Hacker News new | past | comments | ask | show | jobs | submit login
Bitcoin faces regulatory crackdown, Bank of England warns (theguardian.com)
60 points by oldcynic on Mar 2, 2018 | hide | past | web | favorite | 61 comments



The quotes in the article mention anonymity as one of the problems, but all Bitcoin transactions are public. Is it really that difficult to tie people to these transactions?


This is the UK government we’re talking about, the same government with representatives who think “real people don’t need end-to-end encryption” and that “we should get people who understand the necessary hashtags [sic]” to implement back doors.

So more likely than not, the people calling for regulations on bitcoin have little to no understanding of its basic properties.


>So more likely than not, the people calling for regulations on bitcoin have little to no understanding of its basic properties.

How many on HN would gladly jump at the opportunity to "understand the necessary hashtags", and write the software with skinner box like interfaces for our glorious institutions that we owe our mind and body to in order to protect us from ourselves?

Excluding those of you who already work on these profitable boondoggles of course… ;)


> but all Bitcoin transactions are public. Is it really that difficult to tie people to these transactions?

I think it is. From my limited understanding of cryptocurrency wallets and transaction, I believe the distributed ledger is public, so anyone (incl. Govt.) can see which wallet address has how much coins / funds in it. But you can't see which physical human or institution owns that wallet / address.

That's how it's widely known that just about 1,650 wallets hold a majority of the world's bitcoins. These are wallets with > 1000 bitcoins. They are called 'Whales'. But it's almost impossible to tie a Whale account to, say, Richard Branson or Ross Ulbricht.

If you take Paypal payments as example, this is similar to everyone knowing your email address for paypal, but only paypal knowing that the email address is tied to you.


>I believe the distributed ledger is public, so anyone (incl. Govt.) can see which wallet address has how much coins / funds in it.

Not only is the wallet address public you can see entire transaction history of each address. Keeping a Bitcoin address separate from your true name is exceedingly difficult.

1. When you trade Bitcoins into fiat money with an exchange you reveal your true name.

2. When you purchase something with Bitcoin you reveal the mapping between your Bitcoin address and your mailing address.

3. Unless you are using TOR when you announce a transaction on the network you reveal the mapping from IP address to Bitcoin address.

4. When someone sends you Bitcoins they can track how those Bitcoins and spent and what Bitcoin addresses they are moved to.

5. Companies have large databases of known identity to Bitcoin address mappings allowing process of elimination or guilt by association privacy attacks.

"Bitcoin offers privacy—as long as you don't cash out or spend it" - PC World

Disclaimer: I do Bitcoin privacy research.


Thanks for the detailed reply.

Had a follow up question on some things.

> 1. When you trade Bitcoins into fiat money with an exchange you reveal your true name.

I get that. But how are the hackers who stole / continue to steal from exchanges like in the Mt Gox hack -- and more recently, the CoinCheck[1] -- hack, able to get away with it? See CoinCheck link and quote below. Important takeaway is

> Coincheck has identified and published 11 addresses where all 523 million of the stolen coins ended up. You can see for yourself online. Trouble is, no one knows who owns the accounts

From what I understand, in both cases, hackers hacked into the Exchange, stole the Private Keys to the "Hot Wallets" holding large amounts of the coin (bitcoin, NEM etc) and then transfered the coins into their own "Wallet" which isn't tied to any exchange. So as far as bitcoin or NEM is concerned, this transfer was/is a legitimate ledger transaction as the private key from sender was used to deposit the coins into receiver (hackers' ) wallet.

Not trolling, really would like to know the following

1) How are exchange hackers able to remain anonymous and not get caught.

2) How do they move the coins they stole and cash out on FIAT?

Obviously (or maybe not) these hackers wouldn't be buying stuff and shipping to their home address, so #2 above is moot.

3) Is it possible (wearing my conspiracy theorist hat here) that these exchange CEOs / Founders perpetrate the hack themselves, so they can declare a loss, and then take possession of the coins and use the anonymity to cash out at a later date?

[1] How to Steal $500 Million in Cryptocurrency http://fortune.com/2018/01/31/coincheck-hack-how/

> 2. Where did the stolen coins go?

> That’s one of the stranger aspects of these heists. Because transactions for Bitcoin and the like are all public, it’s easy to see where the NEM coins are — even though they’re stolen. Coincheck has identified and published 11 addresses where all 523 million of the stolen coins ended up. You can see for yourself online. Trouble is, no one knows who owns the accounts.


>I get that. But how are the hackers who stole / continue to steal from exchanges like in the Mt Gox hack -- and more recently, the CoinCheck[1] -- hack, able to get away with it? See CoinCheck link and quote below. Important takeaway is

It is a good question and I don't have an answer as I don't know many of the details of the Mt. Gox hack. Many details on these hacks are not public. There have been arrests in Mt. Gox BTW.

My favorite quote on this subject is:

1. One possible answer is that the attackers just sit on the coins and don't attempt cash them out see "Bitcoin offers privacy — as long as you don't cash out or spend it".

2. Another possibility is the thieves either live or cashed out in jurisdictions which won't cooperate with investigations.

3. Or as your article states the thieves could attempt to move the coins through privacy coins such as zCash or Monero to hide the final destinations of the coins. However that is a fairly risky proposition, if they make a mistake they are cooked and there are so many mistakes they could make. I don't believe either zCash or Monero offer network level privacy other than TOR and TOR is problematic as it was not designed for cryptocurrencies. Monero is planning I2P support [0].

Then again it could be the case that law enforcement organizations investigating some of these cases don't have the expertise to understand the highly technical evidence they have.

[0]: https://github.com/monero-project/kovri


Thank you!


a lot of people think governments are doing these hacks. perhaps they haven't cashed out yet?


All of this holds up until you remember that Bitcoin is fungible and take these items into consideration:

1. There is no logical relationship between address A that spends to address B. 2. A could be part of the same wallet as B, or not. 3. A or B could be undisclosed addresses of merchants, or unrelated parties entirely. You may have to ask, and they may choose to tell you.

Defeating your inferences is trivial. A blockchain analysis may reveal that A sent to B, who sent to C, but there is no logical relationship between A and C based on this transmission alone. Moreover, A can send to B, B' sends to C. You derive no information.


you could get around #1 by using localbitcoins.com, or other private exchange. Though i'm sure the feds are all over it, and I generally view such transactions as a honeypot


Yes, very. Anyone can create a thousand valid bitcoin addresses a second, and then send coins between them. There's no way of knowing who created the address. Technically, you can even send coins to a random address with the correct checksum, thus losing these coins forever. That address will not have an owner.


while this is true, there are plenty of ways to de-anonymize transactions. you'd have to take extra measures to stay anonymous. meaning, can't rely purely on bitcoin protocol

https://decentralize.today/a-new-attack-vector-to-deanonymiz...

https://www.coursera.org/learn/cryptocurrency/lecture/qnS76/...


This describes methods to de-anonymize transactions passed through fiat interfaces that comply with AML/KYC. Play stupid games, win stupid prizes.


The headline says "Bitcoin", the speech which included the anonymity claim said "cryptocurrencies".


Once an address has been doxxed, you've got a lead on any address used in a common transaction. It doesn't conclusively unmask these other addresses, so whether this counts as “really that difficult” depends on your investigative powers and your definition of “difficult”.

Because of KYC[1] and AML[2], an address belonging to an exchange wallet should probably be considered doxxed. An authority can say “Hey Coinbase, I see you sent coin from address A on this date. Show me what account that came from.”

CoinJoin[3] was intended to solve this problem, but apparently doesn't[6]. I was going to say that a decentralized cross-chain trading scheme[4][5] to launder through an anonymous currency such as Monero or ZCash might provide anonymity, but it looks like there's enough information to correlate the transactions across chains. (Even if there weren't, cross-chain trading might practically have one of the same issues as CoinJoin: that the transaction volume is just too low to provide anonymity.)

There's other cryptocurrencies designed to provide anonymity[8]. The Lighting Network[10] might add this to Bitcoin[11]; I don't know if that's still one of their goals.

EDIT: I somehow missed EthanHeilman's comment, above, when I wrote this. He says pretty much everything I said about why it's hard to keep Bitcoin activity private, more clearly. I included more links, though :-)

[1] "Know Your Customer", https://en.wikipedia.org/wiki/Know_your_customer

[2] "Anti Money-Laundering", https://en.wikipedia.org/wiki/Money_laundering#Anti-money-la...

[3] "CoinJoin", https://en.wikipedia.org/wiki/CoinJoin

[4] "Atomic cross-chain trading", https://en.bitcoin.it/wiki/Atomic_cross-chain_trading

[5] "First Ever Cross Chain Atomic Swap Between Bitcoin and Litecoin a Success", http://bitcoinist.com/first-ever-cross-chain-atomic-swap-bet...

[6] S. Goldfeder et al, "When the cookie meets the blockchain: Privacy risks of web payments via cryptocurrencies" (2017) https://arxiv.org/pdf/1708.04748.pdf.

[7] "Bitcoin Transactions Aren’t as Anonymous as Everyone Hoped ", Technology Review Aug, 2013, https://www.technologyreview.com/s/608716/bitcoin-transactio... summarizes [6].

[8] "Keybase chooses Zcash" https://keybase.io/blog/keybase-and-zcash has a fun example of address linkage.

[9] Sudhir Khatwani, "9 Anonymous Cryptocurrencies You Should Know About", 2/02/18. https://coinsutra.com/anonymous-cryptocurrencies/

[10] Lightning Network, https://lightning.network.

[11] Aaron van Wirdum, "How the Lightning Network Layers Privacy on Top of Bitcoin", Bitcoin Magazine, Dec 19 2016. https://bitcoinmagazine.com/articles/how-the-lightning-netwo...


If I remember correctly the founder of TenX said in a video that 40% of all Fiat <-> Crypto money goes through Coinbase alone...which ties (a lot of) future transactions to a passport verified person.


Even that doesn't really tell you who the real owner of the coins is. What if you bought bitcoins for your friend and withdrew to his address? Or you got hacked, or blackmailed, or ransomwared.


Not if you also have a local wallet and transact with non centralized entities (ie other people) often.

Local wallets cycle addresses often.


Title should be "cracking down on Bitcoin exchanges", I don't think they can crack down on Bitcoin proper.


That would be difficult indeed, but you could certainly crack down on exchanges, payment processors, miners and generally every company dealing with crypto currencies, including banks. That would greatly cripple their usability.


I also think you could move most of that to a Tor onion service.


Exchanges are Bitcoin's weakest link.


Distributed exchanges have no weakness.


There are no distributed exchanges for exchanging cryptocurrency to/from fiat. (Unless you use localbitcoins, but that has other issues like being mugged for all your money).


Bisq does it.


bisq is closer to localbitcoins than it is to gdax. there's no central orderbook, and orders aren't executed in real time.


localbitcoins is a legit solution, I'm pretty sure we could resolve the issues around it. Mugging is an easy one, meet in public.

A Tor based exchange is not distributed, but I think the way to go.


> Mugging is an easy one, meet in public.

That doesn't quite solve the problem. Who is holding the cash when the "send" button is pressed? If it's the bitcoin seller, then he can run away instead of hitting "send". And if it's the buyer, then he can run away the moment it's pressed. Sure, you may shout "stop the thief", but they're experienced in making a quick get-away...


Reputation is currently how local bitcoins handles this. And also, the exchange could take drivers license info/do other verifications for e.g. what is currently done by coinbase.


Is there such a thing 'escrow as a service' in face to face transactions?


Although I don't think it's official, I know some police departments encourage community members to do Craigslist-type sales in their parking lots. It's not escrow, but I think you'd have to be very bold to steal something in view of police surveillance.


Localethereum provides escrow as a service, but for trading ether. I've had good success with them so far, but I haven't had a transaction yet that's had to go to dispute resolution.


Yes. Localbitcoins does escrow.


I can't believe this. Develop a worldwide distributed network. List fast and cheap international transfers as a major selling point. Say that the most effective way of entering or leaving this network requires physically meeting somebody and exchanging cash.

How is this not seen as an outrageous problem?


> Say that the most effective way of entering or leaving this network requires physically meeting somebody and exchanging cash.

Missed the part where I said that, perhaps you could point it out?

We are discussing a world where bitcoins are illegal, obviously the solution will be a bit sketchy.


We don't need paper to trade.

I get paid in Bitcoin Cash and same with my employees.

Buy and sell goods for BCH. Why is there a need to convert to these papers, metals (, and cotton, etc)?

Don't see why I should pay above a 1c fee to send money from point A to point B.

Also do not understand why I must drive to an ATM where usually homeless people sleep.


Also do not understand why I must drive to an ATM where usually homeless people sleep.

Is this some kind of anonymous performance art? I have trouble believing that people like this really exist in a form that knows how to turn their computer on.


?


Why do you have to physically meet to exchange cash? Parties that trust each other can trade BTC for SWIFT or SEPA payment.


localbitcoins is an absurd solution. It takes a lot of time to coordinate and execute a meet and exchange, it's also risky, and worst of all it's ridiculously expensive in both directions. Localbitoins is only a legit solution in the "I have to pay a ransom ASAP and can't wait for KYC confirmation" scenario.


I wouldn't expect it take longer than 30 minutes, risk is largely removed by meeting in public.

If it were as bad as you say, people would not be using it.


> I wouldn't expect it take longer than 30 minutes

It doesn't matter what you expect, you cannot possibly predict the specific circumstances from region to region that could require someone to spend any length of time working on arrangements or traveling. What if you live outside of a city and have to spend 30 minutes driving alone?

> risk is largely removed by meeting in public

Demonstrably untrue. Meeting in public is obviously the absolute minimum precaution necessary when performing any kind of physical exchange, coming armed is even better, but that still doesn't stop people from being mugged in broad daylight. Even if we accept the "largely removed" risk of getting mugged, the reality is that most technologies pose 0 risk of mugging in practical use. There are also many other security risks, especially if you make a large transaction (e.g. you could be followed back to your home).

> If it were as bad as you say, people would not be using it.

Well, most people don't use it, otherwise the prices wouldn't be so high relative to online exchanges. LBC seriously sucks.


> you cannot possibly predict ... specific circumstances

Predictions don't have to account for every edge case, my point is in the majority of cases the transaction should not take long. Longer drive times is the cost for living outside of the city, but I don't see why you couldn't just do the transaction when you do another trip(e.g. commuting).

> Demonstrably untrue. ... most technologies pose 0 risk of mugging in practical use

Escrow would be useful in this case. What technology has 0 risk for mugging? AFAIK you can force someone to perform some transaction at gun point. Followed back to your home is resolved by being aware of people following you, and frankly if you're transacting large sums of money, the types of attacks that are worth doing is immense.

> Well, most people don't use it,

Unimportant, it clearly has a userbase. Prices correspond with risk, doesn't seem unfair, and users are willing to pay for it.


Yes, distributed drug dealing networks have no problems with the law, and competition is never an issue.


Without well-known exchanges, it would be a lot harder to cash in your chips. Particularly for large amounts.


Bitcoin can only be slowed down not stopped other centralized cryptos like Ripple can be shut down.


Bitcoin's real trouble is with transaction time and cost. Those are the troubles that will bring it down way faster than any regulation. Once that's fixed, there is no stopping it since there are countries where Bitcoin is welcome. Example: Japan is one of those countries. The exchange rate between fiat currencies and bitcoin will definitely bounce around but 100 years from now someone will be using Bitcoin to make a transaction.


Some remarks:

First of all, cryptocurrencies are a new paradigm and a threat to bans so asking Bank of England is like asking taxi drivers their opinion about Uber.

Secondly, regulation means that they are accepted as legal tender, asset or money officially.

Lastly, any country that will try to outright crackdown and ban them is at a very great risk of economic exclusion and being left behind.


At current market cap of almost 200b for bitcoin based on https://www.coingecko.com/en

It seems that the market is ignorant against news like this. As we have seen after what some countries had attempted to ban

People will see value in this and try to acquire it. Making it harder to buy may very well put bitcoin a higher price or activity goes underground. Everyone loses


Good to see somebody's done the "this is good for Bitcoin" post without intended irony...

There's a tenable argument the UK simply isn't a big enough influence on BTC prices to make much difference and the regulation probably won't go very far, but arguing that making Bitcoins more difficult to acquire, spend or turn into something spendable is going to drive demand for it is just silly.


I suspect that the AML and KYC regulations will start to be enforced for bitcoin in the UK at some point. Bear in mind that London is one of the biggest financial centres in the world; if they can't trade it due to AML laws, then we'll really see if they have an influence

Serious jail time if a business is caught in any of the stages of the money laundering process.


I will be buying the dip. Be greedy when others are cautious.


Be greedy when others are cautious.

Youth really is wasted on the young.


It's a paraphrase of Buffet's quote 'Be Fearful When Others Are Greedy and Greedy When Others Are Fearful'

Not so young.


This.

I started salivating at the thought of hopefully grabbing BTC, BCH, and ETH at a discount like we did recently


Stories like this are offset by positive news in other regions. For example:

- Germany just excluded small purchases with cryptocurrency from capital gains.

- The heads of the CFTC and SEC recently testified to Congress, both with a very positive view on cryptocurrency (though the SEC intends to crack down on ICOs).

- People worried about a shutdown in South Korea but instead they're just moving to better-regulated exchanges.

- Japan has officially recognized cryptocurrencies as valid payment methods.

- Switzerland just released official guidelines for ICOs.


More direct quotes and more information on Bloomberg: https://uk.investing.com/news/cryptocurrency-news/boes-carne...


If you close the door after the horse, other speculators will see the value of that horse's freedom.

This is a positive feedback loop.

Pyrrhic victory for law, but the banks get their protections codified in law.


This is good for Bitcoin.

(such thin skin from the Bitcoin True Believers)


Well it's a good thing Bitcoin DNGAF what the state thinks because all Bitcoin actually is, is math and code




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: