> Some criminals undertake what is known as “chain-hopping” — jumping between different cryptocurrencies, often in rapid succession — to lose trackers, or use particular “privacy coin” cryptocurrencies that have extra anonymity built into them, such as Monero.
Its kind of hilarious that an article in mid-2021 treats this as novel, or that it is novel to many people reading it now.
To me this is like reading about bearer bonds from a 1950s heist.
Chain-hopping is as old as crypto exchanges. It has some folly, because even if a chain analysis firm or armchair blockchain sleuths aren't inspired enough to consider or look on another chain, the records are still permanent.
Hopping over to XMR or privacy chains has been available since 2014. Even with older versions leaking some rings, the best practices from back then still mitigate that, and rotating anytime since 2017 ensures mitigation through now.
The article lacks anything coherent, providing maybe a tiny spark of inspiration for investigators and people enamored by the crypto phenomenon, but wasting everybody's time because there are other techniques fairly unique to the crypto space that are more accessible and efficient and not secret at all.
The point is that this article conflates several things and is describing some fairly outdated or inefficient obfuscation techniques of which launderers would be some of the users of.
It goes from Hydra market duffle-bags of cash hiders (lolwut), to chain-hopping and scant mention of privacy coins. It randomly talks about Wasabi wallet same-chain bitcoin mixers, and then talks about Bitcoin Fog's operator being arrested which is much much older technology. It doesn't acknowledge or provide awareness about people actually wanting the privacy coins to begin with or staying within the mixing system (or trading claims to assets in the mixing system), and just assumes people are trying to obfuscate briefly with the end goal of holding non-private coins or fiat.
I don't get the impression that they were avoiding describing useful techniques for criminals, I get the impression that they have no idea.
I get that money laundering is always linked to criminal activity, but how have we always just accepted the lack of personal privacy when it comes to finance? Privacy is a feature, not a bug; and whilst crypto may not be the way forward, I hope one day we can reach a solution that has both privacy and also safety. The language used by law enforcement is quite alarming, it suggests that they should be privy to ALL transactions made, regardless of reasonable suspicion.
It's important to realize that attribution - knowing which human got which money when - is actually very important in many contexts, particularly when a lot of money is involved. This allows for an un-do button in the case of mistakes, fraud, etc. If I'm wiring my down payment for a house for $200k, it's nice to know that if I fat-finger the receiving account I can get the money back. How would you feel paying your down-payment in cash or BTC? How about when Citi accidentally paid an extra $900M (or something like that). Normally they'd be able to get all the money back (actually in that case they couldn't, but that was a weird anomaly).
I'm all for privacy, anonymity, etc - which is one of the reasons I'm very excited about crypto - but you always have to look at things from multiple angles.
Attribution is important but you don't need the government to be able to do it without your authorization. You can very well have private unattributable transactions that you decide to disclose to the authorities only if you need and want to.
If you send your coins from wallet A to wallet B with CoinJoin, it's not possible for a third party to identify this transaction, but you can disclose the seed of wallet A and sign a transaction from wallet B thus proving ownership of both.
AFAICS none of your points addresses the problem posed by your parent commentor: someone accidentally sent a lot of money to the wrong account/wallet and wants it back, even if the receiver is uncooperative.
I'm not sure we understood the parent comment the same way but you're right, you can't get your money back if sent to someone uncooperative. However, you can call the authorities and prove that you sent funds to that person and let them recover it if possible. I only addressed the question of attribution.
In the Citi case though it could have been paid in BTC and the result would be the same. The law decided then and the law would decide in bitcoin. Yes the ability for the court to force the return(or not) would depend in some part on the party being willing to do it, but ultimately if they are going to abide by the law it would happen regardless of the medium used.
Voluntary attribution is a solved problem in cryptography, so you can stay private if everything goes well and prove you are the sender or receiver for a given transaction if you need it reversed.
Yes, but still normally this mistake would be unwound. The recipients would just send the money back, or a court would tell them to send it back, even though the money was owed. But there were a number of confounding factors - for example that the money wasn't owed by Citi - it was owed by someone else and Citi was just paying on their behalf.
> but how have we always just accepted the lack of personal privacy when it comes to finance?
We didn't. This is something that has changed in the UK in my lifetime. Unless you were the subject of an investigation you didn't have to provide much detail to the tax authorities, and what you did provide was kept strictly separate from other areas of government.
There was an attempt to strike a balance with the emphasis on privacy. Nowadays the government thinks it is entitled to all the data all the time.
The UK is a more or less a cashless society, give or take a few regional variations and laggards.
I've lived in London for 3 years and don't think I've ever used cash for anything in that time. Trains, buses, taxis, bills (don't even need snail mail for those), restaurants, shops.
Outside of London it's a little different, but it's only a matter of a a few more years.
That's not the case at all. HMRC is very proscriptive about what you can do with their data, that's if they let you near it all, even then client consent is absolutely required for each access.
There's a difference between privacy and secrecy. If I'm involving my bank, what I'm doing is already not secret. My bank knows. But normally they keep those things private, because it's generally not anybody's business.
There are occasions where society's interest in preventing crime outweighs personal privacy, and one way to look at that is that when something (like, say, ransomware) has an effect on other people, it can no longer be reasonably called private. When that happens, as long as there are reasonable checks and balances, I'm fine with banks giving out information, especially when it's organizations that generally respect the privacy of the people involved.
I think this is a valid argument. I also think a corollary argument is that it's also valid to decide not to use a bank, though, and do a lot of things purely through cryptocurrency even if you're not doing anything shady or illegal, since, as another comment says, "as long as there are reasonable checks and balances" isn't necessarily a guarantee you can always rely on: https://news.ycombinator.com/item?id=27315773
>> but how have we always just accepted the lack of personal privacy when it comes to finance?
>We didn't. This is something that has changed in the UK in my lifetime. Unless you were the subject of an investigation you didn't have to provide much detail to the tax authorities, and what you did provide was kept strictly separate from other areas of government.
>There was an attempt to strike a balance with the emphasis on privacy. Nowadays the government thinks it is entitled to all the data all the time.
People definitely have differing views on what "reasonable checks and balances" mean; here in the US we have whole movements of people with... strong opinions on the topic: https://en.wikipedia.org/wiki/Sovereign_citizen_movement
I agree it's valid not to use a bank; one could try to conduct all one's business in cash. But in practice, people doing that are often doing something criminal, so people using cryptocurrency should not be surprised that they end up being treated with the same level of scrutiny as people running around with briefcases of cash. That is to say, their attempts at secrecy may result in a practical loss of privacy.
That's true. I personally don't mind using banks and don't mind them knowing what I do with my money and perhaps the government knowing as well. But I wouldn't necessarily judge someone who doesn't want to use one.
>>When that happens, as long as there are reasonable checks and balances, I'm fine with banks giving out information, especially when it's organizations that generally respect the privacy of the people involved.
A reasonable check and balance would be the requirement for the state to get a warrant, issued by a court when probable cause is found, not 'every transaction over $10,000 is reported to the state for its warrantless mass-surveillance system'.
The $10,000 threshold was set in 1970, when factoring in inflation, it was $70,000 of today's money, and when average income was lower, making its application more seldom still.
The dragnet steadily catches more and more transactions from the twin trends of rising real incomes and inflation reducing the real value of the threshold.
Yes, different people have different ideas about what's reasonable. But if you want to make a case for a reasonable balance between your desire for secrecy versus the desire of other people to be free of crime, you'll have to talk about more than what you personally dislike.
I want to be free from the crimes of the state too, and the kind of suffocating repression [1] [2] and centralization of power [3] that highly controlled societies create.
We should oppose warrantless mass-surveillance of private financial transactions for the same reasons we oppose mass-surveillance of every one's private communications. The desire to live free from crime does not justify engaging in either.
I think most would agree, and that AML laws are only instituted due to:
1. the complexity of the subject matter obfuscating what these laws do
2. the euphemization of AML laws by the AML industry, like calling them anti-money laundering laws rather than the more descriptive 'financial surveillance laws', and
3. the stigmatization of money, as a result of the public relations efforts of the many who stand to gain from laws restricting people's ability to transact with it.
Yes and I believe it is more morally correct to have a fundamental belief that innocent people shouldn't have their rights violated to achieve some larger social goal. The ends don't justify the means, and fundamental human rights shouldn't be voidable by majority vote.
That is not all that is going on here and I suspect you know it. Rights are often in conflict. Insisting that a particular right you are personally fixated on trump all others is not a moral stance. It's narcissism dressed up in a noble cloak.
Rights are NOT often in conflict. Genuine rights are private, and do not overlap with others' equal rights.
What you are describing as a right: the ability to subject others to warrantless mass-surveillance, violates the core liberal principle of Western culture, namely the rights to privacy and the presumption of innocence.
And for good reason. There is no evidence at all that abrogating these core rights makes people safer, either from threats in general, or specifically from crime.
You can use cryptocurrency which hides all of your transactions (like zcash) and pay your taxes as a law abiding citizen. There is no conflict here. Tax systems rely on citizens reporting anyway.
> You can use cryptocurrency which hides all of your transactions (like zcash)
Nit: only if you use zcash shielded wallets(very rare & resource hungry) are your assets private. Most wallets use transparent addresses, which is kind of similar to normal ones.
Given current landscape, only monero is defacto private.
I am fairly certain that many citizens would be tempted to become creative in their transparency (or activities) if they knew they would never get caught. Such is human nature.
It relies on reporting and the right to audit, so they may end up with all of the information anyway; it's more that you are making them ask for it rather than providing it proactively.
A land tax: doesn't violate private property or privacy rights, counter-acts wealth disparity, impossible to evade, and considered the perfect tax by economists due to doing zero harm to economic efficiency.
> how have we always just accepted the lack of personal privacy when it comes to finance?
It was very easy. The American public was hoodwinked into accepting the 16th Amendment (levying an income tax) as a tax the rich scheme. And like all tax the rich schemes it was a cover to tax everyone, especially the middle class. You can't have an income tax without the government prying into everyone's finances.
No, they said the tax on capital gains was unconstitutional. An income tax itself was allowed, they only tossed out the whole law because it was obvious that the tax code they ruled unconstitutional wouldn't make sense without the capital gains tax parts.
>The language used by law enforcement is quite alarming, it suggests that they should be privy to ALL transactions made, regardless of reasonable suspicion.
Unfortunately this is exactly their position, which they have made quite clear - and it isn't limited to financial transactions. Its the same line of "reasoning" they use to decry the use of encryption. They want to eliminate the concept of privacy all together and be privy to all of your transactions, communications and behavior to ensure nobody is "breaking the law". This was the whole idea behind the Orwellian "Total Information Awareness" program that was so obviously antithetical to freedom that the government was forced to change the name (while continuing to develop the program). In my opinion its far better to live in a free society where we are legally entitled to privacy and a few bad actors get away with crimes than the alternative.
> I get that money laundering is always linked to criminal activity
Its not. Well, by definition it is but it is paradoxical. Money obfuscation is not illegal, but when the source of the money is illicit then money obfuscation is money laundering, but successful money laundering means nobody can ever distinguish between a licit or illicit source, and it is up the accuser to prove the source was illicit, which should be impossible. (Whether there are records or not, there should be no probable cause to receive or act on those records at the standard needed for a criminal investigation)
So, only unsuccessful money laundering is linked to criminal activity, and deterrence relies on stigmatizing all money obfuscation.
I don't think the public cares. And, of course, there are many news articles, like this but also about fiat, that show why 'privacy is bad, ok'; criminals will run rampant if we cannot track everything you do.
If you don't interfere with money laundering, the criminals eventually acquire enormous wealth, and with it power. They eventually acquire enough power to take over the government. At that point, you're at their mercy, and theorizing about privacy laws becomes a bit pointless.
So you are saying that before money laundering laws those criminals took over the government. It is almost like said criminals just don't want any competition now
Money laundering laws emerged after criminals started getting organized about managing their wealth. Before Prohibition and Meyer Lansky, they were all small timers.
They typically launder money via "foundations" or "charities". They acquire power by purchasing media companies. They use the media companies to control public narratives to shift the Overton window of public policies. They also use it to manipulate the truth as it suits them[1]. Their target population for controlling thought narratives are yuppies and the lower classes.
I think in the US, it's a war on drugs thing--though it could also be a Cold War thing. Just musing though, but yeah it's wild that we don't think this is a right.
It goes back further than that, at least to the prosecution of organized crime syndicates in the early part of the 20th century. Al Capone went to jail for tax evasion, after all.
Yeah for sure, famously. I think the evolution of like, KYC and the global financial surveillance system probably came about for Cold War or War on Drugs reasons though.
Data can be stored, transparent but open for legitimate purposes. I don't think it's a good idea to go to the other extreme for complete anonymity in a case like this whether the consequences result in massive criminal activities.
E.G. I trust my medical data to my doctor with some reasonable confidence they are using it responsibly.
Same thing here, I can trust my financial institutions with my data, but I want it to be open to authorities to look for criminal activity. I would ideally like that data to be placed under some legislation a la the GDPR to ensure it's used responsibly.
To be clear, I would much rather my data be sold to some advertisers than for corruption/criminal activity to exist.
An investigation that would require a warrant. My point being that all activities should not be considered criminal by default thereby available for perusal without a legally provided reason. And only then if very narrow in scope.
Money laundering is not always linked to criminal activity except in so far as money laundering it itself illegal. Many nations (and not just "third world" nations) have some pretty onerous restrictions of flow of capital. A lot of money laundering activity is simply people moving money between jurisdictions. Admittedly, sometimes (usually?) with illegal goals such as tax evasion, but not always.
Money laundering is linked to criminal activity by definition. It literally means introducing the proceeds of criminal activity into the legitimate financial system.
I think that's a good general definition. But sometimes people want to move capital unlinked to crime across borders. They then use exactly the same mechanisms money launderers use. If you have a term for that you like better, I'd be interested to hear it.
If it's not the proceeds of crime, but just money leaving because of unfavourable domestic policies, it's normally called "capital flight" rather than money laundering.
That's only true if they are trying to avoid taxation, which is also ilegal (even if you think it is justified). Moving capital from a place to another doesn't use the same mechanisms of money laundering if done legally.
That's a good example that proves my point and the reason why I said "even if think it is justified", it doesn't matter if it is a cap/tax/whatever, it only uses the same mechanisms of money laundering because it is money laundering (they are trying to hide that that money is not clean/legal, that the reason it is illegal is because it was not supossed to legally leave the origin country instead of being drug money, makes no difference to the law, but morally could be ok to some).
Just so people downvoting this have an example, India has strong restrictions on capital movement. So much so that once when I was leaving India the outgoing customs inspector had me open my wallet, noticed excess rupees, and helpfully relieved me of some of them before I got on the plane. And less colorfully, I know somebody whose parents would like to move to the US to spend more time with their kids, but they can't legally transfer enough money to buy a house near those kids.
I honestly get why some countries have capital controls; rapid shifts in capital can be truly devastating to a small economy. And criminals are some of the people most eager to move large sums of money to other legal jurisdictions. But there are definitely cases where money laundering isn't linked to what most people would consider crime.
I am fascinated by the rise of 'chain analysis' companies - that started as 'aint it fun' and became 'hey we can help the cops track ransomware' quite quickly.
The thing that fascinates me is ... we could do (very similar) analysis on "normal" bank accounts - on a much larger scale but still.
I wonder how much criminal activity would be revealed?
>we could do (very similar) analysis on "normal" bank accounts
I don't think so really, the fact that the ledger is public is really the thing that makes this is a credible model.
In the absolutely general sense of "if all banks around the world opened all their books and banking secrecy laws didn't exist, and if we somehow had the ability to trace through cash transactions" then sure, theoretically (and again not accounting for the absolutely vast difference in scale between the volume of transactions in the real world vs the blockchain), but none of that is even remotely probable.
OK, sure, in about the same sense that world government is possible: hardly anyone is asking for it and there is a tremendous level of investment in the status quo by all the people with political power.
I'd argue that the problem isn't secrecy laws but just general incompetence and unwillingness.
Sure, banking secrecy laws could be a problem for large-scale frauds totaling millions, but smaller-scale operations typically stay within the same country where the law most likely already allows this kind of tracing, but it's so unefficient that by the time it's tracked down the money is already gone for good.
You think someone who is sophisticated enough to hide money in the international banking system isn't sophisticated enough to hide it in bitcoin?
Congratulations, you tracked the transaction to a shell company and have no jurisdiction to unwind who the cash withdrawal went to? Ignoring the coin washing services referenced in the story.
Banks are required by law to do this type of tracking on their normal bank accounts and file reports of any suspicious activity they see. The fact that the transactions aren't public means there isn't a third party that can do it and one bank can't follow the chain once a transaction goes to another bank. That work has to be done in the context of a legal investigation.
And I believe banks seem to cooperate as well to the limits of what is allowed. Detecting Financial Crime (DFC) is (becoming) a big part of operations.
> we could do (very similar) analysis on "normal" bank accounts - on a much larger scale but still.
Would this be (more or less) forensic accounting applied proactively to all accounts? I know techniques similar to 'chain analysis' are applied in criminal investigations, but it's usually reactive (due to the labor involved and the need for warrants in many jurisdictions).
The major selling point of bitcoin now is that it is a way to store value that is not controlled by a single entity.
Anonymity never was a design goal (even though it helped) and transactions are now too slow and expensive to make it a viable payment network. You can still buy drugs in Bitcoin, but it is not why people invest so much into it.
I can tell one of the ways that is missing in the article.
Let's say, you have a lot of Bitcoins and your buddy is a bitcoin miner. You craft your transaction such a way that you put all your coins as transaction fee. You send your transaction only to your buddy. Your buddy picks it up and solves the puzzle afterwards. Fees will be converted to brand new coins.
Also you'd be able to see which transaction paid the large fee and what the history is.
Might go unnoticed if the original coins weren't suspicious, but if an investigator is already looking at the original transaction because they suspect it was involved in crime, this type of jump is unlikely to throw them off the trail.
It will literally be international news (in crypto circles) when a transaction like that gets mined.
People frantically contact all the mining pools to see who mined it and if they will return the funds to the sending address.
This has happened many times and they usually do return it, because people have nearly universal consensus that it was a mistake.
Kind of not a great way because it is too conspicuous.
There was one time this happened that was interesting and intended to be conspicuous:
Some hackers got access to an exchange, but the exchange had some pretty good security and would not let them withdraw large amounts, but the hackers could set the transaction fee. So they started burning all the exchange's money by distributing them to miners with this high transaction fee, to let the exchange know they were serious and needed their demands met.
Could they have coordinated with a miner and nobody would be the wiser? Sure.
it's possible to spot such transactions if they violate transaction forwarding rules (aka standardness rules) but not consensus rules. for example, a transaction greater than 100kB is not standard but still valid.
I've build a tool to detect differences between _my local_ mempool and what miners include in their block (there will always be slight differences). This is primarily intended to detect censorship, but can also detect transactions that never entered _my_ mempool.
Brilliant! I remember thinking about this problem a few years back: what stops miners of a blockchain just ignoring transactions/anything from certain entities. So it's good that there exists a way to track such behaviour, if it is occurring.
Economics. If miners consistently ignore certain transactions, there is space for new miners to enter the market and earn super-normal profit. After the next difficulty adjustment cycle, the old, censoring miners may be priced out.
Yes! Will be on umbrel eventually. Currently needs a Bitcoin Core build from the master branch. The features use should be in the upcoming release. Then Umbrel!
Yeah but wouldn’t it require some kind of fork of the BTC software (not chain) to actually include this transaction without sending it to everyone else?
Ok but is it really illegal? I doubt there’s a law on who can send who private BTC transactions? Or is it actually possible to mark this as laundering?
There's nothing illegal here. The goal of privacy is to avoid giving anyone a reason to suspect something. In the case of money laundering specifically, you want to turn money that looks extremely suspicious into money that doesn't look suspicious at all.
Little tiny 'gotchas' aren't going to save you from a determined investigator. They are trying to follow a trail of evidence so they can produce more evidence. What you need is a clean break, so that the investigator hits a dead end and has no productive leads they can follow.
What's the point? It's not hidden after block is mined. You would hide your trace if blockchain analysis tools did not account for that use-case, but that's probably a known method.
I don’t think that works at all? Your buddy would have to mine that specific block to get the reward, which is based entirely on chance. You’d also have to spend as much on the POW electricity and hardware to have a chance of getting reward anyway.
If you know you mine blocks regularly (e.g once per day or week), it's entirely doable. It's the miners who chose what transactions go into a block. In this scheme, the transaction is "secret", only one miner received it.
The transaction isn't secret after it gets mined in the block and added to everyone's main chain. The only use of this would be to conceal one's IP for the transaction broadcast but it's really not necessary anyway because the bitcoin mesh network does a repeating broadcast from all peers to all peers, of all transactions in the mempool. Just use a secure connection and only broadcast to a single peer that you can verify to be a standard "dumb client." Odds are they won't have any logging of IPs and will rebroadcast the transaction, which will propagate it to the entire network.
No, just a secret block that isn’t broadcast to everyone. 1 block a week is plenty to pull this off and that’s just 1/1,000th of the worlds mining power. Unless you get really unlucky and the block fails to enter the block chain letting someone else gets credit for the transaction.
I'm curious what it's like, so here is a small calculation. Some metrics:
- 144 blocks per day are mined on average
- the current network hashrate is 145M TH/s
- a 100 TH/s rig is about $10k.
The investment to be able to have full control of mining one block on average, without electricity, internet and storage :
- per week: you'd need 143k TH/s (145M / (144 * 7)), so about $14M of investment in just the mining rig (provided you can buy it all)
- per month: you'd need 33k TH/s, so $3M of mining rig investment.
- per year: you'd need 2.7k TH/s, so about $270k in mining rig equipment.
Of course, there are a lot of variables here (e.g hashrate is highly variable), but this gives a general idea.
All this for a "washing" method that heavily implicates the miner: the address of the new coins is still known, it's not really "clean", just an unusual transaction.
If you're really patient (and many big time criminals are), you only need to mine once every few months, maybe once a year or less. That's still hundreds of thousands of dollars of mining equipment, but well in reach for many.
Yes this is accurate in the sense that these are the basis for the modern enforcement tools in use
The state has never had a right to understanding the financial flows or private property, it found a convenience with the electronic financial system and deputized all financial intermediaries to data mine and snitch for it.
This has subsequently become conflated with a right of the state to have all of this information, as the people running it now are unfamiliar with not having these conveniences.
The market, on the other hand, is simply reverting to a mean. It has developed and chosen an electronic financial system that doesnt require financial intermediaries.
So the state is going to lose its power to criminalize transactions. If there are any actual criminal behaviors with distinctive victims, then it has to do an actual investigation and find the individual and prosecute them. It really isnt that absurd of a concept.
After learning about how expensive stolen art is exchanged as a proxy for cash from "This is a robbery" on Netflix I started to wonder if laundering is really needed with crypto. There are probably clever ways to just exchange wallet ownership instead.
Laundering is needed if you want to (enable the people you trade with to) ever spend the black-market money on white-market goods.
Without that, your trading partner ends up holding a "dirty" wallet — just as if you gave them a suitcase full of marked bills.
That wallet still holds value — all dirty money does — but it's a lot less value than cleaned money.
Databases of stolen credit card numbers sell for not-much money. It's not just because you need stuff set up to drain the cards; it's because the money you drain from the cards is dirty. The dirty money is worth only about as much as the database itself. It's when you clean it that it attains "face value."
And the idea with stolen art is that "dirty art" should theoretically always trade at roughly the same discount to "clean art," and in fact, over time, as gaps in the provenance become easier to patch up through fabrication, the discount should reduce. In that sense, "dirty art" is an investment, so the immoral of the super-rich are fine holding it forever. Also, no need to pay estate taxes if it's already an undisclosed asset on a yacht somewhere.
Yep. Anybody that is watching funds move across addresses has no idea what they are doing. They rely on assuming that the funds still have the same ultimate beneficial owner (UBO) who is trying to hide, when that couldn’t be further from the truth.
Anybody that claims they know is just trying to scam a government for a lucrative blockchain analysis contract. Just another crypto entrepreneur aiming to leak fiat out of the system, even while pretending to act like an adversary to crypto users.
The reality is that:
A) the UBO either isn't trying to hide because they can acquire the goods and services they want without laundering (other tokens, governance control of a crypto network, passive income, digital art, using the dirty funds to pump other tokens that they already own with clean money allowing them to derive entrepreneurial or trading genius benefits)
B) the UBO know they can launder whenever they feel like it or get around to it
C) the funds have already changed UBOs to people that were not involved and shouldn't be tracked, because A) and B) already happened onchain or offchain
The thing is that wallet is digital. If I hand you an USB stick with the wallet, that doesn't mean I no longer have it. The USB could be a copy of it and I could still withdraw the money. To be sure that doesn't happen the new owner would need to transfer money to another wallet. Unless there's a high trust that this won't be done.
Yes, crypto can operate in a temporarily trusted environment.
What I was describing here wasn't that, I am referring to onchain transfers in trade for goods and services. (Part C could also be hand to hand trusted transfer of a wallet/private key)
Chain analysis still assumes that its the same owner or related guilty beneficiary all the way to a centralized exchange.
The point is that crypto can operate in a temporarily trusted environment. The subsequent owner does need to rotate addresses as soon as possible. It is the blockchain analysis that can't tell the difference between the prior owner moving to another address that prior owner controls, or a different owner moving addresses.
So you're the blockchain analysis firm for the Department of Justice, and you're like "omg omg look the coins are moving! omg omg look its going to a centralized exchange account lets go subpoena the records and find out who has the KYC and identifying information behind that account."
DOJ busts down the door "aha! got you!"
If it was the person that actually hacked or did drug trafficking, then they found that person and charge them with that, wire fraud, money laundering etc.
If it was just the recipient then the investigation is still ongoing and much lesser charges are possible. The DOJ would at best case try to find out who the "kingpin" is by overcharging the second person, but the primary observation is that the DOJ has not stopped any particular activity. Either way, its still not quite what happens:
The reality is that it is many hops between unrelated people before it hits a centralized exchange that is subpoena-able at all. People.don't.need.or.want.fiat. Especially not a lot of it at any given time. Even hedge funds take in-kind investments of crypto to create a new limited partner. People don't need to cash out first and then invest that cash.
I always wondered about this but can't criminals just get some kyc info from the black market or even some homeless person and withdraw money in that person's name? Why bother with obfuscating wallets chain hopping if all that matters is to not be asociated with the name that ultimately withdraws from an exchange
They can and do. You can buy "Fullz" which are a random ID leaked from a prior massive hack or just plain old phishing, and create exchange accounts. Any new darknet marketplace merchant starts off by selling Fullz and tutorials for like $1 and to get their reputation up.
I would say the lack of major prosecutions on this is because criminals still launder the money first and don't want to frame people (or have the exchange account frozen so soon), and DA/prosecutors use their discretion to tell when its unlikely the person in question was the actual person they are looking for, for now. Some people likely are getting framed, judging from televised arbitration shows like Judge Judy where the entertainer keeps cutting off the defendant who calmly says their bank account was compromised, and awards everything to the plaintiff.
This isn't crypto specific and is for bank and brokerage accounts too. Most darknet money-isolating tutorials talk about trading stocks in a brokerage account with stolen/recreated credentials as well.
Unless an account in your name wire transferred money directly for a shipping container full of cocaine, you would never find out that someone has opened a bank/brokerage/crypto account in your name and was operating it like a normal person accumulating money and occasionally trading.
Think of it like being a victim of identity fraud but the fraudster improves your credit score by acting normally and responsibly for you. That's literally whats happening pretty often.
Going back to your question, then why bother with the other stuff?
Not everyone wants fiat. Not now, not eventually. They are able to obtain goods and services in crypto. They are able to pay developers, buy games, invest in other crypto/projects ensuring the success or perception of success of people they like, control crypto networks with voting power, create exchanges and other infrastructure. There is no "eventually buy a multimillion dollar house how do I do that inconspicuously or maybe I can buy it with crypto in the future". It's just recognizing that it is possible whenever you want, but also not a priority or a necessary addition to what people value in this world.
It's fungible enough for all the purposes that many individuals with dirty crypto or organizations with dirty crypto care about.
the reality offchain can be very different, I was trying to make clear just in case you or others that didn't catch that. but I think we're agreeing on everything.
Depends on the country. Definitely in the UK if you make a lot of large cash transactions without a good business reason, you'll get scrutiny.
This is one of the reasons that common fronts for crime are companies that would be expected to handle a lot of cash :)
Also the major advantage of cryptocurencies in crime is their international nature. It means I can sit in a country that has no extradition treaty with the places I'm doing crime, safe in the knowledge that I won't be touched, as long as I'm careful who I target.
> This is one of the reasons that common fronts for crime are companies that would be expected to handle a lot of cash :)
Or a large amount of smaller companies for which 5K in revenue a month won't look suspicious (I'm thinking of stuff like these small phone (repair) shops, and there was a massage parlor down the road that was open frequently but never saw any customers. Still managed to stay open for years. Maybe that grey Mercedes that parked out in front of it once a month had something to do with it?)
Drug dealers and such probably yes. Sending 10 mio USD ransom across the world in cash would be much harder, but is so much easier in cryptocurrencies.
But cash isn't that useful if you're holding a company to ransom on the other side of the world. And normal bank transfers are very traceable.
Banks need to report any transactions greater than $10K (or a series of smaller transactions that make up $10K). The consequences of a bank not reporting far exceed any profit they would make from it.
Traditional laundering operations are typically very expensive and subject to heavy scrutiny. Banks or other washers take a big cut. And if you're here talking banks which have been caught doing this then it isn't very secret anymore. Crypto can be laundered quickly, cheaply and safely. And in unlimited quantities.
If you have enough volume, HSBC will customize your experience by modifying teller windows to accept the hard briefcase of your choice. You won't have to worry about some random guy cutting your bag and stealing your illicit cash!
I may be biased since I am holding and mining crypto, but I find recent slew of articles talking up the evils of crypto amusing. From eco evils to national security. Crypto is the culprit and banning it will bring salvation.
Just today my superior shared WSJ opinion piece saying it should be banned altogether. I genuinely chuckled. It was ignored for so long, but only now when it may be genuinely hard to just put down, because real players joined the fray, did the offensive PR started.
That might be your bubble , because in mine, I've seen cryptocoins being attacked for as long as I've known about them.
It's not that banning it will bring salvation, it's just that it's one less evil to worry about, with no clear downsides as crypto really isn't used for anything good.
The same argument could be made for banning Tor. I disagree, though, as these technologies can be and are used for good/normal things. Not everyone is running guns, evading taxes or selling drugs. In fact, most people aren't.
They were attacked, but about two years ago it was an attack along the lines of 'Pfft, how can random mathematical equation busy work determine value?', which was a lot more reasonable. Current articles go for the emotional stuff.
It's not just a recent slew of articles - calls to ban and framing it as tools for criminals and terrorists has been repeated like a broken record for a decade now.
Analytic techniques are getting better and the cutting edge research strongly suggests that to a sufficiently sophisticated attacker, Monero is fundamentally about as private as bitcoin.
Zcash from a theoretical perspective is a lot stronger, but I believe from a practical perspective (due to things like weaknesses in the mempool privacy) is also not very private.
I read through this entire gist, and I was not able to find a single section categorically proving that Monero is unsafe. It makes big claims such as "Monero has been broken." and "Monero is substantially unsafe and incapable of providing anonymity [...]", but then at the end the very same paper says the following:
"Monero is the best-in-class anonymous cryptocurrency in production today."
What the hell is it trying to say then?
From what I've been able to gather from this gist, its argument that Monero is "unsafe" hinges on the extra sentence: "under the formal threat model proposed and analyzed in this paper". Curiously, section 8, "Analysis Under Full Threat Model", is completely blank. And it also curiously never properly defines the "full threat model"
From what I gather however, its main argument is that 10 decoys (in RingCT) is too few and there could be probabilistic attacks and the some of the decoys could be malicious actors. The Monero developers already know this however, and are working on Triptych and Arcturus [1] to fix this. Note that this doesn't mean that Monero is 0% safe (as the gist likes to pretend by writing stuff like "Monero has been broken"), but it rather means that Monero is 80-90% safe rather than 100% safe. And if you're that worried, the Monero wallet offers the option for churning [2]
Lastly, the gist is more than 3 years old now, without a single update to it. Does the author not know that in 3 years there could be lots of upgrades and fixes to Monero? The fact that the largest Dark Net Market is now using Monero only surely should be an indication that Monero is doing something right?
> "Monero is the best-in-class anonymous cryptocurrency in production today."
>
> What the hell is it trying to say then?
It's trying to say everything else is broken too. I think Zcash is now best is class though.
> Note that this doesn't mean that Monero is 0% safe (as the gist likes to pretend by writing stuff like "Monero has been broken"), but it rather means that Monero is 80-90% safe rather than 100% safe.
No, the main point of the gist is that the analytic attacks are able to entirely break any user whose wallet functions as a stream wallet, which in practice is nearly everyone. To fall outside of the "stream wallet" definition provided in the gist, you have to run a custom wallet (not the main Monero code), and the implementation of that wallet has to be highly user hostile.
The attack doesn't target weaknesses in the monero implementation, it targets weaknesses in the monero architecture. Any decoy system has the exact same issues. If Monero is still on a 10 decoy system (even if it were on a 100,000 decoy system), all the attacks in the gist apply.
> It's trying to say everything else is broken too.
> I think Zcash is now best is class though.
I fundamentally disagree. Zcash is sponsored and funded by so many government agencies which raises a stupid amount of red flags. It's sponsored by US DARPA, Israeli Digital ministries, Amazon, etc. [1] It's absolutely ridiculous that a coin with so many links to bad institutions could ever be considered trustworthy.
Furthermore, its lead developer was caught with his pants down when he went on a ramble about how they could install backdoors for government agencies to track criminal transactions, while also making it secure and anonymous for normal people. The fact that the project didn't completely collapse that moment still blows my mind. [2][3]
> No, the main point of the gist is that the analytic attacks are able to entirely break any user whose wallet functions as a stream wallet, which in practice is nearly everyone.
>The attack doesn't target weaknesses in the monero implementation, it targets weaknesses in the monero architecture. Any decoy system has the exact same issues.
I've read through the gist you linked again, and I think I now understand what the threat model being analysed is.
He makes the following assumptions:
* >The anonymous stream wallet model assumes a single adversary that has global visibility of all payment streams on the network.
* >This global adversary is assumed to be performing an ongoing Sybil attack on the network.
* >the global adversary is assumed to have access to unknown side-channels that help to de-anonymize the user. [...] examples could include more exotic techniques known only to the adversary.
First of all, these are incredibly optimistic assumptions. Sybil attack, maybe. But, a government (adversary) having "unknown" side-channel attacks to de-anonymise users? Really? I mean, if I'm able to make such an easy assumption that a government has unknown side-channel attacks without having anything to back up my assumption with, then I could write a paper on pretty much any technology and accuse them of being "insecure" and "broken". But you know as well as I do that such assumptions are bonkers.
The gist then goes on to say:
"Though a global adversary may seem like a strong assumption, techniques such as the flashlight attack, dragnet surveillance, government mandated KYC, and the general nature of corporate information sharing and data selling today suggest that a single party could potentially gain a substantial and surprising amount of knowledge about any particular identity on the internet"
Which doesn't make 100% sense. Sure, such techniques would work if we were talking about Bitcoin where addresses are fixed and the blockchain is completely transparent. But this is Monero. If a government uses KYC to link a real life identity to a Monero address, a user can simply generate a new wallet and send the transaction from the KYC'd address to a blank wallet. The sender wallet is hidden with decoys, and most importantly (!!!), the receiving wallet is 100% hidden thanks to stealth addresses. No need to worry about decoys. So, how on earth would a government use their vast databases to get around this?
If this gist was so well written, why wasn't it submitted for peer review, and why hasn't it received an edit in 3 years?
---
Fundamentally, Monero is objectively safer due to how it's not in bed with so many government agencies, and how the developer team is decentralised and anonymous. Theoretical attacks and GitHub gists from 3 years ago saying how someone could do this or that don't mean anything when the only other alternatives are literally sponsored by Israeli ministries. Furthermore, the IRS $625k bounty for breaking Monero is still open, and the largest dark market curently uses Monero only. I believe that these 2 things speak volumes more than a gist from 3 years ago.
> “They’re basically a trustless version of a mixer and it’s all done within software,” said Robinson, noting that an open-source project called Wasabi Wallet was the dominant player in the space.
Funny because Wasabi requires a lot of manual coin control to preserve anonymity. Samourai Wallet automates most of these and offers obfuscating tools.
Every dollar bill in your wallet has trace amounts of cocaine on it. They probably spent some time tucked in some dancers g-string too. All money is "dirty". It's just a question of how many times it needs to trade hands before we collectively agree to treat it as "clean" again.
Neither of the things you’ve described make money dirty. Just because a dollar bill comes into contact with cocaine (often in cash sorting machines in banks), it doesn’t mean that it is the proceeds of crime.
I think his point is that a sizable portion of physical cash is involved with crime, that's one of the benefits of using cash so it only stands to reason- Yet everybody still uses cash regardless. Though I'm sure this same argument will be used in the future to justify a transition to a cashless society where all transactions are traced
The easiest way to totally anonymize crypto is to use hash marketplaces (i.e. Nicehash). Hash marketplaces let you anonymously buy hash power via BTC, which you can then direct to any crtpyo coin pool to get mint crypto coins.
The only people that would buy dirty crypto are people with dirty cash. Even then, it would be a profoundly stupid transaction from a cash flow or security perspective. Those cryptos have basically zero value, and you just made yourself traceable in an area of technology you probably know nothing about, except some blurb on the Internet about how secure it is. If you’re going into business in ransomware or money laundering, and you’re calculating profits by the exchange rate on Coinbase, you are a moron, and you’re about to get wrecked.
I think Bitstamp exchange offered a payout in gold bars for some time (there's no taxation on acquired gold in some countries).
The exchanges are definitely in on it. From trading bots, to price volatility. Pretty sure there's inside trading being done on most successful exchanges.
Nothing better than knowing the behavior of a bunch of traders and figuring out the best massive bot trading strategies.
Could you wash bitcoin by colluding with miners? You create a big transaction with a high fee, but don't propagate it. You give the transaction only to the miner you colluded with. The miner gets the transaction fee which is seen as legit. They can now give you the good bitcoins and keep some of it for themselves.
The XMR to sXMR bridge is live and applauded by both the Monero community and Secret Network community
Secret Network also has an AMM called SecretSwap for exchange to any other asset
All smart contract execution on the secret network is private, as in the variables and current state is not stored on chain for perusal, all assets are smart contracts
It is more so that the Secret Network is able to basically shard a Monero multi-signature address across the SGX chips that the validators are required to have, and from consensus mint or burn sXMR when XMR is deposited or withdrawn
Do explain, because I don't believe you actually know how banks work. Banks will flag up dubious transactions - uncommon large ones, frequent smaller ones, a sudden stop or start in transactions, etc. They've got big fraud (and money laundering) prevention teams on there, currently using machine learning to detect suspicious activity.
I mean there's bound to be laundering going on via banks, but it's risky.
Heard about one guy that tried to get his Bitcoin winnings onto his regular account, his bank wouldn't accept it because they couldn't verify its source. Of course, he managed to open up an account at another bank who accepted it without question, and transferring it to his main account from that bank was also done without question, so it's not exactly consistent.
>Heard about one guy that tried to get his Bitcoin winnings onto his regular account, his bank wouldn't accept it because they couldn't verify its source. Of course, he managed to open up an account at another bank who accepted it without question, and transferring it to his main account from that bank was also done without question, so it's not exactly consistent.
You nailed it here without noticing it: you just use the right bank(s) in the right countries, and then just shuffle and move money around.
I'm pretty sure there are organizations dedicated to set up these operations.
If he couldn't show the trace then no bank should've let him really: were I live, you have to show where fiat->crypto accused and how you got that fiat. Then you have to show how the crypto became worth more (that can just be a wallet address IN and wallet address OUT between the times it went from the fiat amount you started with until the time it became what you are trying to transfer to the bank). But that's all; few screenshots, even for large amounts. I guess if you are trying to send over more than a million, you might want to get some people to help you anyway. Also; always call your bank upfront to explain what will happen; that can prevent a freeze or reject if you got in ahead.
Many others have noted HSBC which actually created special cash delivery booths in Mexico but earlier this year Australian banks were caught laundering nearly $500million in illegal proceeds for Latin American cartels.
The biggest tax haven on earth is the United States, but they only serve you if you 1) are not american 2) are not citizen of the few countries they have tax treaties with.
Its kind of hilarious that an article in mid-2021 treats this as novel, or that it is novel to many people reading it now.
To me this is like reading about bearer bonds from a 1950s heist.
Chain-hopping is as old as crypto exchanges. It has some folly, because even if a chain analysis firm or armchair blockchain sleuths aren't inspired enough to consider or look on another chain, the records are still permanent.
Hopping over to XMR or privacy chains has been available since 2014. Even with older versions leaking some rings, the best practices from back then still mitigate that, and rotating anytime since 2017 ensures mitigation through now.
The article lacks anything coherent, providing maybe a tiny spark of inspiration for investigators and people enamored by the crypto phenomenon, but wasting everybody's time because there are other techniques fairly unique to the crypto space that are more accessible and efficient and not secret at all.