Overview

The Travel Rule is an international anti-money laundering (AML) standard that requires virtual asset service providers (VASPs) to transmit key details about the originator (sender) and beneficiary (recipient) of certain blockchain transactions.

As WhiteBIT Australia is registered with AUSTRAC and follows its requirements, we are activating the feature on 1 July 2026, providing a clear workflow to submit the required data so your funds can clear with minimal delay and full AUSTRAC compliance.

To comply with the international Travel Rule regulations, we introduce important and mandatory updates to the deposit and withdrawal processes and API functionality. Please note that this is only the first iteration of Travel Rule updates, and additional changes are expected in the near future.

Deposit confirmation

When you fund your account, we are legally required to collect basic information about the sender. Until you complete the Travel Rule check, we cannot credit your deposit to your account.

To confirm your deposit, go to the “History-Deposits” section, find the required deposit and press the “Verify” button to open the confirmation form (this button appears automatically if the deposit needs additional data). The next steps depend on the source of the funds.

 

Deposit from another VASP (exchange, broker, custodial wallet)

 

To confirm a deposit from another VASP, you have to fill in the data as follows:

1. Select “Received from a VASP”.

2. Provide:

 

• Sender’s full legal name (individual or company);

• Sender’s country of residence/registration;
• VASP name.
  
  3. Press Submit.

4. Wait for WhiteBIT to review your application.

 

Please note: make sure the name and country match the information that the sending exchange can confirm. Otherwise, you will receive a follow-up request.

 

Deposit from a self-hosted (non-custodial) wallet

1. Select “Received from a self-hosted wallet”.
2. The system launches an AOPP (Address Ownership Proof Protocol) check. AOPP is an open protocol that proves you control the sending address without revealing any sensitive data.
3. In your wallet, sign the message generated on the verification interface — no private keys are exposed.
4. Paste the signature into the form and click Confirm.
5. Once the signature is verified, your deposit will be credited.

Please note: the deposit will remain uncredited until you complete the Travel Rule steps.

Changes in Withdrawals Interface

Additional information will now be required when making a crypto withdrawal. To begin, 

1. Go to the Withdrawal History page.
2. Find your latest deposit with the status “Awaiting verification”.

3. Click the “Verify” button at the bottom.
4. Choose Yes or No to the question ‘Is this your own wallet?” and tick the box to agree to the privacy statement. You can also choose to continue on your phone if you need to verify your wallet on your phone. Otherwise, click "Continue on this device”.

5. Complete the fields to confirm the recipient details.
   1. Company or individual: Is the recipient an individual or a company?
   2. Wallet type: Unhosted wallet (personal wallet like Metamask) or Hosted wallet (another exchange, custodian, etc. holding the crypto)
   3. If the wallet type is Hosted wallet, select the hosted platform under Select VASP
   4. If an individual, enter the person's full name. Otherwise, enter the company's legal name.
   5. Enter the residential or company address of the recipient.

6. If the wallet type is an Unhosted and it is your own wallet, you need to perform a wallet verification test.

7. Select your wallet from the list and click Connect wallet.
8. The following fields must be completed:

• Destination Platform: Specify the platform to which the funds are being sent.
• Receiver Type: Indicate whether the receiver is an Individual or a Legal Entity.
• If Individual: Provide the receiver’s First Name and Last Name.
• If Legal Entity: Provide the Entity Name and Entity Address.
  
   

These fields ensure the required information is captured during the withdrawal process, aligning with compliance standards.

Process of withdrawal of funds from AOPP in accordance with Travel Rule requirements

The Address Ownership Proof Protocol (AOPP) helps cryptocurrency platforms comply with regulations like the Travel Rule, which requires identifying and verifying the parties involved in cryptocurrency transactions. AOPP ensures that you, as a user, prove control of your external wallet address before withdrawing or receiving funds.

The Travel Rule usually requires crypto service providers to collect certain information (sender/recipient details) whenever transferring funds between regulated entities or user-owned addresses. AOPP streamlines that process by automating the verification of wallet ownership.

 

Why Is AOPP Necessary?

• Regulatory Compliance: The Travel Rule mandates that specific data about senders and receivers is shared between financial institutions to reduce illicit activity.
• User Experience: AOPP automates address ownership checks, reducing manual steps like screenshot uploads or signing random text strings
• Data Accuracy & Security: By verifying the address through a cryptographic signature, AOPP ensures that your address is indeed under your control before proceeding with transfers.
  
   

Step-by-Step AOPP flow

1. Initiate a Withdrawal or Transfer

When you want to withdraw cryptocurrency to an external wallet, you’ll start by choosing “I’m sending funds to a self-custodial wallet” and entering your wallet address as usual on our platform.

 

2. Trigger AOPP Request

If your wallet is not verified yet and requires Travel Rule compliance, you’ll see a label telling you that the address is not verified. By clicking on “Verify”, the system will display a pop-up with a message telling you to verify ownership of the wallet address. By clicking on it, you will be redirected to a separate AOPP interface.

 

3. Open Your Wallet

To complete the proof, you’ll need a wallet that supports AOPP (many modern wallets have integrated AOPP).

• If you’re using a hardware wallet, make sure it’s connected and unlocked.
• If you’re using a mobile or desktop wallet, ensure it’s up to date and supports AOPP signing.
  
   

4. Receive and Approve the Signing Request

The platform sends a signing request through the AOPP protocol. Your wallet will prompt you to approve or sign this request, proving you control the address.

Tip: Look closely at what you’re signing—always confirm it’s a legitimate request from our platform.

The address confirmed through AOPP must match the address to which the funds are withdrawn. This only applies to networks that support AOPP signatures, including Ethereum.

 

5. Signature Validation

Once you’ve signed, the wallet sends the signature back to the platform (typically through a secure deep link or QR code).

• The platform checks the signature to ensure it matches the public address you provided.
• If valid, your ownership of the address is confirmed.
  
   

6. Complete the Transfer

After a successful AOPP verification, you can proceed with the withdrawal.

• Any required Travel Rule information (e.g., name, account ID) will be securely attached to the transaction if needed for regulatory purposes.
• You’ll receive a confirmation message once the transfer is en route or complete.
  
   

Therefore, the AOPP flow ensures that when you withdraw or transfer cryptocurrency, you can easily prove that you own the receiving wallet address. This helps satisfy the Travel Rule’s requirement for wallet verification and identity information sharing between regulated entities. By automating key steps, AOPP reduces the manual work for you and enhances overall security for all parties involved.

Features of verification in the Tron and Solana networks

In the Tron and Solana networks, verification of withdrawals/deposits is somewhat more complicated, as there is no automatic request for a signature, as in Ethereum. The process looks like this:

 

1. Enter the address. On the verification page, you need to insert the address of the wallet you plan to verify.

2. Sign the message manually.

Tron (via TronScan):

• Go to TronScan
• Click on Connect Wallet (mobile devices may have difficulties; in many cases, using TronLink helps).
• Select: More → Sign & Verify
• Next: V2 → Sign Message
• Paste the message from the verification portal (AOPP) and click Sign Message
• After that, we get a signature, but:

This signature is not in Base64, so you need to convert it on a third-party website.

 

Solana (via SolScan):

The process is similar, but other services are used, such as SolScan, Phantom Wallet, or Trust Wallet.

After converting the signature to Base64 format, you need to paste it into the appropriate field on the verification site and click Add Proof.

 

Please note: the platform is not responsible for failed verification attempts, as these processes depend on third-party services and wallets.

 

Not all networks have the ability to verify a Web3 wallet (for example, Polygon, Whitechain). In this case, you should specify the name of the wallet in the VASP field.

 

For each network, you need to verify the wallet again. If you received a deposit in the Polygon network, verified your wallet, and then received a deposit in Ethereum, you will have to verify it again. 

 

To confirm the deposit, you will need to provide the following information:

 

• Sender's first name
• Surname of the sender
• Name of the platform from which the funds were sent
• Country of residence of the sender.

API Updates: Travel Rule Object

For users utilizing the private API for deposits and withdrawals, a new “travel_rule” object has been introduced. This object must include the following parameters:

{

  "travelRule" : {

  "type": [individual, entity], // receiver type

  "vasp": <string>, // destination platform (VASP) name

  "name": <string>, // if individual - first_name ; if entity - entity_name

  "address": <string> // if individual - last_name ; if entity - entity_address

}

}

This structured data is essential for ensuring compliance with the Travel Rule when using API v4 deposit and withdrawal methods.

And here's an example of a full request body (for Travel Rule) raw:

1. Individual

{{

  "ticker": "BTC",

  "amount": "0.5",

  "address": "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",

  "uniqueId": "24529046",

  "travelRule": {

    "type": "individual",

    "vasp": "Binance",

    "name": "John",

    "address": "Doe"

  },

  "request": "{{request}}",

  "nonce": "{{nonce}}"

}

2. Legal entity

{

  "ticker": "BTC",

  "amount": "1.2",

  "address": "bc1qxy2kgdygjrsqtzq2n0yrf2493p83kkfjhx0wlh",

  "uniqueId": "24529047",

  "travelRule": {

    "type": "entity",

    "vasp": "Kraken",

    "name": "Acme Corp",

    "address": "123 Business Street, London, UK"

  },

  "request": "{{request}}",

  "nonce": "{{nonce}}"

}

For more details, please refer to the API documentation.

Why These Updates Are Necessary

The Travel Rule is an international standard requiring financial institutions and exchanges to collect and share certain information about the originators and beneficiaries of transactions. These updates ensure that we remain compliant with these regulations, fostering transparency and security across the crypto ecosystem.

Frequently Asked Questions (FAQs)

1. What happens if I don’t provide the required information? Without the mandatory details, your deposit or withdrawal request may be delayed or rejected until all necessary fields are completed.
2. Are these changes applied to all types of deposits and withdrawals? No, these changes are applied only to crypto deposits and withdrawals. Fiat deposits and withdrawals remain unaffected.