using their username or e-mail is recommended (it is never revealed by this scheme)

However, in the case that a user needs to prove to others that their balance doesn't match, they do need to reveal their identifier, correct? In that case, it would not be ideal for them to reveal their email. Even a username is likely pretty identifying (and often might be tied somewhere publically to an email). I'd recommend hashing the underlying identifier so that obfuscated identifier can be revealed in such a situation, rather than the real ID.

It's already hashed AFAIK.