The Purpose and Perils of Crypto Privacy Tools

Please fol­low and like us:
Pin Share

  • Mix­ing ser­vices pool togeth­er cryp­to trans­ac­tions to obfus­cate the fund sources and improve privacy
  • Recent cryp­to seizures by author­i­ties in Flori­da and Ger­many involved alleged crim­i­nal use of mixers

Cryp­to ser­vices designed to improve trans­ac­tion pri­va­cy con­tin­ue to be used in ille­gal activ­i­ties, but using so-called mix­ers for nefar­i­ous pur­pos­es is becom­ing increas­ing­ly risky. 

A cryp­tocur­ren­cy mix­ing ser­vice is used to pri­vate­ly trans­fer cryp­toas­sets between wal­lets by comin­gling funds in a pool of assets belong­ing to many participants.

The hack­er who last month exploit­ed the Ronin Net­work for rough­ly $625 mil­lion recent­ly trans­ferred thou­sands of ether to Tor­na­do Cash, a pri­va­cy tool for Ethereum. More than 165,000 ETH remains in the attacker’s wal­let.

Tor­na­do Cash, a decen­tral­ized pro­to­col for pri­vate trans­ac­tions on Ethereum, breaks the on-chain link between source and des­ti­na­tion address­es, accord­ing to its web­site. The pro­to­col uses a smart con­tract accept­ing ETH deposits that can be with­drawn by a dif­fer­ent address. The longer the funds remain in the pool before being with­drawn, the greater the pri­va­cy protections.

“While Tor­na­do Cash can be used for ille­gal activ­i­ties, like mon­ey laun­der­ing or tax fraud, many believe that it is a cru­cial tool for main­tain­ing finan­cial anonymi­ty,” Net­SPI Chief Tech­nol­o­gy Offi­cer Travis Hoyt told Blockworks.

“Due to the nature of mix­ers like Tor­na­do Cash obscur­ing trans­ac­tions, con­sumers that lack a full under­stand­ing of crypto’s secu­ri­ty infra­struc­ture may be sus­cep­ti­ble to risks such as inad­ver­tent mon­ey laun­der­ing.” 

Also last week, fed­er­al pros­e­cu­tors in Flori­da seized rough­ly $34 mil­lion worth of cryp­to and Ger­man author­i­ties con­fis­cat­ed about $25 mil­lion worth of bit­coin. The alleged crim­i­nals in both cas­es used mix­ing ser­vices to mask transactions.

But obscur­ing sources of funds through mix­ers is an increas­ing­ly risky option for bad actors, espe­cial­ly when try­ing to move the large quan­ti­ties need­ed to evade sanc­tions, laun­der stolen funds or cash out the pro­ceeds of a dark­net mar­ket­place, accord­ing to Gur­vais Grigg, Chainalysis’s glob­al pub­lic sec­tor chief tech­nol­o­gy officer.

“Mix­ers require the par­tic­i­pa­tion of many users inputting com­pa­ra­ble amounts of cryp­tocur­ren­cy in order to pro­vide the desired obfus­ca­tion, and the liq­uid­i­ty often can’t sup­port this,” he told Blockworks. 

Mri­g­an­ka Pat­tnaik, co-founder and CEO at Merkle Sci­ence, agreed that mix­ers, tum­blers or pri­va­cy coins do not have suf­fi­cient liq­uid­i­ty for indi­vid­u­als to move hun­dreds of mil­lions of dol­lars in untrace­able ways. He not­ed that cash is still the pre­ferred mon­e­tary medi­um for smart criminals.

A Chainal­y­sis report pub­lished in Feb­ru­ary found that while illic­it cryp­to trans­ac­tions reached an all-time high of $14 bil­lion last year, crim­i­nal activity’s share of cryp­tocur­ren­cy trans­ac­tion vol­ume has nev­er been lower.

Grigg not­ed that Chainalysis’s recent­ly pub­li­cized demix­ing capa­bil­i­ties may fur­ther dis­in­cen­tivize mix­er usage for illic­it pur­pos­es. Forbes report­ed in Feb­ru­ary that Chainal­y­sis has a “pre­vi­ous­ly secret foren­sics tool” that was able to demix trans­ac­tions tied to The DAO hack of 2016 and track their out­put to four exchanges.

A Chainal­y­sis spokesper­son declined to share fur­ther details about the blockchain data platform’s demix­ing efficacy.

The latest seizures

Still, alleged crim­i­nals are using the mix­ing services. 

A Flori­da man alleged­ly used an online alias and made more than 100,000 sales of illic­it items and hacked online account infor­ma­tion — such as for HBO, Net­flix and Uber — on sev­er­al dark web mar­ket­places, accord­ing to a Mon­day state­ment.

He used “tum­blers” — mix­ing ser­vices that pool togeth­er mul­ti­ple cryp­tocur­ren­cy trans­ac­tions — and ille­gal dark web mon­ey trans­mit­ter ser­vices to laun­der one cryp­tocur­ren­cy for another. 

The tum­bler dis­trib­utes the cryp­tocur­ren­cy to a des­ig­nat­ed cryp­tocur­ren­cy wal­let at ran­dom times and in ran­dom incre­ments to obscure the orig­i­nal source of funds, offi­cials said. Law enforce­ment agents seized var­i­ous cryp­tocur­ren­cy wal­lets asso­ci­at­ed with the ille­gal dark web conduct.

The seizure came a day before Ger­man author­i­ties revealed Tues­day that the country’s Fed­er­al Crim­i­nal Police Office (BKA) and its Cen­tral Office for Com­bat­ing Inter­net Crime (ZIT) took down servers of Hydra Mar­ket, the world’s largest dark­net mar­ket­place. The agen­cies con­fis­cat­ed about $25 mil­lion worth of bit­coin after an inves­ti­ga­tion that began in August.

Focused on trad­ing ille­gal nar­cotics, the Russ­ian-lan­guage dark­net plat­form had been acces­si­ble through the Tor net­work since at least 2015. Rough­ly 17 mil­lion cus­tomers and 19,000 sell­er accounts were reg­is­tered on the marketplace.

Accord­ing to ZIT and BKA esti­mates, Hydra Market’s sales amount­ed to at least 1.2 bil­lion euros in 2020. The “Bit­coin Bank Mix­er,” a ser­vice for obfus­cat­ing dig­i­tal trans­ac­tions pro­vid­ed by the plat­form, made cryp­to inves­ti­ga­tions extreme­ly dif­fi­cult for law enforce­ment author­i­ties, offi­cials said.

In anoth­er case, funds stolen from Crypto.com in Jan­u­ary were report­ed­ly being moved through Tor­na­do Cash, accord­ing to on-chain data spot­ted at the time by blockchain secu­ri­ty and data ana­lyt­ics com­pa­ny PeckShield.

Tor­na­do Cash co-founder Roman Semen­ov told Coin­Desk that month that the ser­vice was designed to be “unstop­pable,” not­ing that the team has lit­tle con­trol over what its users do with the pro­to­col. That means that once non-upgrade­able soft­ware is deployed on an immutable blockchain like Ethereum, it will oper­ate as long as Ethereum — and by exten­sion the inter­net — does. The pop­u­lar Uniswap decen­tral­ized exchange is anoth­er such example.

A Tor­na­do Cash spokesper­son did not return a request for comment.

The ethos behind mix­ers is to har­bor more finan­cial free­dom and pri­va­cy, bring­ing cash-like anonymi­ty to oth­er­wise pub­lic trans­ac­tion ledgers, by delib­er­ate­ly mak­ing trans­ac­tions hard to reg­u­late, Hoyt said. Such tech­nol­o­gy can be used law­ful­ly or unlaw­ful­ly; the only way to avoid risk com­plete­ly is to not engage at all. 

“While there are a pletho­ra of gen­er­al resources about cryp­to avail­able, the indus­try must pri­or­i­tize edu­ca­tion on the inher­ent secu­ri­ty risks and how to best mit­i­gate these risks,” Hoyt said. “Aside from con­sumers active­ly choos­ing to not uti­lize mix­ers, this is the best way to ensure eth­i­cal cryp­to traders remain protected.”


Get the day’s top cryp­to news and insights deliv­ered to your inbox every evening. Sub­scribe to Block­works’ free newslet­ter now.


  • Ben Strack
    Ben Strack is a Den­ver-based reporter cov­er­ing macro and cryp­to-native funds, finan­cial advi­sors, struc­tured prod­ucts, and the inte­gra­tion of dig­i­tal assets and decen­tral­ized finance (DeFi) into tra­di­tion­al finance. Pri­or to join­ing Block­works, he cov­ered the asset man­age­ment indus­try for Fund Intel­li­gence and was a reporter and edi­tor for var­i­ous local news­pa­pers on Long Island. He grad­u­at­ed from the Uni­ver­si­ty of Mary­land with a degree in journalism.

    Con­tact Ben via email at [email pro­tect­ed]



Source link

Please fol­low and like us:
Pin Share

Leave a Reply

Your email address will not be published. Required fields are marked *