How Crypto Gets Hacked: Issue #8
Tron, Ponzi Schemes, The Future of CoinJoin, and the Senate Hearing
Disclaimer: I’ll be talking about individual crypto projects in this series but this is for informational purposes only and not a solicitation to buy or sell any cryptoassets.
Do your own due diligence.
The Tron Blockchain Under Scrutiny
The Unchained podcast had another great interview I really enjoyed with Chris Harland-Dunaway, a freelance reporter for The Verge.
The podcast was about a lengthy piece Chris wrote about Justin Sun, the founder of the Tron blockchain.
The story includes stories about Justin fleeing countries to avoid arrest, purposely trying to skirt around KYC laws, starting an unregulated crypto exchange, and more.
It’s a great story and sheds a light on someone who appears to be a pretty unsavory character. But there was one part that really stood out to me:
For some unknown reason, Tron had their own “market making” desk for their TRX token. Chris’ sources say the market making desk for Tron is meant to keep the TRX token at a certain price of… well, whatever Justin Sun wants it to be.
Because they knew when there is good news coming out, they could buy Tron’s TRX token before the news broke and then sell it after. According to his sources, that’s exactly what the “market making” desk was doing all the time.
If the TRX token were considered a security, then this would constitute “insider trading.”
But because cryptocurrencies are not identified as securities, they are not subject to the SEC’s “insider trading” regulations.
We still don’t know whether they should be classified as a commodity, a currency, a security, or something completely different. There is still lots of debate how they should be classified, among countries and even among various US government agencies.
It may not technically be a security, and they may not technically be insider trading, but if what Chris is reporting is true and it comes to court one day, as Supreme Court Justice Stewart once said “I know it when I see it.”
DOJ Goes After Real Crypto Ponzi Schemes
The CFTC and US Department of Justice both announced charges are being brought against individuals involved with crypto companies EmpowerCoin, ECoinPlus and Jet-Coin. They are being charged with “conspiracy to commit wire fraud and money laundering, and related substantive counts, in connection with a sophisticated scheme to steal assets from investors.”
“As alleged, the defendants engaged in a sophisticated scheme that preyed on unsuspecting investors nationwide with false promises of guaranteed returns and virtual currency trading opportunities. When the companies collapsed and their criminal conduct was about to be exposed, the defendants attempted to cover their tracks and destroy evidence,” stated United States Attorney Peace. “The scams may have been online and virtual, but these charges are very real. This Office is committed to protecting the public from criminals who view cryptocurrency as a new frontier to perpetrate old fashioned crimes of fraud and money laundering.”
They also brought charges against a couple (along with the SEC) for running a multi-level marketing scheme, where they claimed to be running a much bigger crypto-mining operation for their very own “Ormeus Coin” than they really were:
Acting HSI New York Special Agent in Charge Ricky J. Patel: “As alleged, Barksdale operated like a traveling salesman and peddled lies, overstatements, and misrepresentations regarding a cryptocurrency called Ormeus Coin, which resulted in duping thousands of investors throughout the world and took in over $70 million. The men and women of HSI will not allow fraudsters to sell dreams of inflated and unrealistic revenues to innocent investors with the goal of lining their own pockets. By leveraging federal and international partnerships, Barksdale is now facing prosecution in the Southern District of New York for his alleged criminal acts.”
Seems to me like they understand the game that some of these crypto-companies are playing and are going after many of the bad actors. It feels a little late, but they are starting to catch up and getting the job done.
Let’s hope they keep up the good work and continue catching these scam artists.
CoinJoin Wallets Will Comply
“CoinJoin” is an obfuscation technique used by people who want to try to hide their transaction history on blockchains, such as Bitcoin. It makes tracking transaction history more difficult, like mixers, but not impossible.
One of the most popular CoinJoin wallets, Wasabi, will start to police itself in order to comply with sanctions against Russia and law enforcement, and keep itself out of trouble:
Wasabi developer said the move was necessary to prevent hackers and scammers from using the service and to keep the company out of unspecified “trouble” (presumably the legal kind). The move underscores the challenges faced by centralized companies that provide services built to facilitate interaction with a decentralized ecosystem. It also serves as a reminder that fungibility – the quality that makes any unit of a currency interchangeable with another – is hard to maintain with bitcoin’s auditability.
. . .
Wasabi Wallet will continue to operate using the zkSNACKS coordinator, albeit with a certain level of restrictions now in effect. Although it now excludes blacklisted addresses, zkSNACKs will remain operational for all other users who want to maintain their bitcoin privacy.
Other CoinJoin services are starting to look at their levels of compliance as well, while others are leaning into their decentralization.
This proves to me that regulators are looking into all types of mixers, including Tornado Cash, who say sanctions can’t apply to them and who readers know I’m not a big fan of.
Wasabi wouldn’t do this unless they were forced to, and it seems like they were given an ultimatum.
However they are a centralized entity, and there is no precedent yet for the law to go after a decentralized digital collective like Tornado Cash or other decentralized CoinJoin wallet providers.
Hopefully our government can come to some sort of agreement where we can all agree even decentralized entities must comply with the law, and find a way to enforce it.
I wouldn’t go as far as Senator Elizabeth Warren’s crypto regulation bill, but I also don’t want to see them give the laissez-faire “everyone do what you want” answer either. There has to be a better way.
The Senate Hearing
Speaking of the government and what they are thinking, take a look for yourself and watch the whole Senate hearing on “Understanding the Role of Digital Assets in Illicit Finance” here.
Some thoughts from the hearing:
Ultimately impressed by the questions the Senators were asking. They clearly know more than I gave them credit for before watching this. They’re doing the research.
Jon Levin from Chainalysis and Mike Mosier from FinCen were my favorites and I could have heard them talk for an hour each.
Prosecutors can’t rely on blockchain data like what Chainalysis provides alone. They need “hands on the keyboard” type of evidence to prove “beyond a reasonable doubt” that this person committed the crime. This can make it more difficult to catch criminals, especially if exchanges don’t comply with US law.
Mike Chobanian (Blockchain Association of Ukraine) had a good analogy for crypto: nuclear energy. It can be used to create energy, or it can be used to create bombs. We can use it for good or bad. It all depends how we use it.
He also said Ukraine doesn’t care if it’s more expensive ($10-$20 per transaction), all they care about is speed. So if they can get the money and use it to buy supplies in a few minutes, that’s worth it to them. Just thought that was interesting.
Law enforcement can’t stop Iran or North Korea from cryptomining. However, they can go after centralized exchanges where they try to convert their cryptocurrencies into other currencies. That’s where law enforcement should focus resources.
Finding who is involved in illicit activity is much easier due to the visibility of most blockchains, like which exchanges or entities interacted with the person of interest. This makes it easier to trace than cash. But again, that “last mile,” linking the public address to the person, is the hardest part.
There were some “I’m going to ask questions I know the answer to simply to prove my point” questions which I personally didn’t appreciate. You could tell who came to the meeting with an agenda by treating this like a court case and who came to learn more.
There was a clear “don’t do anything to undermine Ukraine” tone to the entire hearing. While understandable, I don’t think the alternative should be “do nothing at all.” There should be a middle ground here where we can stop scammers, catch criminals who use cryptocurrency, and enforce sanctions without crippling the industry.
You only need to catch a criminal once on a blockchain, and you can find their entire history of illicit transactions. Pretty cool.
One of the clear and consistent messages throughout the entire hearing was give law enforcement and regulators the tools and resources they need right now and they can get the job done.
Warren was obviously acting like a prosecutor, in what was supposed to be an information gathering/sharing session, to prove she needed to act and then drop a bombshell bill during the hearing. And it made her look really bad.
While the focus of the hearing was catching criminals, Mosier mentioned we also need to make sure we abide by the 4th Amendment of the Constitution, which protects the right of privacy against unreasonable searches and seizures by the government. I think it’s a fantastic point to bring up during the hearing and one I agree with. If we want to conduct Chainalysis-type transaction searches on persons of interest, law enforcement should get a subpoena and go through the proper channels to catch the bad guys.
Thanks for reading!