Tuesday, January 30, 2024

Criming On The Blockchain

I apologize for the delay in posting but, as you will see, the post I was working on grew rather long.

It seems obvious that doing crimes and writing the receipts to an immutable public ledger is risky, but many criminals have been convinced that there is no risk because cryptocurrencies such as Bitcoin are anonymous. Although there are cryptocurrencies with anonymous transactions, such as Monero and zCash, they are much more difficult to use and much less liquid than pseudonymous cryptocurrencies like Bitcoin. As many criminals have discovered, without an unrealistically intense focus on operational security (opsec), the identity behind the pseudonym can be revealed. An entire industry has evolved to do these revelations, tracing the flow of coins through their blockchains.

Below the fold I discuss the techniques and results of blockchain tracing, based on four main sources:
There are two main use cases for cryptocurrencies, speculation and crime. Although speculation is likely behind the majority of transactions its externalities, such as people losing their life savings, have cause it to be downgraded from "harmless" to "mostly harmless", the minority of criminal transactions are definitely harmful. I've written about these harms in, among others, my EE380 talk, The Cryptocurrency Use Case and Cryptocurrency-enabled Crime.

Greenberg's book lays out the history of blockchain tracing technology, starting from Sarah Meiklejohn et al's 2013 paper entitled A Fistful of Bitcoins: Characterizing Payments Among Men with No Names. Their abstract reads:
Bitcoin is a purely online virtual currency, unbacked by either physical commodities or sovereign obligation; instead, it relies on a combination of cryptographic protection and a peer-to-peer protocol for witnessing settlements. Consequently, Bitcoin has the unintuitive property that while the ownership of money is implicitly anonymous, its flow is globally visible. In this paper we explore this unique characteristic further, using heuristic clustering to group Bitcoin wallets based on evidence of shared authority, and then using re-identification attacks (i.e., empirical purchasing of goods and services) to classify the operators of those clusters. From this analysis, we characterize longitudinal changes in the Bitcoin market, the stresses these changes are placing on the system, and the challenges for those seeking to use Bitcoin for criminal or fraudulent purposes at scale.
Meiklejohn started from an observation by Satoshi Nakamoto. Greenberg quotes Nakamoto:
"Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner,” Satoshi wrote. “The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.”
Linking the inputs of multi-input transactions roughly halved the then number of Bitcoin users. Meiklejohn then developed the "change address" technique:
When you pay someone 6 bitcoins from a 10-coin address, 6 coins go to their address. Your change, 4 coins, is stored at a new address, which your wallet software creates for you. The challenge, when looking at that transaction on the blockchain as a sleuthing observer, is that the recipient’s address and the change address are both simply listed as outputs, with no label to tell them apart.

But sometimes, Meiklejohn realized, spotting the difference between the change address and the recipient address was easy: If one address had been used before and the other hadn’t, the second, totally fresh address could only be the change address
Meiklejohn's first criminal case started when "Flycracker" raised funds to mail Brian Krebs a baker's dozen bags of heroin from Silk Road:
Flycracker had made it easy. By posting a Bitcoin address to the cybercriminal forum, he’d given Meiklejohn a starting point. She simply copied the thirty-four-character string into her blockchain software and looked at the transactions at that address. After collecting 2 bitcoins in donations at the address he’d posted, worth around $200 at the time, a little over three-quarters of the money had been sent to another address, with a third collecting the change. At a glance, Meiklejohn immediately identified the change address and checked the money’s destination against her database. Sure enough, the address was one of the nearly 300,000 she had already tagged as belonging to the Silk Road. Meiklejohn had just connected Flycracker’s address directly to the source of the heroin he’d tried to use to frame Krebs.
The first major cryptocurrency bust Greenberg recounts was the arrest of Silk Road's Dread Pirate Roberts in a San Francisco library. It did not depend upon these tracing techniques:
The FBI has described that cybersurveillance coup as the result of a misconfiguration in the site’s use of the Tor anonymity software but has been reluctant to ever officially explain that error in a courtroom.
In fact:
it had been the IRS’s Gary Alford, sitting in his New Jersey home four months earlier, who’d done the meticulous, unglamorous work that had led to the case’s first real breakthrough. Alford had been using Google to dig up the earliest online posts about the Silk Road on drug forums when he’d found a curious artifact: Someone going by the name “altoid” had posted to a site called the Shroomery in January 2011 recommending the Silk Road’s just-launched dark web market as a source for drugs. Around the same time, a user with the same handle had also asked for programming help on a coding forum. On that page, altoid had listed his email address: rossulbricht@gmail.com.
Another IRS agent, Tigran Gambaryan, received a tip that Carl Force, one of the DEA agents working on Silk Road, had used a fake ID to set up an account at Bitstamp, a cryptocurrency exchange, and deposited a lot of BTC He had cashed out $200K and, as Gambaryan examined his financial records:
He found that Force had, in late 2013, paid off his home’s entire mortgage, an outstanding loan of $130,000. He’d repaid, too, a $22,000 loan he’d taken out against his federal retirement account. He’d even made a gift of tens of thousands of dollars to his local church, the sort of largesse that, Gambaryan knew all too well, was tough to afford on a federal agent’s salary. The numbers only got shadier from there: Gambaryan found records of real estate investments in which Force had listed his net worth as more than 1 million. That wealth was almost entirely due, it became clear, to a massive influx of liquidated bitcoins from cryptocurrency exchanges like Bitstamp and CampBX that had flowed into Force’s bank accounts. The payments totaled $776,000 beyond his $150,000 annual DEA salary over the two prior years that he’d worked on the Silk Road case. With that ample financial padding, Force had then retired from the DEA, just days before Gambaryan began to look into his records.
Gambaryan could get Force's wallet addresses from the exchanges he used, and he found an unencrypted message from DPR referencing a 525 BTC payment to Force's investigative alias, but he needed proof, So, Greenberg writes:
Despite having read Meiklejohn’s paper, he possessed none of the data that she’d assembled over months of clustering Bitcoin addresses and identifying them with test transactions. So he simply started copying Bitcoin addresses from Carl Force’s account records—the ones he’d gotten from exchanges such as CampBX and Bitstamp—and pasting them into the search field on Blockchain.info, which displayed the entire blockchain on the web. At first, the collections of garbled character strings seemed meaningless to Gambaryan. But almost immediately, he could see he was onto something. On September 27, 2013, just a few days before Ross Ulbricht’s arrest, Gambaryan saw with a jolt of recognition that one of Force’s CampBX addresses had received a 525-bitcoin payment—the magic number that DPR had mentioned in his conveniently unencrypted message.
Gambaryan manually followed the chains backward, from their inputs to the outputs that caused them, until finally:
Following the money at each of the remaining addresses back one more step, he now saw the coins had originally come from just four sources. Each of those addresses had received their funds on the same day: August 4, 2013—the exact date when the Dread Pirate Roberts had told Nob he’d paid him. Gambaryan mentally recorded the payments: They were for 127, 61, 134, and 203 bitcoins. He added the numbers in his head. They summed up to 525 bitcoins.
The next morning, after a few hours’ sleep, Gambaryan began texting his DHS contact Jared Der-Yeghiayan, the Armenian American agent in Chicago whom he’d befriended. He needed to check the four addresses he’d found with someone who had access to the Dread Pirate Roberts’s Bitcoin wallet. As a member of the Silk Road investigation team, Der-Yeghiayan still had access to all the site’s server data, including its Bitcoin addresses. Der-Yeghiayan called Gambaryan back a few hours later and confirmed what Gambaryan already knew: Each of the four addresses belonged to DPR.
He thus became apparently the first law enforcer to use blockchain tracing as evidence in an investigation. Its first use in a trial appears to be when, with help from Nick Weaver, the prosecution of Ross Ulbricht introduced a trace of his payment for a murder-for-hire attempt:
But the day when the prosecution found the incontrovertible, public, and unerasable proof of Ulbricht’s Silk Road millions, argues Nick Weaver, remains a milestone in the history of cryptocurrency and crime. “That is the date,” Weaver says, “that you can state unequivocally that law enforcement learned that the blockchain is forever.”
The blockchain tracing industry's pioneer, Chainalysis, spun out of the Kraken exchange as a result of the next big crime Greenberg covers, the collapse of the Mt. Gox exchange:
Kraken’s management, in a pro bono attempt to help rescue the cryptocurrency ecosystem from the rippling shock of Mt. Gox’s failure—and the collapse in Bitcoin’s price that followed—had agreed to help distribute any remaining bitcoins that could be found to Mt. Gox’s thousands upon thousands of angry creditors.

Michael Gronager, for his part, had taken on a far more uncertain task. He’d agreed to find the missing coins. By all appearances, this was not a rational decision. The Danish entrepreneur had left his relatively comfortable position as the COO of Kraken to found a new start-up whose sole client, for the moment, was this roomful of Japanese bankruptcy lawyers asking him to track down Mt. Gox’s gigantic, wayward fortune. Even calling them a client would be a stretch: He would receive no fee, and no portion of the recovered funds, if he could manage to find any.
The co-evolution of Bitcoin's and tracing technology started with the revelation that Chainalysis, by running a node in the Bitcoin network, could discover the IP address associated with many wallets, which garnered both hostility and customers. With a head-start, Chainalysis rapidly became the leader in their emerging market, as Brian Arthur would have predicted.

The next investigation Greenberg covers was into the BTC-e exchange, whose:
computers where the exchange was hosted weren’t on the dark web, protected by Tor. They ought to be discoverable with a simple “traceroute” command, an operation that anyone with a computer and an internet connection can run to find a site’s IP address—no harder than looking up a commercial service’s number in a phone book. Gambaryan checked, and it turned out the only layer of misdirection that had prevented curious observers from learning the location of BTC-e’s servers in the first place was a company called Cloudflare, a web infrastructure provider and security service that shielded the exchange’s IPs from prying eyes like Gambaryan’s.
Subpoenas to Cloudflare revealed they were hosted in the US, which allowed them to be imaged:
Gambaryan dug into the data his team had copied from the BTC-e server. What he found was a revelation: The IP address for the account trading in stolen Mt. Gox coins on BTC-e matched one of the few IP addresses on the BTC-e server’s allow list for the administrators’ connections. In other words, the person who had siphoned hundreds of thousands of bitcoins from Mt. Gox into BTC-e wasn’t just any BTC-e user. They were a BTC-e administrator. Specifically, an admin with the username WME. “The gears started turning in my head,” Gambaryan remembers. “What better way to launder hundreds of thousands of bitcoins than to launch your own Bitcoin exchange?”
WME was Alexander Vinnik but, alas, he was in Russia.

Greenberg goes on to describe the takedown of Alexandre Cazes, who ran the Alphabay dark-web market and the related takeover of the Hansa dark-web market, and then of the Welcome to Video child sexual abuse site. This led to the arrest and indictment of a Texas-based Border Patrol agent:
The Texas man had taken a rare approach to his legal defense: He’d pleaded guilty to possession of child sexual abuse materials, but he also appealed his conviction. He argued that his case should be thrown out because IRS agents had identified him by tracking his Bitcoin payments—without a warrant—which he claimed violated his Fourth Amendment right to privacy and represented an unconstitutional “search.”

A panel of appellate judges considered the argument—and rejected it. In a nine-page opinion, they explained their ruling, setting down a precedent that spelled out in glaring terms exactly how far from private they determined Bitcoin’s transactions to be.

“Every Bitcoin user has access to the public Bitcoin blockchain and can see every Bitcoin address and its respective transfers. Due to this publicity, it is possible to determine the identities of Bitcoin address owners by analyzing the blockchain,” the ruling read. “There is no intrusion into a constitutionally protected area because there is no constitutional privacy interest in the information on the blockchain.”

A search requires a warrant, the American judicial system has long held, only if that search enters into a domain where the defendant has a “reasonable expectation of privacy.” The judges’ ruling argued that no such expectation should have existed here: The HSI agent wasn’t caught in the Welcome to Video dragnet because IRS agents had violated his privacy. He was caught, the judges concluded, because he had mistakenly believed his Bitcoin transactions to have ever been private in the first place.
This firmly established blockchain tracing as a legitimate form of evidence.

One case Greenberg mentions only in passing is the theft of nearly 120K BTC from Bitfinex, to which Heather Morgan and Ilya Lichtenstein pled guilty. They were intitially flagged as suspects during the takeover of AlphaBay that Greenberg describes in detail. I discussed the tracing steps revealed by the Statement of Facts from their indictment in Inadequate OpSec. The image shows a small part of the tracing evidence in this case. The two VCE4 accounts used Russian e-mail addresses, but the VCE7 and VCE8 accounts were in the name of companies controlled by Lichtenstein and Morgan. Tracing the chains back connected the VCE4 accounts to the suspects, who had taken the precaution of funding VCE4 with Monero.

Deanonymizing individual wallets and flows is valuable to Chainalysis' clients; law enforcement for evidence and financial institutions for risk-assessment. But their vast collection of tagged wallet addresses and transactions is also valuable in aggregate. It enables statistical analysis of the cryptosphere, such as Chainalysis' annual report on cryptocurrency crime. This year's is introduced in 2024 Crypto Crime Trends: Illicit Activity Down as Scamming and Stolen Funds Fall, But Ransomware and Darknet Markets See Growth:
2023 saw a significant drop in value received by illicit cryptocurrency addresses, to a total of $24.2 billion. As always, we have to caveat by saying that these figures are lower bound estimates based on inflows to the illicit addresses we’ve identified today. One year from now, these totals will almost certainly be higher, as we identify more illicit addresses and incorporate their historic activity into our estimates. For instance, when we published our Crypto Crime Report last year, we estimated $20.6 billion worth of illicit transaction volume for 2022. One year later, our updated estimate for 2022 is $39.6 billion. Much of that growth came from the identification of previously unknown, highly active addresses hosted by sanctioned services, as well as our addition of transaction volume associated with services in sanctioned jurisdictions to our illicit totals.

Another key reason the new total is so much higher, besides the identification of new illicit addresses: We’re now counting the $8.7 billion in creditor claims against FTX in our 2022 figures. In last year’s report,
Although these arae large sums, Chainalysys estimate they represent a fairly small proportion of the total cryptocurrency volume, falling from 0.42% in 2022 to 0.34% in 2023. Of course, it is unlikely that they have identified all the illicit transactions.

The report has a big surprise:
Through 2021, Bitcoin reigned supreme as the cryptocurrency of choice among cybercriminals, likely due to its high liquidity. But that’s changed over the last two years, with stablecoins now accounting for the majority of all illicit transaction volume. This change also comes alongside recent growth in stablecoins’ share of all crypto activity overall, including legitimate activity.
Bitcoin's volatility is great for speculation, but when it fails to proceed moonwards it is a big problem for criminals, and especially for sanctions-busters:
Some forms of illicit cryptocurrency activity, such as darknet market sales and ransomware extortion, still take place predominantly in Bitcoin. Others, like scamming and transactions associated with sanctioned entities, have shifted to stablecoins. Those also happen to be the biggest forms of crypto crime by transaction volume, thereby driving the larger trend. Sanctioned entities, as well as those operating in sanctioned jurisdictions or involved with terrorism financing, also have a greater incentive to use stablecoins, as they may face more challenges accessing the U.S. dollar through traditional means, but still want to benefit from the stability it provides.
The report notes that stablecoin users,criminal or not, run the risk of having their wallets and thus their funds "frozen", as Tether has been doing recently. Patrick Tan covered the case of an Indian user (The Victim) in detail in What happens when Tether “freezes” your Tether?. On 7th December 2023 Tether changed its Terms of Service and, in 3 Things You Must Know About Tether’s Terms of Service, Tan delves into the deliberately confusing details and ends up agreeing with Jonathan Reiter about the The Victim's problem:
On a basic level this user was relying on an unlicensed money transmitter where they have 0 access to any authority that feels accountable to them.

Tether isn’t an Indian money services business. Nor is it regulated in the victim’s country. Or anywhere with a real process.
This — precisely this — is the cost of living outside the law. You may end up with no recourse. Or not.

But you don’t even have someone to complain to that feels accountable for your problems (i.e. your local police or elected representative, or an employee of a business accountable to a regulator you can contact).
It turns out that evading sanctions is the major criminal use case:
Perhaps the most obvious trend that emerges when looking at illicit transaction volume is the prominence of sanctions-related transactions. Sanctioned entities and jurisdictions together accounted for a combined $14.9 billion worth of transaction volume in 2023, which represents 61.5% of all illicit transaction volume we measured on the year. Most of this total is driven by cryptocurrency services that were sanctioned by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC), or are located in sanctioned jurisdictions, and can continue to operate because they’re in jurisdictions where U.S. sanctions are not enforced.

While those services can and have been used for nefarious purposes, it also means that some of that $14.9 billion in sanctions-related transaction volume includes activity from average crypto users who happen to reside in those jurisdictions. For example, Russia-based exchange Garantex, which was sanctioned by OFAC and OFSI in the U.K. for its facilitation of money laundering on behalf of ransomware attackers and other cybercriminals, was one of the biggest drivers of transaction volume associated with sanctioned entities in 2023. Garantex continues to operate because Russia does not enforce U.S. sanctions. So, does that mean all of Garantex’s transaction volume is associated with ransomware and money laundering? No. Nevertheless, exposure to Garantex introduces serious sanctions risk for crypto platforms subject to U.S. or U.K. jurisdiction, which means those platforms must remain ever-more vigilant and screen for exposure to Garantex in order to be compliant.
Translation: platforms need to subscribe to Chainalysis to be safe. Andy Greenberg's ‘Stablecoins’ Enabled $40 Billion in Crypto Crime Since 2022 quotes Chainalysis' Andrew Fierman:
As examples, Fierman points to Nobitex, the largest cryptocurrency exchange operating in the sanctioned country of Iran, as well as Garantex, a notorious exchange based in Russia that has been specifically sanctioned for its widespread criminal use. Stablecoin usage on Nobitex outstrips bitcoin by a 9:1 ratio, and on Garantex by a 5:1 ratio, Chainalysis found. That's a stark difference from the roughly 1:1 ratio between stablecoins and bitcoins on a few nonsanctioned mainstream exchanges that Chainalysis checked for comparison.
Of course, when Chainalysis says "stablecoin" they essentially mean Tether. Three years ago, this interview of Charles Yang, head trader of Genesis Block based in Hong Kong, by John Riggins descibed how Tether was the basis for trade flows in South-East Asia because it evaded governments' currency controls. Yang noted:
bank acccounts are the absolute most valuable thing — you have to set up a bunch of different companies, a lot of different bank accounts just to facilitate trades that aren't that big, maybe $50K. The moment you tell them this is for a USDT trade, you're basically asking them to shut your bank account down.
Last September DataFinnovation posted USDT-on-TRON, FTX & WTF Is Really Happening. In summary:
FTX/Alameda minted nearly all the USDT-on-TRON and operate as something like a central bank or reserve manager for a shadow East Asian USD payment system. We provide convincing evidence from novel on-chain analysis that shows how a real, albeit mostly-not-kosher, crypto use case works. This data also makes plain that Binance/Cumberland runs the Ethereum part of the same ecosystem and that these two groups of parties probably coordinate their actions in some way.
we are going to show that this entire complex looks an awful lot like a funnel to establish backing for a USD payment network aimed at people who cannot (easily or legally, depending) hold USD or transfer them. This also exposes how USDT is split into a China-and-surroundings slice and a rest-of-world slice with a different major crypto entity handling each part.
The UN Office for Drugs and Crime (UNODC) just published a report entitled Casinos, Money Laundering, Underground Banking, and Transnational Organized Crime in East and Southeast Asia: A Hidden, Accelerating Threat:
Online gambling platforms, and especially those that are operating illegally, have emerged as among the most popular vehicles for cryptocurrencybased money launderers, particularly for those using Tether or USDT on the TRON blockchain,
USDT on the TRON blockchain has become a preferred choice for crypto money launderers in East and Southeast Asia due to its stability and the ease, anonymity, and low fees of its transactions. Law enforcement and financial intelligence authorities in the region have reported USDT among the most popular cryptocurrencies used by organized crime groups in the region, particularly those involved in the regional cyberfraud industry, demonstrated by a surging volume of cases and unauthorized online gambling and cryptocurrency exchange platforms offering undergroud [sic] USDT-based services.
The report details techniques such as points-running and motorcades:
As third- and fourth-party payments have become better understood by authorities and more widely reported following ‘Operation Chain Break’ and other measures in China, organized crime groups have responded by accelerating the integration of cryptocurrencies into their illegal betting operations, creating significant challenges for investigators. In recent years, law enforcement and financial intelligence authorities have reported the growing use of sophisticated, high-speed money laundering ‘motorcade’ teams specializing in underground USDT – fiat currency exchanges (卡接回U) across East and Southeast Asia. This has also included the mass recruitment of mule bank accounts across virtually all jurisdictions in the Asia Pacific region which can be purchased for as little as US $30.

Due to the rise of cryptocurrency-integrated motorcades, points running syndicates, and other challenges, in 2021 the Government of China banned cryptocurrency transactions, trading, and mining. The industry subsequently migrated to various jurisdictions, particularly driving up already rising cryptocurrency adoption in several countries in Southeast Asia, together with the establishment of high-risk and underground cryptocurrency exchanges. At the same time, it is worth noting that cryptocurrency flows connected to organized crime have been cited as being vastly underestimated by industry experts as well as law enforcement and regulatory authorities in the region. Experts have pointed to a number of shortcomings related to existing analyses including massive gaps in crime attribution on the blockchain, fabricated reporting by crypto exchanges, and the prevalence of wash trading which inflates crypto transaction volumes, thereby shrinking the portion of illicit transactions identified.
The US is rightly concerned that Tether is undermining their sanctions system, but countries like China with strict controls on cross-boarder currency flows are also worried about similar undermining. Fortunately, the flows of Tether are observable on the Ethereum and Tron blockchains, so tracing techniques can be and, as I discussed in The Stablecoin Saga, The Stablecoin Saga Continued and Alameda's On-Ramp are being, applied.


David. said...

In Authorities Secure $2 Billion in Bitcoin from Pirate Site Operators Ernesto Van der Sar reports on successful HODL-ing:

"The German authorities received help from forensic experts at the FBI to secure these assets. According to publicly released information, the operators earned money through advertising and dodgy subscription scams.
The German authorities received help from forensic experts at the FBI to secure these assets. According to publicly released information, the operators earned money through advertising and dodgy subscription scams.

Looking back, this must be one of the best investments ever made, although the operators don’t get to enjoy it."

David. said...

More crime billions in Upmanyu Trivedi's UK Police Uncovered $1.7 Billion Bitcoin Linked to China Fraud:

"British police uncovered $1.7 billion worth of Bitcoin linked to a woman accused of laundering the proceeds of a $6 billion investment fraud in China, prosecutors said at her London trial.

Jian Wen, 42, a UK citizen, denies allegations she helped launder vast sums amassed by Zhimin Qian, wanted in China for running a fraud scheme that robbed around 130,000 investors. The whereabouts of Zhimin, also known as Yadi Zhang, are unknown.

The 2018 police raid at their rented London manor house uncovered laptops, pen drives and notebooks that saved passwords and stored crypto wallets containing Bitcoin worth hundreds of millions of dollars each, according to the prosecuting lawyer."

David. said...

FTX’s Missing $400 Million Were Stolen in SIM-Swapping Hack, DOJ Says by Ava Benny-Morrison and Margi Murphy reveals that:

"Three people have been charged with orchestrating a SIM-swapping scam that siphoned more than $400 million from FTX as the cryptocurrency exchange spiraled into bankruptcy.

Hours after FTX filed for bankruptcy in November 2022, and its founder Sam Bankman-Fried resigned, hackers drained hundreds of millions of dollars worth of digital currency from the platform, before funneling it through a web of decentralized exchanges."

Phone-based 2FA sucks!

David. said...

Anyone harboring doubts as to whether the cryptosphere is a more "wretched hive of scum and villany" than the Mos Eisley spaceport should read Molly White's 50th Citation Needed. In just a week and a half she collects:

- Seizures of a total of over 122K BTC by various law enforcers, "worth" around five and quarter billion dollars at today's "price".

- Progress in 8 different criminal cases.

- Progress in the bankruptcies of Celsius, FTX and Terraform Labs.

- Six actions by regulators in the US and Hong Kong.

And much, much more.

David. said...

FINRA Provides Update on Targeted Exam: Crypto Asset Communications reveals that financial institutions are massively misleading their retail customers about cryptocurrencies:

"FINRA reviewed over 500 Crypto Asset-related retail communications.... FINRA identified potential substantive violations of FINRA Rule 2210 in approximately 70 percent of the communications. Specifically, FINRA observed the following communications and communication practices that were inconsistent with FINRA Rule 2210:

- Failure to clearly differentiate in communications, including those on mobile apps, between Crypto Assets offered through an affiliate of the member or another third party, and products and services offered directly by the member itself.
- False statements or implications that Crypto Assets functioned like cash or cash equivalent instruments.
- Other false or misleading statements or claims regarding Crypto Assets.
- Comparisons of Crypto Assets to other assets (e.g., stock investments or cash) without providing a sound basis to compare the varying features and risks of these investments.
- Unclear and misleading explanations of how Crypto Assets work and their core features and risks.
- Failure to provide a sound basis to evaluate Crypto Assets by omitting clear explanations of how Crypto Assets are issued, held, transferred, or sold.
- Misrepresenting that the protections of the federal securities laws or FINRA rules applied to the Crypto Assets.
- Misleading statements about the extent to which certain Crypto Assets are protected by SIPC or under SIPA."

David. said...

While we're talking about misleading investors, Patrick Tan flags another instance in Poly-gone — 400 Million MATIC Missing?:

"Referring to Polygon’s Binance Launchpad blog post, the “staking” allocation is supposed to have gone from 400,000 MATIC tokens to 1.2 billion.

The immediate problem when examining the staking contract, which is deployed in June 2020, is that instead of kicking off with 400,000 MATIC tokens, it starts from zero, and then makes its way up to 800 million.

So what happened to the “missing” 400 million MATIC tokens?

It went to an address labeled “Binance 33” on Etherscan.
The only problem of course is Binance 33 isn’t a staking wallet, and there are plenty of MATIC outflows from Binance 33."

300M MATIC went from Binance 33 to a wallet starting "0x2f" which also received 466M MATIC from Polygon’s “marketing and ecosystem” wallet:

"The “0x2f” address then sends over 700 million tokens back to Binance and nowhere else.

Examining the flows from Polygon Foundation wallets, it becomes immediately clear that the team and Binance were working together to feed the MATIC tokens out the back.

In total, some 767 million MATIC tokens were spirited out the “staking” exit, with potential sale prices of between $1-$2, making the backdoor “exit” worth around $1 billion."

MATIC's current "price" is $0.79 making the loot "worth" around $606M.

David. said...

Jonathan Reiter and a team from BitTrace published Connecting Chinese and American Scam Victims. Their abstract starts:

"One particular class of scam known as “pig butchering” 1 has grown dramatically and often involves the use of cryptocurrency both to collect funds from victims and to launder the proceeds. Here we are going to explore the use of cryptocurrency in pig butchering scams beginning with victims in both the People’s Republic of China and United States of America, and demonstrating the remarkable degree of similarity for cases that have no reason a priori to be similar at all.

Specifically we will show that scammers with victims in both these countries share cryptocurrency addresses, use overlapping sets of money-laundering services, and are therefore likely parts of the same group or syndicate."

ChainArgos followed up with Laundering the Proceeds of Crime: Crypto’s Killer App?:

"Now we are going to connect a few more dots to argue that scamming and the laundering of scam proceeds was not just a use case for cryptocurrencies in Asia, but likely a major driver of flows through several well-known industry players.

This may well even be, empirically, crypto’s killer app."

Both are worth reading.

David. said...

In Binance Code and Internal Passwords Exposed on GitHub for Months Joseph Cox reports on Binance's devotion to security:

"A takedown request said the GitHub account was “hosting and distributing leaks of internal code which poses significant risk to BINANCE.”"

David. said...

Crypto Launderer Kept Identity ‘Hidden in the Fog,’ US Alleges by Sabrina Willmer and David Voreacos is about the trial of Roman Sterlingov for allegedly running the Bitcoin Fog mixer:

"The government also presented a slide that showed the flow of illicit funds through Bitcoin Fog to or from online marketplaces that sell illicit products ranging from narcotics to child pornography. Bitcoin Fog processed more than $400 million in untraceable transactions, including tens of millions of dollars tied to these markets over a decade"

Sterlingov's defense is to attack Chainalysis:

"His unusual defense has included attacking the Wall Street-backed firm Chainalysis, which the Justice and Treasury Departments often hire to help trace the flow of crypto in money laundering cases.

[his lwayer] has labeled the technology “junk science” and argued that Chainalysis’ accuracy can’t be supported because it can’t identify error rates."

David. said...

James Porteous' How Illegal Betting and Related Money Laundering Flourished Despite ‘Crypto Winter’ has more on the South-East Asia use-case for Tether:

"TRM Labs puts the amount of cryptocurrency directly linked to crime at USD 20.6 billion in 2022, but points out that this is only a fraction of the actual total because it does not include proceeds of non-cryptocurrency native crime laundered into cryptocurrency – such as profits from drug trafficking, scams and of course illegal betting.

The scale of profits moved in cryptocurrencies from other illegal activity is at least an order of magnitude larger, in the hundreds of billions. For example, Bitrace, a Chinese blockchain analytics firm, tracked the equivalent of USD 115 billion in the cryptocurrency Tether to addresses linked to Southeast Asia-based illegal betting operations of the type highlighted by the ARF Council in its report How Organised Crime Operates Illegal Betting, Cyber Scams & Modern Slavery in Southeast Asia. Bitrace found that approximately 37 billion of this was illegal betting profits, 70billion money laundering, and 460 million fraud."

David. said...

Bryce Elder looks at an important off-ramp in Gift cards: the crypto off-ramp no one is watching:

"Unlike crypto, an electronic retail voucher can be redeemed near-anonymously, instantly, at face value. Use will usually fall below the purview of financial regulators. Purchases and transfers are largely untraceable. Trust rests in a central counterparty, with a multinational corporation acting both as the custodian and the clearing house. Sales are VAT-exempt and the reporting of capital gains is a matter of personal conscience.

A recently released 2010 email from Satoshi Nakamoto, bitcoin’s pseudonymous chief architect, predicted that prepaid cards could be a bridge to tradfi. Crypto was easy to generate and hard to cash out, Nakamoto reasoned, but prepaid debit cards might offer the unbanked a convenient off-ramp."

David. said...

Allyson Versprille reports on the next exchange on the DoJ and CFTC's lists in KuCoin Used for $9 Billion in Suspect Crypto Trades, US Says:

"Since KuCoin’s inception in September 2017, the exchange “willfully failed” to establish and maintain a program to keep the platform from being used for illicit activity, including terrorist financing, federal prosecutors in Manhattan alleged Tuesday. The company also didn’t put proper controls in place to verify customers’ identities or file reports on suspicious transactions on the exchange, according to the US Attorney’s Office for the Southern District of New York.

“In failing to implement even basic anti-money laundering policies, the defendants allowed KuCoin to operate in the shadows of the financial markets and be used as a haven for illicit money laundering,” US Attorney Damian Williams said in a statement. He added that the exchange received more than $5 billion and sent more $4 billion of suspicious and criminal funds."

David. said...

A few links to various instances of criming on the blockchain.

Molly White discusses the sentencing memos for Sam Bankman-Fried in Sam Bankman-Fried wants only six years for his "victimless" crime and in a YouTube video.

Bob Van Voris' Terraform Goes on Trial as Do Kwon Awaits Extradition in Montenegro starts:

"Terraform Labs Pte. began trial Monday over civil fraud claims tied to the 2022 implosion of its TerraUSD stablecoin, while co-founder Do Kwon remains in Montenegro waiting to learn whether he’ll be extradited to the US or South Korea to face criminal charges."

Sangmi Cha and Sidhartha Shukla lay out Do Kwon's backstory in How Do Kwon Went From Crypto King to Fugitive to Jail.

More shenanigans in Sidhartha Shukla's Exchange Investigates Flash Crash That Sent Bitcoin to $8,900:

"Crypto exchange BitMEX said it is investigating unusual trading activity, including possible misconduct, that led to a flash crash in Bitcoin on its platform yesterday.

The price of Bitcoin against Tether’s USDT stablecoin fell to as low as $8,900 on BitMEX late Monday, while the largest cryptocurrency was trading above $66,000 on rival venues. The price of Bitcoin on the exchange quickly recovered and has been trading in-line with the rest of the market since."

David. said...

Zeke Faux and Max Chafkin debunk SBF's myth-making in a long post entitiled FTX’s Original Sin Is a Warning to All of Crypto:

"All the evidence makes clear that FTX wasn’t a good company run by a bad guy. It was a business that was crooked almost from Day 1. That’s a problem for the entire crypto market. Its supporters pitch the products as an alternative to a mainstream financial system they say is rigged against ordinary people. But the conditions that let Bankman-Fried rig markets at FTX remain unchanged. If anything, they may get worse: In a contentious political environment, crypto boosters are spending lavishly to influence lawmakers and try to soften regulations while marketing digital tokens as a sensible choice for novice investors. Which is pretty much what Bankman-Fried did to maximize his fraud."

David. said...

Edition 54 of Molly White's Citation Needed is a comprehensive roundup of the cryptosphere's on-going legal cases - SBF, KuCoin, Coinbase, Genesis, Terra, Binance, Tornado Cash, Craig Wright, and many more.

David. said...

There is treasure buried near the tail of Edition 54 of Molly White's Citation Needed:

"ALAB Podcast. "Episode 3: Faketoshi - The Perfect Client". (Podcast)

This episode is more than four years old, but describes some of Craig Wright's early shenanigans in trying to claim that he is Satoshi Nakamoto. They do a great job of going through only some of Wright's incredibly long backstory, and it is very funny."

I'm English so I can appreciate understatement like "very funny". The story is hysterical, so funny the three lawyers speaking can't stop laughing themselves. I can't imagine how funny their sequel covering the current case in the UK that White covers earlier in the post with:

"The evidence was so overwhelmingly against Craig Wright's claims to be Satoshi Nakamoto that the judge overseeing the five-week-long trial in the United Kingdom ruled on the matter immediately as arguments came to a close."

David. said...

Bob Van Voris and Chris Dolmetsch report that Do Kwon, Terraform Labs Found Liable for Fraud in SEC Trial:

"Terraform Labs Pte. and co-founder Do Kwon were found liable for fraud in a US government lawsuit over the firm’s 2022 collapse, which wiped out $40 billion in investor assets and shook the cryptocurrency world.

After a two-week trial in New York, a jury on Friday found Kwon and Terraform misled investors, handing the US Securities and Exchange Commission a boost in its efforts to assert greater control over the crypto industry. The verdict also could be a preview of pending criminal cases against Kwon in the US and South Korea, though the criminal standard for guilt is higher.
US District Judge Jed Rakoff ruled in December that Terraform is liable for selling unregistered securities, agreeing with the SEC on a key element of its case and removing it from the issues the jury had to consider. Terraform has said its cryptocurrencies don’t constitute securities under the law and that the SEC lacks jurisdiction. The company said it will appeal the ruling."

David. said...

Bloomberg reports that China’s Raids on Forex Gangs Point to Crypto Ban Being Flouted:

"Alleged cases involving crypto flagged in May alone include an underground bank tied to 13.8 billion yuan ($1.9 billion) of illegal transfers, a gang implicated in about 2 billion yuan of unauthorized conversions and unlawful money changers that in some cases transacted more than 1 billion yuan.

The claimed busts — spanning Beijing, the northeastern province of Jilin and Chengdu city in the southwest — were flagged by municipal authorities and state media. They add to signs that Chinese demand still plays a major role in digital-asset markets more than two years after Beijing proscribed crypto transactions.
A report about the case involving 13.8 billion yuan of transfers was publicized by Chengdu city’s Public Security Bureau via WeChat, the social media platform. There were 193 arrests for activities dating back to early 2021, according to the post, which added that the Tether stablecoin was used to help illegally send funds abroad.

The gang accused of 2 billion yuan of illicit transfers acquired digital tokens in over-the-counter trading to help convert Chinese yuan into South Korean won, according to a WeChat post by the Public Security Bureau of Panshi city in Jilin province."