Latest news about Bitcoin and all cryptocurrencies. Your daily crypto news habit.
Over the weekend, I listened to one of the latest episodes of Unchained, which is a podcast featuring interviews with some of the best minds in crypto. In the episode, titled âHow Widespread Is Money Laundering in Crypto?â host Laura Shin talked with Tom Robinson, the Chief Data Officer & co-founder of Elliptic, and Yaya Fanusie, the director of analysis at the Center on Sanctions and Illicit Finance at the Foundation for Defense of Democracies.
The concept of money laundering through crypto isnât shocking to anyone, but during the episode, Tom said something surprising: that âShapeShift doesnât do KYC. For that reason, the funds from the Wannacry ransom [that] were in Bitcoin were sent to ShapeShift and were then converted to Monero.â
Wait a minute. Ransom racketeers used ShapeShift? Whatâs going on here?
ShapeShift is a crypto exchange, headquartered in Switzerland, that is currently operating today. They donât require users to give their personal information in order to clearly identify who is using the service? This is common practice for an exchange. Itâs known as KYC, or Know Your Customer. This practice helps prevent bad actors from storing and moving money.
Traditionally, money laundering was a simple concept in theory, if difficult to pull off: run bad money through a shell business, so it looks like lawfully generated revenue. With cryptocurrency, this isnât really an option, at least not yet, but bad actors have another simple solution to launder their coins: trade them for other coins.
Cryptocurrency has the advantage of being uniquely difficult to trace among currencies. Trading these coins is a faceless transaction with little more than an address to a digital wallet signifying ownership. A single criminal could generate thousands of these addresses to move funds around if they wanted to.
You can see the address, and how much Bitcoin is in that address, but the identity of the owner? Anonymous, though it turns out, only pseudo-anonymous. Criminals can make mistakes. Tracking IP addresses to identify the owners of particular Bitcoin addresses is possible, something that the founder of Silk Road, Ross Ulbricht, found out too late.
So if Bitcoin is only pseudo-anonymous, how can criminals better launder their cryptocurrency? Turns out, the answer remains simple. Monero is a privacy coin that blurs individual transactions in groups, making it impossible to see which individual addresses. If someone can transfer stolen Bitcoin into Monero, then they can get away scott free because after that point, there is no longer a trail that can be followed.
ShapeShift, the safest way to buy cryptocurrencies for everyone, but maybe thatâs not a good thing.
This is exactly what happened on ShapeShift. Almost one year ago, in August 2017, there were reports of the WannaCry Bitcoin funds moving through the crypto exchange ShapeShift. WannaCry was a ransomware virus that infected over 200,000 computers last year, locked up the systems, and demanded $300 in Bitcoin to unlock it. The hackers behind WannaCry then took just over $140,000 of ransomed Bitcoin and exchanged it on ShapeShift for Monero.
The movement was detected by a company called Elliptic, which works with government agencies and financial institutions and finds illegal activity in cryptocurrencies. Elliptic traced the Bitcoin stolen by WannaCry to ShapeShift, but once that Bitcoin was exchanged into Monero, they could no longer follow the trail.
In the aftermath, ShapeShift acknowledged the transaction, stating âthe WannaCry attacker did breach its terms of service and utilized the services to move a portion of their proceeds of crimeâ and that they were working with law enforcement on the issue. However, this begs the question: how can ShapeShift possibly identify when someone breaches its terms of service when they do not identify their users in the first place? Similarly, what information can they then provide to law enforcement to help with the investigation?
âWe have no idea who moved the money either, officer, but weâre here to help.â
On their website, ShapeShift states that âusers do not have to create accounts, deposit funds, or provide private personal information. This keeps the users safe from identity or financial theftâââa critical improvement in exchange technology.â Sure, protecting user identity is important, so there is an argument that this is an improvement, but at what cost? Who is really being protected?
Reading ShapeShiftâs Terms of Service, which were updated in April 9, 2018, the company states that users are âprohibited from using or accessing ShapeShift to transmit or exchange digital assets that are the direct or indirect proceeds of any criminal or fraudulent activityâŠShapeShift reserves the right to deny, delay, or cancel a transaction it perceives as a risk of criminal or fraudulent activity.â
How can ShapeShift simultaneously prohibit bad actors from accessing the platform while also maintaining a policy of anonymity? Hint: they canât. The price of anonymity is that everyone is anonymous, including criminals. As long as the exchange is unregulated, everyone can participate, which can appear beautiful as an idea, but in reality and in execution, it becomes a ground upon which criminals thrive.
This points to why regulation is important and why any website that allows users to trade cryptocurrencies should become regulated and follow regulation. In the US, this would mean the website should be regulated by either the CFTC, SEC or the local regulator, and certainly follow FINCEN rules. Should a foreign regulated entity onboard U.S. citizens, then they need to find a U.S. regulated entity as a correspondent in the transaction to make sure it follows U.S. regulation.
ShapeShift is incorporated in Switzerland, the land of the free and secret banking system. However, being a foreign corporation does not absolve its requirements to follow U.S. regulation if they have at least one U.S. customer. Clearly, ShapeShift has US. customers. Not only is Erik Voorhees, the CEO of ShapeShift, American, but Erik admitted that ShapeShift operates in the United States in a conversation with Krakenâs Jesse Powell about New Yorkâs BitLicense, which is difficult to obtain and one of the first regulatory measures taken in crypto.
How does Erik Voorhees get away with this? Digging into his background, I discovered that in 2014 Erik was sanctioned by the SEC for selling unregistered securities to investors without registering the offering with the SEC or seeking an exemption from registration. Because of the consent decree, Erik agreed to not violate the SEC rules. The strange thing is that ShapeShift is clearly not following the FINCEN rules and SEC regulations because the platform allows tokens that were issued in ICOs to be traded when these tokens are clearly viewed as securities by the SEC. Keep in mind that ShapeShift makes money by enabling anonymous transactions and as such is probably operating as an unregistered exchange.
Thereâs a reason banks have cameras to identify who comes and goes.
The ShapeShift example illustrates why regulation matters. Those who feel regulation is the enemy of freedom and democracy should reconsider the principles the two are based on. Freedom and democracy are about equal rights, equal access, and equal opportunity. Creating a level playing field for everyone.
In many ways, cryptocurrencies are enabling these principles, but if they better enable criminals to take advantage of others too, then it undermines those original ideals. Perhaps, this type of unregulation can be considered true âfreedom,â where anyone can do anything, but as a society, we have already collectively agreed on certain moral principles and laws. Everyone should not be able to do everything. There are crimes that we have decided as a society are wrong. Enabling crime is also wrong. In that sense, we have already let go of the libertarianâs freedom.
This is not to say that ShapeShift or any crypto exchange is directly facilitating criminal activity. I donât believe Erik built ShapeShift with that intention, nor do I think that anyone would make (or win) an argument saying that exchanges today are comparable to the Silk Road, the most infamous online black market, for example.
However, the Silk Road was in many ways built on Bitcoin. There are inherent dangers to cryptocurrencies, and as a result, there needs to be regulations in place to protect the businesses and people using them. There needs to be accountability. Anonymity is not a step forward in this regard, but one backward.
If you liked what you read, please give me a clap and follow me on Medium.
Crypto Exchange Unwittingly Helps Ransom Racketeers was originally published in Hacker Noon on Medium, where people are continuing the conversation by highlighting and responding to this story.
Disclaimer
The views and opinions expressed in this article are solely those of the authors and do not reflect the views of Bitcoin Insider. Every investment and trading move involves risk - this is especially true for cryptocurrencies given their volatility. We strongly advise our readers to conduct their own research when making a decision.