← back to blog

How to handle KYC airdrops with multiple identities legally

How to handle KYC airdrops with multiple identities legally

the airdrop meta has shifted hard toward KYC gates. what used to be a wallet-signature-and-you’re-done process is now a full document submission workflow, sometimes with liveness checks, proof-of-address, and tax residency declarations. Binance Launchpool, Coinbase-listed token distributions, Arbitrum ecosystem grants, and almost everything coming out of regulated labs now require at minimum a government-issued ID and facial biometrics. for operators who previously ran dozens of wallets from a single machine, this is not a minor change, it is a structural shift in how airdrop capacity is built.

the instinctive response from a lot of the community was to hunt for identity spoofing solutions. that path is fraud, full stop, and i won’t go down it here. but there is a legitimate version of this problem that deserves serious treatment: how do you, as an operator or someone with a family unit and a small business structure, participate across multiple legally distinct identities without creating fake personas? this is not an edge case. a married couple in Singapore running a household together and a private limited company they registered for crypto trading purposes has three distinct legal identities that can each receive an allocation, assuming the project’s terms permit it.

the stakes are real on both sides. getting this wrong by committing KYC fraud exposes you to criminal liability in most jurisdictions, not just platform bans. getting it right by using your legitimate legal structures and family relationships means you are doing nothing more than what institutional participants have always done. this guide is about the legitimate version.

background and prior art

KYC requirements in crypto airdrops emerged slowly from 2020 onward but accelerated sharply after the SEC’s enforcement actions against token issuers in 2022 and 2023. the logic is simple: if a token is even arguably a security, the issuer needs to know who they’re distributing to, and US persons in particular need to be excluded or treated under different rules. projects that want to list on Coinbase or Kraken have to satisfy those exchanges’ compliance teams that the distribution was clean. this is documented publicly, including in Coinbase’s asset listing framework.

the result is an industry that now mostly uses one of a handful of KYC vendors: Jumio, Onfido, Persona, Fractal ID, or Synaps. each of these maintains databases that cross-reference submitted documents. if you submit a passport to two different projects using the same vendor, the vendor knows. this has real implications for the “one person, two accounts” model that was common before 2022. what it does not change is the legitimacy of a single household having genuinely separate legal persons participate. the FATF recommendations on beneficial ownership are explicit that natural persons and legal persons are distinct, and that family members are not the same legal entity simply by virtue of being related.

in Singapore specifically, the Monetary Authority of Singapore’s Notice on Prevention of Money Laundering and Countering the Financing of Terrorism governs how digital payment token service providers are required to conduct KYC. it does not prevent family members from each having their own accounts, nor does it prevent a company from holding tokens separately from its shareholders.

the core mechanism

the central idea is simple: legal capacity is not the same as operational control. you can be the person who manages the day-to-day for multiple legally distinct participants without those participants being “the same” for KYC purposes. what makes this legal rather than fraudulent is that each identity is genuine, has its own documents, its own beneficial ownership, and each participates with real consent and real entitlement to whatever it claims.

there are three tiers to this in practice.

tier one: natural persons in your household

your spouse, your adult children, your parents, a sibling who lives with you. each of these is a legally distinct natural person with their own passport and their own right to participate in any public token distribution that allows residents of their country. the work here is logistical: each person needs their own email address, their own device or at minimum a fresh browser profile, their own wallet, and they need to complete their own KYC submission independently. you can assist them but the submission must be theirs.

the critical line is beneficial ownership. if the tokens go into a wallet that they control and the proceeds eventually flow to you via some undisclosed arrangement, that is potentially structuring or fraud depending on jurisdiction. if they legitimately keep their allocation, or if you have a transparent profit-sharing arrangement (documented, with appropriate tax treatment), that is a different matter. this is not legal or tax advice, consult a qualified professional in your jurisdiction before setting this up.

tier two: legal entities

a company, a trust, or an LLC (where available) is a separate legal person. in Singapore, a private limited company incorporated under the Companies Act is a distinct legal entity from its shareholders and directors. if both you personally and a company you own participate in an airdrop, those are two distinct KYC identities, both legitimate, assuming the project’s terms permit corporate participation.

many projects explicitly allow or even welcome corporate participants. some restrict to natural persons only. you need to read the eligibility terms carefully. Arbitrum’s token distribution in 2023, for example, had specific provisions about smart contract wallets and DAO treasury addresses that were distinct from individual participant addresses. the terms govern, and violating them is a breach of contract even if it is not criminal fraud.

for corporate KYC you typically need: certificate of incorporation, memorandum and articles of association, proof of registered address, beneficial ownership declaration, and the passport and address proof for the authorised representative completing the KYC. Synaps and Persona both have corporate KYC flows that handle this. budget at least a week for corporate KYC compared to under an hour for individual KYC.

tier three: jurisdictional diversity

if you have legitimate tax residency or citizenship in more than one country, you may have two valid identity documents in different names or formats, each reflecting a genuine national identity. this is not unusual for people in Singapore with second passports. each passport represents the same natural person, which means you cannot use both to claim two allocations, that would be fraud. but if a family member holds different citizenship, that is simply their legal identity.

the operational pattern that emerges across these three tiers is a matrix. you maintain a spreadsheet (or a properly structured database if you are running at scale) that maps: legal person, jurisdiction, KYC vendor history, wallet addresses, and participation history per project. the goal is to never accidentally submit the same person twice to the same project, and to track which vendors have already seen which documents.

for browser fingerprinting and IP separation, which projects check at the application layer independently of KYC, see the antidetect workflow guides at antidetectreview.org/blog/ for current tool comparisons. the fingerprinting question is orthogonal to identity legality but it is practically relevant because many projects do soft sybil detection before KYC and will flag clusters for manual review.

worked examples

example 1: household of three in Singapore

a household consists of a Singaporean citizen (me), a Malaysian spouse with Singapore PR, and a parent who is a Singapore citizen. each holds a valid government-issued ID. a major DEX announces a token airdrop open to all non-US persons who interact with the protocol before a snapshot date.

each person interacts with the protocol independently, using separate MetaMask wallets funded from their own accounts (or from a single source but documented as loans or gifts, which requires its own tax treatment). each submits their own KYC through Fractal ID using their own passport, email, and phone number. result: three independent allocations totaling, hypothetically, 15,000 tokens at a launch price of $0.40, or $6,000 in aggregate.

the operational overhead is about four hours spread across the KYC submissions and wallet setup. the legal overhead is keeping records that show each person genuinely controlled their own wallet and received their own allocation. the risk is that two of the wallets funded from the same source address get flagged as linked. mitigation: fund each wallet from a different CEX withdrawal address, not from a shared on-chain parent wallet.

example 2: individual plus corporate in Hong Kong

a trader runs a single-person Hong Kong limited company for crypto trading. when a new L2 announces a points program leading to a token allocation, they participate both personally and through the company, since the program’s terms explicitly allow legal entities.

personally: 1,200 points earned through bridge and swap activity. corporate: 1,800 points earned through higher-value bridge transactions done via the company’s designated wallet.

at token generation event, the individual receives 12,000 tokens and the company receives 18,000. the individual holds their allocation in a personal wallet. the company’s allocation sits in a multisig controlled by the company, and any eventual sale is accounted for on the company’s books.

the overhead here was the corporate KYC (five business days, one rejected submission due to a mismatched director name format, resubmitted and approved). the legal cost was a one-hour consultation with a HK solicitor to confirm the structure was clean. the total cost was roughly HKD 3,200 in professional fees plus about twelve hours of setup time.

example 3: two siblings with different national identities

two brothers, one holds Singapore citizenship, one emigrated and naturalised in Canada. both participate in a DeFi protocol airdrop that is available to non-US, non-sanctioned persons. the Canadian brother participates through a VPN to a Canadian endpoint (his actual location at the time), submits his Canadian passport. the Singapore brother participates from Singapore, submits his Singapore passport.

they are entirely separate persons with separate documents. the KYC vendor sees two unrelated identities. the on-chain addresses are separate. the only connection is that they know each other, which is not a violation of any term any project has ever published.

the practical coordination task is making sure their wallets are not visibly linked on-chain. funding both from the same exchange account withdrawal would create an on-chain link. using separate exchange accounts or at minimum withdrawing to an intermediate address first breaks that link cleanly. for a detailed look at on-chain separation strategy, the multi-account operations guides at multiaccountops.com/blog/ cover this in more depth than i will here.

edge cases and failure modes

failure mode 1: submitting the same person twice

this sounds obvious to avoid, but it happens when you are managing KYC submissions for multiple family members and you accidentally use the same passport photo for two submissions, or the same email address. Jumio and Onfido both maintain hash-based document deduplication. if the same document number appears twice, even months apart, the second submission will fail and may flag the first.

counter-strategy: maintain a master log. before any KYC submission, check the log. the log should contain: full name, document type, document number, issuing country, KYC vendor, project name, date submitted, outcome.

failure mode 2: beneficial ownership misrepresentation

participating in an airdrop as a company but then immediately transferring the tokens to your personal wallet and not accounting for it properly is a problem. it is either a distribution from the company (which has tax and corporate governance implications) or it is evidence that the corporate participation was a sham. either way it creates exposure.

counter-strategy: decide upfront whether the company’s allocation is the company’s asset or whether you are using the company as a pass-through. if the former, keep it on the company’s books properly. if the latter, you are doing something that at minimum violates the project’s spirit and possibly the law, and you should not do it.

failure mode 3: terms of service violations that are not fraud but still lose you allocations

many projects have terms that say one account per person and define “person” to include entities you control. some explicitly say that a person and a company they own count as one participant. violating this may not be criminal fraud but it will result in clawback of the duplicate allocation at token generation. read the terms. specifically look for language around “affiliated entities”, “controlled wallets”, and “related persons”. Uniswap’s original airdrop criteria documentation is a useful reference for the kind of language that appears in these terms.

failure mode 4: the KYC vendor sharing data across projects

Fractal ID in particular operates a shared identity layer that multiple projects use simultaneously. if you submit to one Fractal ID project and then submit to another, the vendor already has your record. this is fine for legitimate identities. it becomes a problem if, for any reason, your record was flagged on one project, because that flag may carry over. check vendor-specific documentation on data sharing policies before assuming submissions are siloed.

failure mode 5: on-chain clustering before KYC is even checked

some projects run sybil detection algorithms on the raw on-chain data before they even look at KYC submissions. if your family members’ wallets all funded from the same address, interacted with the protocol in the same hour, and submitted to the KYC portal from the same IP address, the system may cluster them as one entity regardless of whether each submitted a unique passport. the KYC check then becomes moot because the system has already marked them for review.

counter-strategy: time-separate the interactions, IP-separate the submissions (each person on their own device and network), and chain-separate the funding paths. this is not about hiding anything, it is about the wallets genuinely reflecting separate activity by separate people, which is what you are claiming.

what we learned in production

running this structure across a household and a small company for about eighteen months, the biggest operational lesson is that the limiting factor is not identity capacity, it is time and coordination. KYC submissions take longer than you expect, corporate KYC especially. documentation expires. a passport that was valid when you submitted to project A may have been renewed before project B’s deadline, which means the vendor may see two different document numbers for the same person. this is fine and explainable, but it requires you to keep your records current.

the second lesson is that the quality of legal structures matters enormously. a properly incorporated company with clean corporate records and a clear beneficial ownership declaration sails through corporate KYC in five days. a hastily registered offshore entity with incomplete records takes weeks and often fails. the administrative overhead of maintaining a clean company is not trivial but it is a one-time fixed cost that pays back across multiple distributions. my Singapore PLC has now passed corporate KYC for four separate projects. the marginal cost of the fifth will be near zero because all the documentation is already prepared and current.

a note on proxy and fingerprinting infrastructure: this is a separate layer from identity but it is operationally linked. even with entirely legitimate identities, you need each person’s submission to come from an appropriate IP and browser environment. a project that sees three KYC submissions all originating from the same residential IP at the same time will be suspicious regardless of how clean the documents are. each person should genuinely be submitting from their own device and network. where that is not practical, device-level separation with separate network connections is the minimum. proxyscraping.org’s residential proxy guides have current benchmarks on which providers give clean residential IPs suitable for KYC submission contexts.

for projects that become large enough to be worth significant investment in this infrastructure, the marginal return on having a clean legal structure substantially exceeds the marginal return on trying to push technical limits. a single legitimate corporate allocation from a well-documented company is worth more and carries less risk than five marginal wallets that are always one sybil-detection pass away from clawback.

references and further reading

for related operator methodology on this site, see the airdrop infrastructure deep-dives, the multi-wallet operational security tutorial, and the guide to entity structures for crypto operators.

Written by Xavier Fok

disclosure: this article may contain affiliate links. if you buy through them we may earn a commission at no extra cost to you. verdicts are independent of payouts. last reviewed by Xavier Fok on 2026-05-19.

need infra for this today?

cloud phones
cloudf.one

real Android phones in a SG datacenter. run Telegram on persistent hardware with a real mobile IP. free trial.

try a cloud phone →
mobile proxies
SingaporeMobileProxy

real 4G/5G IPs from Singtel, M1, Starhub. for Telegram on desktop, app automation, or scraping. from $35/mo.

get a mobile IP →