legal clarity and the most secure way to store user funds

In practice this means that you send Euros to Monerium and they issue crypto-Euros to your wallet. And then the other way around: you send them crypto-Euros and they send Euros to any bank account you specify.

You might want to label them as on/off-ramp service provider. A service that has been mostly provided by crypto exchanges so far: you send them fiat money in order to buy any crypto they support.

But these were never satisfying, for two reasons:

1. UX: clunky account creation, slow KYC check, even slower deposits, with stress-inducing transfers requiring weird looking memos, and finally below average support

2. Fees: once you have your Euros on the exchange you need to convert them to crypto, which incurs fees. These fees are maybe acceptable when buying into a volatile asset like ETH, but quite frustrating when converting to a stablecoin.

Monerium is improving upon those two aspects by leveraging the SEPA instant network. Transfers are almost real time, and Euros get converted 1:1 to crypto-Euros (represented by their EURE token) directly. Fees might apply in the future, but since there is no conversion per se I would expect them to be low.

I like to take the example of Revolut: if you top-up your account with 100€ you expect to receive 100 Revolut-Euros. You can then send them to anyone on the Revolut network, invest in stocks within the app, or send it to any bank account.

Monerium is about unbundling banking, so instead of having your Euros limited to Revolut ecosystem you can take these crypto-Euros and do whatever you want with them in the open blockchain world.

Use cases

After finding out about Monerium I changed my agenda for the week and went deep into it: reading blog posts, listening to podcasts, and trying out the service itself. My goal was to find something to build with it.

There is an obvious use case for it: a company that holds crypto but also needs to be able to receive and send Euros. That’s perfect. They have a Gnosis Safe (what else?), they register an account on Monerium, and voilà !

But I’m not building bank accounts for crypto companies anymore, so I wanted to explore another use case. Maybe something for no-coiner retail investors. That’s where I got stuck.

I didn’t want an experience where users have to create a crypto wallet to interact with Monerium. That’d be already too much friction.

Opportunity

The following day I had a revelation: by leveraging the SEPA instant network, Monerium can actually turn a bank account into some kind of hybrid (on/off-chain) smart contract. Let me explain:

I register an account on Monerium. That gives me an IBAN linked to my crypto wallet. Every time Euros arrive on that IBAN, they get minted as crypto-Euros represented by EURE tokens in my crypto wallet.

But I can also get Monerium to send me through their API (over websockets) a payload with information about that transfer. Including the sender’s IBAN.

That means that suddenly I have an identity system: that unique IBAN identifies a user. I can use these minted crypto-Euros on behalf of that user.

What’s needed is a smart contract to map an IBAN (or a bytes32 hashed version of it) to anything that Solidity can represent and that can be linked to that user. I call it an hybrid smart contract because it sits on-chain but is controlled by an off-chain (SEPA) action.

It’s now about finding that “anything”.

Son of IBAN

After some back and forth I decided to go for a product with these 3 user stories:

1. As a user I send a SEPA instant to an IBAN in EUR to buy shares of a DeFi ETF called DPI

2. As a user I can check the balance of my IBAN in terms of these DPI tokens

3. As a user I send a SEPA instant to the same IBAN to convert my shares and get EUR straight into my bank account

Why DPI? Because ETFs are very popular for retail investors outside of crypto. And DeFi because a lot of people who heard about DeFi have no idea how to get exposed to it.

As I read in the Ikigai book, it’s very important to give names to your projects. In that case this product is powered by IBANs. Hence “Son of IBAN” → IBANovich.com

I recommend that you try it out. Open that page, get your phone with a banking app that hopefully doesn’t charge you for SEPA instant (in France it’s Boursorama or Fortuneo) and send something like 1€ to the IBAN adding the memo (or reference) “deposit”.

After some time you can enter your IBAN and check that your balance in DPI is positive. When you’ve made mad profits, send a last SEPA instant with the memo being “withdraw” to get it back.

Just to make sure it’s clear: IBANovich is not storing your IBANs on the blockchain, just a hashed version of it. Also just ping me on Twitter if something is not working. Your funds are safu ;)

Under the hood

For nerdy people who want to understand how it works:

• Monerium gives me an IBAN linked to my crypto wallet

• I connect to the Monerium API over web-sockets

• When a SEPA hits my IBAN, Monerium sends an order payload

• Containing the sender’s IBAN, the amount of EUR and the memo

• The same amount of EUR gets minted to my crypto wallet as EURE tokens

• A worker running on Cloudflare gets the order and controls my wallet

• It immediately deposits the EURE tokens in the IBANovich contract

• This will swap EURE for DPI

• And increase the balance of that (hashed) IBAN

• So the user can come and query that balance on-chain anytime

The same thing applies for withdrawals except that the worker will call the withdraw method on the contract instead of the deposit one.

Everything happens on the Polygon blockchain (although I would have preferred to do it on Gnosis Chain because Polygon is quite congested these days…) and you can go check the IBANovich contract by clicking on the title of the website. As mentioned it’s just a simple wrapper with 75 lines of code.

The DPI tokens are bridged from Ethereum mainnet where Index Coop is in charge of re-balancing it according to prices of underlying tokens.

And finally, what can we do without Uniswap? I created a pool for the EURE/DPI pair so that swaps are always possible (as long as people send small amounts!) as arbitragooors will come and keep it balanced.

Security

I know, I know: it’s custodial. I can take all the EURE in the IBANovich contract and leave with them. A rug pull is never great… That’s why it’s a POC.

But I realized it’s a similar trust assumption we make with Monerium. They could mint EURE tokens fraudulently, or upgrade their controller to allow adversarial capabilities on token transfers. They’re not doing it because it’s against their own interest, and they are regulated so law enforcement will come after them should they go rogue. It’s also very unlikely to happen when the owner becomes a multisig (Gnosis Safe again).

The rug pull on IBANovich is still there. One interesting thing though is that everything is transparent: a user can check their balance on-chain at any time, and monitor any weird activity in their account (the balance mapped to their hashed IBAN).

I’m just jamming here but we could push the transparency a step further. Inspired by the way we publish the code of smart contracts on Etherscan and trust them to confirm that what we see is what is deployed (a trust assumption that made samczsun happy).

We could let Cloudflare confirm that the code running behind IBANovich.com worker is the one I submitted. What if Cloudflare had a feature to “lock” that code so that it cannot be changed easily? That would be interesting.

That doesn’t remove the rug pull though. The private key controlling the wallet is hidden in Cloudflare but also somewhere else within my possession…

Compliance

The fun part for fun peeps!

What we see from the outside is that anyone can send me a SEPA and let me buy DPI tokens for them. Does it mean I am selling securities, or at least facilitating the purchase of securities?

Or am I just an interface between Monerium and DeFi, and since I’m already KYC’ed by Monerium I shouldn’t have to care?

That’s where there’s less fun. If i’m building a website to let people connect their wallet and swap on Uniswap I’m not a provider. But here, where do I sit? It could just be illegal.

No worries though, it’s just a POC (which took lots of time though…) and nobody should wait for regulators to tinker around anyway.

But I’m thinking about how this could become a proper product.

Generalizing

The first thing we can think of is allowing users to swap to any tokens available on Uniswap. And then why limiting to just swapping if they want to provide liquidity as well. It’s not everyday that you can send a SEPA and become a market maker!

The problem with my current POC is that all users are sharing the same vault contract. Making it difficult to differentiate between them should they do more than just holding tokens with non-dynamic balances (if you aKnow what I mean).

There is a solution though. Inspired by the Account Abstraction fanatics out there: let’s deploy a contract for each user (hashed iban) instead. Letting these contracts (a bunch of clones) interact with any other contract with any payload. The main IBANovich contract will still be the one depositing and withdrawing from them, but also calling that “forwarding” function with a destination address and abi-encoded payload.

This means that a user can control a smart contract by sending SEPA transfer. They have an identity on-chain represented by the address of that smart contract. And they can do everything a smart contract can do: provide liquidity on Uniswap, borrow on Compound, or just send everything to the dead address (not recommended).

Now, who should provide this IBANovich service? It has to be a regulated entity in order to disincentivize rug pulls. Because that intermediary needed to call these contracts (and also pay for gas) can withdraw funds at any time.

I’m wondering if Monerium itself could provide such a service, while pushing for progressive self-custody:

• Users create an account for basic KYC and can then access the blockchain world with their IBAN

• They can later connect their own crypto wallet and claim the ownership of their IBANovich contract

I’ll stop here with my weird ideas and let the curious reader explore this design space further :)

---

IBANovich?

Turning bank accounts into crypto wallets and letting them buy into DeFi.

IBANovichovich?

Turning bank accounts into crypto wallets and letting them call any smart contract by passing an address and a payload in memos of SEPA transfers.

A meme, maybe?