Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
I’ve noticed during my research on this little side project that some hackers are somehow able to get away with the heist or exploit anonymously. Even though blockchains like Bitcoin and Ethereum are built to be completely transparent and traceable using a user’s public address, hackers have found ways to get around that. Even as early as the DAO hack and subsequent Ethereum Classic fork, the hacker who committed that exploit got away by converting their ETC coins into bitcoins, where they in theory used a “mixer” to make the stolen funds untraceable.
A mixer, (also known as a tumbler) accepts deposits from different users, mixes all the cryptocurrencies together to obscure the transaction history, and sends them back out to different addresses in different amounts than what was deposited. Now, if you stole some crypto in an exploit, it’s harder to tell after running crypto through a mixer which coins were stolen and which were legitimate. They were pooled together, obfuscated, and then given back to users at different addresses they control, making difficult to track down.
One of the original allures of using bitcoin for transactions was that you would remain anonymous, but that’s not the case. In the book American Kingpin, the author tells the riveting story of how Ross Ulbricht, the creator of the Silk Road online black market, was eventually caught by the FBI in 2013 using the traceability of the blockchain.
In fact, it happened again recently when US authorities apprehended the creator of bitcoin-mixing service “Bitcoin Fog.” They analyzed up to 10 years (🤯) of data on the blockchain in order to identify him and find enough evidence to convict him.
For approximately a decade, Bitcoin Fog has enabled users to conceal the origin and destination of its users’ crypto assets. However, the Internal Revenue Service is charging Russian-Swedish citizen, Roman Sterlingov, with laundering more than 1.2 million Bitcoin worth $336 million while serving as the website’s administrator.
. . . . .
Authorities estimate at least 23% of the Bitcoin that flowed through the mixing service was transferred to darknet-based narcotics marketplaces such as Silk Road.
This proves that even though law enforcement may not always be able to find the culprit post-mixing, they can always track criminal addresses that send compromising crypto into the mixer:
Authorities have issued a chilling warning to other users of illegal blockchain services: Anything you do today may come back to haunt you as “this activity is on this ledger forever” and ever-more sophisticated analytics technology can track down crimes committed years earlier.
. . . . .
“This is yet another example of how investigators with the right tools can leverage the transparency of cryptocurrency to follow the flow of illicit funds,” said Jonathan Levin, co-founder of blockchain forensics firm, Chainalysis.
Computer scientist, Sarah Meiklejohn, stated:
“With blockchain analytics, the thing we say over and over is that all this activity is on this ledger forever, and if you did something bad 10 years ago you can be caught and arrested for it today.”
Another arrest which happened in 2020 involved the arrest of Larry Harmon, an Ohio resident and the creator of another dark-net mixer called Helix. Harmon was arrested for “conspiracy to commit money laundering, operating an unlicensed money transmitter business and money transmission without a license.”
In August 2021, Harmon plead guilty to the money laundering charge brought against him and is cooperating with law enforcement. As part of the plea deal, he had to forfeit over 4,400 bitcoin, or around $265M in assets. Ouch.
I know what you’re thinking: is running a mixer, or running your crypto through a mixer for extra privacy, illegal?
The answer I’ve found is:
No, unless you are knowingly money laundering. But most are probably operating without a license and breaking regulations anyway.
Mixers are technically under the jurisdiction of the Financial Crimes Enforcement Network (FinCEN), the enforcement arm of the U.S. Department of Treasury, because they are considered to be a “money transmitter.” This means they not only need to register as a money transmitter with FinCEN, but also are subject to anti-money laundering (AML), Bank Secrecy Act, know your customer (KYC), and combating the financing of terrorism (CFT) regulations. If a mixer complies with all these regulations, then there won’t be anything to worry about. But let’s be honest: most of them probably don’t.
Legitimate users like the fact they are able to shield their transaction history from the prying eyes of the government, and in reality most mixer users use it for this reason. But a significant portion of the funds sent into mixers are illicit:
Our data reveals that exchanges, other mixers, and scams are the most common identifiable typologies that send funds to mixers. The scams figure is most interesting of the three. 13.3% may not sound like much, but it dwarfs the percentage of scam funds going to other typologies. In fact, if you add up funds sent from scams, stolen funds, and darknet markets, we see that 22% of funds entering mixers come from illicit activity, compared to just 1% of funds entering exchanges.
From the perspective of a mixer operator, they are just providing a service and not responsible for the actions of their users. The “we’re a platform” defense. But what if these operators mix a users crypto with full knowledge of their illicit activity? That’s where mixers can get into serious trouble, like in the Bitcoin Fog case. An IRS agent purportedly stated to an administrator on Fog that he wanted to launder funds he received from selling ecstasy, and the admin processed his transaction without a response. And in the Helix case:
Helix was linked to and associated with “Grams,” a darknet search engine also run by Harmon, and moved over 350,000 bitcoin — valued at over $300 million at the time of the transactions — on behalf of customers, with most of that volume coming from darknet markets. Harmon explicitly advertised Helix to customers on darknet marketplaces as a way to conceal transactions from law enforcement.
Doesn’t seem to me like Harmon respected US authorities.
Law enforcement has come down hard on some the big players in space who dealt with online black markets and seemingly dared them to take action. But will they take action against all of them?
In the indictment against Harmon, the Department of Justice representatives stated:
“Helix allegedly laundered hundreds of millions of dollars of illicit narcotics proceeds and other criminal profits for Darknet users around the globe,” said Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division. “This indictment underscores that seeking to obscure virtual currency transactions in this way is a crime, and that the Department can and will ensure that such crime doesn’t pay.”
“For those who seek to use Darknet-based cryptocurrency tumblers, these charges should serve as a reminder that law enforcement, through its partnerships and collaboration, will uncover illegal activity and charge those responsible for unlawful acts,” said U.S. Attorney Timothy J. Shea of the District of Columbia.
On the one hand, it sounds like “seeking to obscure virtual currency transactions in this way is a crime” tells you all you need to know. On the other hand, it sounds like they are more concerned with catching illegal activity and those who “use Darknet-based cryptocurrency tumblers” and not concerned with law-abiding users who want extra privacy. At least for now.
Either way, FinCEN is looking to up their game:
FinCEN is currently seeking comment on additional proposed regulations that will affect the cryptocurrency market, particularly its privacy level. If passed into law, KYC regulations and reporting obligations of transactions that exceed $10,000 will be significantly expanded. Unlike traditional reporting by financial institutions, this transactional reporting will allow law enforcement to watch and trace, in real time, the flow of those crypto funds on public blockchain ledgers (and to trace a user’s complete prior transaction history, irrespective of the size of those prior transactions).
And more KYC regulation for crypto exchanges is coming soon too:
Final rules for banks and money service businesses such as crypto exchanges to collect, retain, and report customers’ domestic and international Bitcoin and other crypto transactions will be completed by September, according to a regulatory agenda released Friday.
Treasury’s Financial Crimes Enforcement Network proposed the rules jointly with the Federal Reserve during the final days of the Trump administration. The rules would clarify that the definition of “money” under the Bank Secrecy Act applies to virtual currencies that can convert into legal tender or act as a substitute for fiat currency.
It may become harder and harder in the future to condone the use of cryptocurrency mixers that don’t want to comply with AML and KYC regulations.
Thoughts:
Mixers seem illegal to me at first glance. Knowing that regulators see them as money transmitters and the regulations involved, there doesn’t seem to be a way to justify it. And even if a mixer were to comply with all the regulations, then what’s the point of using it? Many people who get into crypto are more afraid of the government than other individuals tracking your transaction history. But I could be wrong. Maybe in the future there will be mixers out there who go legit and sell their service as a privacy and security measure. Until then, I’m skeptical.
I get it, some people want to go the extra mile for privacy and anonymity. But if you don’t think the government is already capable of tracking every monetary transaction you made online already if they wanted, you’re kidding yourself. As long as you aren’t a “person of interest” you shouldn’t have anything to worry about.
Which brings me to my next point: according to Chainalysis, one of the big risks of using mixers is mixing your crypto with someone who committed a crime. You may not get arrested, but you may become a “person of interest” to law enforcement if your crypto gets mixed in with illicit crypto. So the best choice here, from my perspective, is to not use them.
On the other hand, the Supreme Court ruled in Citizens United v. FEC that the First Amendment applies to corporations giving money because they are expressing free speech in favor of a candidate. If “money” can be considered “speech” then maybe transactions made with money on the blockchain could be considered freedom of speech? I don’t think it would happen because it would cripple law enforcement, but if it did that’s how current mixers would be made suddenly legal.
There are also privacy cryptocurrency coins out there like Monero and ZCash which can provide some anonymity, but I’ve already told you how I feel about those. If regulators are coming for the exchanges first, and cryptocurrencies like privacy coins can’t comply with KYC regulations on the exchange, then they’ll be kicked off the exchange. Eventually I could see them being declared to be illegal tender by the US unless they change. Personally, I’m not putting my money there.
Chainalysis is helping law enforcement catch criminals who use the blockchain to try to launder money, and that is pretty freaking cool. I’ve learned a lot from reading their articles and reports. You should definitely check them out if you’re interested in finding out more on how they can track down individuals on the blockchain.
I didn’t have the time (or the room), but next time I plan to talk more about a mixer in the Ethereum space and how it’s been involved in some recent hacks.
Thanks for reading!
Links:
This one was an excellent source about not only mixing but also other techniques people have used to obfuscate their transaction history:
Chainalysis Video Presentation: Advanced Obfuscation Techniques: Mixing, CoinJoins, Chain Hopping, and Privacy Coins
Prosecutions of Bitcoin Mixers Raise Crypto Privacy Questions
THE CHAINALYSIS GUIDE TO CRYPTOCURRENCY TYPOLOGIES
FinCEN’s $60 Million Helix Fine Reveals how Regulators May Enforce Law on Mixers Moving Forward