hackquest logo

Untraced

Zero-knowledge identity verification that lets users prove Web2 attributes on-chain without compromising privacy

Videos

Tech Stack

Next
Web3
Solidity

Description

Untraced is a zero-knowledge verification protocol built on Mantle that enables decentralized applications to verify user attributes without exposing sensitive personal data.

The Problem:

Web3 applications increasingly need to verify user credentials to provide meaningful services. Age verification is required for restricted content and regulatory compliance. Email verification enables communication and account recovery. GitHub activity proves developer reputation for grants and DAOs. Social presence verification helps establish identity for community features. However, current solutions present an impossible choice: users must either sacrifice their privacy by sharing raw data, trust centralized identity providers that create honeypots of sensitive information, or forgo verification entirely and miss out on features they want to access.

This fundamental tension between functionality and privacy has held back Web3 adoption. Users who value the self-sovereignty promises of blockchain technology are understandably reluctant to hand over government IDs, email addresses, or social account access to every dApp they interact with. At the same time, dApp developers struggle to build sophisticated applications without some form of identity verification.

Our Solution:

Untraced provides a developer-friendly SDK that integrates verification in just 3 lines of code. Users can prove:

  • Email ownership without revealing the address

  • Age thresholds (18+, 21+) without exposing date of birth

  • GitHub activity (commits, repos) without linking their identity

  • Twitter/X presence (followers, verified status) anonymously

  • Wallet balance minimums without revealing exact amounts

How It Works:

The Untraced verification flow is designed to feel familiar to Web3 users while maintaining strong privacy guarantees at every step. When a user needs to verify an attribute, they interact with our modal interface which guides them through the process. The experience is similar to connecting a wallet through WalletConnect or RainbowKit.

For OAuth-based modules like GitHub and Twitter, we handle the authentication through secure popup flows. The user grants temporary access to their account, we extract only the minimum information needed to generate a proof, and then immediately discard all other data. The OAuth flow never touches the dApp's servers directly.

Once we have the raw data, our backend generates a zero-knowledge proof that verifies the specific claim. This proof mathematically demonstrates that the user meets the criteria without revealing the underlying data. For example, an age proof shows that the birth date is before a certain cutoff without revealing what that date actually is.

Our attestor service then creates an EIP-712 signed attestation containing the proof result. This attestation format is the standard for typed structured data signing in Ethereum and ensures that verifications cannot be forged or tampered with. Each attestation has a 30-day validity period after which re-verification is required.

Finally, the attestation is submitted to our smart contracts on Mantle. The contracts verify the signature, check the attestation validity, and record only the boolean result. At no point does any personal data touch the blockchain. The dApp simply queries our registry contract to check whether a given wallet address has a valid verification for the required attribute.

Key Features:

  • True Zero-Knowledge Architecture ensures that smart contracts only ever see a simple boolean verification result. No email addresses, birth dates, usernames, or token balances are stored on-chain. The cryptographic proofs guarantee that these values existed and met the criteria, but the values themselves remain completely private.

  • Drop-in React SDK makes integration trivially simple. Developers import our UntracedModal component, wrap their application with our provider, and call a single verification function. We handle all the complexity of OAuth flows, proof generation, wallet signing, and contract interactions behind a clean API.

  • Fully Automated OAuth Integration means developers do not need to set up their own GitHub or Twitter OAuth applications. Our infrastructure handles the authentication flows securely and returns only the verification result to the integrating dApp.

  • On-chain Attestation Registry provides a permanent, queryable record of valid verifications on Mantle. Attestations are EIP-712 signed for security and have configurable validity periods. Smart contracts can verify attestations without trusting any external oracle.

  • TypeScript-First Design provides full type safety, autocomplete support, and excellent developer ergonomics. Our SDK is designed for the modern TypeScript ecosystem and integrates seamlessly with popular frameworks like Next.js and Vite.

  • Customizable UI Components support dark and light themes out of the box with customizable accent colors to match your brand. The modal interface is responsive and mobile-friendly.

Use Cases:

Untraced enables entirely new categories of Web3 applications that were previously impossible due to the privacy-functionality tradeoff.

  • Age-Gated Platforms can now verify user age for regulatory compliance without collecting or storing sensitive documents. NFT platforms selling adult content, DeFi protocols with jurisdictional restrictions, and gambling dApps can all verify age while respecting user privacy.

  • Developer DAOs and Grant Programs can require proof of GitHub contribution history without forcing developers to link their coding identity to their wallet. This preserves the pseudonymity that many developers value while still enabling merit-based access.

  • Social dApps can verify Twitter presence for features like influencer tiers or verified badges without connecting social identities to blockchain addresses. Users can prove they have significant social reach without doxxing themselves.

  • Sybil-Resistant Voting becomes possible through email verification that confirms unique personhood without collecting actual addresses. Each email can only be used once while the email itself remains private.

  • Token-Gated Communities can verify minimum balance requirements without revealing exact holdings, maintaining financial privacy while enforcing access controls.

Impact:

Untraced represents a fundamental shift in how identity verification works in Web3. By combining zero-knowledge cryptography with excellent developer experience, we enable dApps to implement sophisticated verification without forcing users to choose between functionality and anonymity. Users maintain complete control over their personal data while still being able to prove the attributes that matter for the services they want to access.

We believe privacy is not just a feature but a fundamental right, and that Web3 should enhance rather than compromise user privacy. Untraced makes privacy the default while still enabling the verification capabilities that dApps need to build meaningful applications. By deploying on Mantle, we leverage fast and affordable transactions to make private verification accessible to everyone, not just those who can afford high gas fees.


Live Link: https://www.untracedzk.xyz/
Docs Link: https://untraced.gitbook.io/untraced-docs/

Fundraising Status

We are now seeking seed funding to expand our verification module library, conduct professional security audits of our zero-knowledge circuits and smart contracts, and grow our engineering team. Our goal is to raise $30k to accelerate mainnet launch on Mantle and establish Untraced as the standard privacy-preserving identity layer for Web3.
Team Leader
AAbhirup Banerjee
Project Link
Sector
InfraOther