How investigators track cryptocriminals
A version of this article was published in TIME’s Into the Metaverse newsletter. Subscribe to a weekly guide to the future of the Internet. You can find previous editions of the newsletter here.
Criminals have increasingly turned to cryptocurrencies to hide illegal activities over the past decade, and The cable reporter Andy Greenberg has been covering their movements since the beginning. His new book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, however, is focused on the enemies of crypto-fraudsters and criminals: the federal agents who used the transparent properties of the blockchain to closely track down ne’er-do-wells and put them behind bars.
For example, the book tells the story of how blockchain tracking techniques led to the arrest of 337 people who participated in a sinister dark web network that shared child pornography. These users believed their identities were secure due to the network’s use of Bitcoin. But it was precisely the open nature of Bitcoin transactions that allowed anyone to be tracked down and arrested.
Greenberg’s book (Doubleday) comes in an era of increasing crypto fraud, including the $400 million hack of the now insolvent exchange FTX. In a phone call, Greenberg talked about the status of that hack and the dangers of both anonymity and online surveillance.
Excerpts from the conversation are below.
How did you come to write a book about tracking crime across the blockchain?
The reporting goes back to 2011. Around that time I was obsessed with this group called the Cypherpunks, a movement of mainly libertarians who in the 1990s started dreaming of using encryption technologies to try to take power from governments and corporations and give it to individuals . That’s when I learned about what seemed like a Cypherpunk invention, which was Bitcoin.
What was remarkable about Bitcoin at the time was not just buying a cup of coffee – but also, just like cash, you could put a bunch of unmarked notes in a suitcase and send it around the world without revealing anything about your identity. Bitcoin seemed like it could be anonymous and untraceable. As someone who was interested in this world of cybercrime and surveillance evasion, it seemed like this was going to unlock a whole new world of cybercrime and money laundering and drug trafficking and cybercrime.
It definitely happened. But it took me a decade to realize how opposite of untraceable Bitcoin really was. Cryptocurrency tracking was not only possible, but an incredibly powerful investigative technique. And in the hands of a small group of detectives, it led to the disruption of one massive cybercriminal operation after another, each bigger than the last.
Let’s talk about some big news at the moment: this month, FTX founder Sam Bankman-Fried admitted that his crypto exchange commingled client funds with his investment firm Alameda Research. Why didn’t anyone find proof of this on the blockchain until now?
It’s fascinating to see that in the midst of this golden age of crypto tracking, where so many known bad actors were tracked and identified and charged and jailed through crypto tracking, this huge black hole of financial irresponsibility or negligence happened right under our noses, but escaped notice.
I think it’s partly because it was seen as a legitimate player in the crypto economy. It wasn’t a black market trying to evade surveillance. But I don’t know if the dangerous money flows from FTX to Alameda were visible on the blockchain, or if they happened at another level in the company’s accounting systems.
It is worth noting that there has been this apparent theft of approximately half a billion dollars of FTX’s funds. It appears that there is a real crime in progress.
The interesting thing about the crypto properties is that we can all see half a billion dollars moving around the blockchain. Many of the main characters in my book see the money moving. It will be very difficult for whoever took that cryptocurrency from FTX to withdraw it without being identified. We will almost certainly get answers about who took the money.
You see this with so many of these robberies: someone steals a huge amount and is left with the very difficult problem of what to do with it. Very often you see them freeze for years. The problem isn’t stealing it: it’s far too easy. It’s getting away with it, and laundering that money in a way where you can actually use it for something.
Do you think most crypto users in 2022 understand the lack of privacy?
I think the majority of crypto users probably don’t care if it’s anonymous or private at all: They just buy it as a speculative investment. For people seeking financial privacy, they have realized that most cryptos, and certainly Bitcoin, are anything but private. You see it in part in the way they are shifting to more private currencies, like Monero and Zcash. You also see it in the way the most prolific cryptocriminals seem to be in places where it doesn’t matter if they can be traced, like Russia and North Korea.
I think there is still a shrinking but existing group of people who believe they are one step ahead of law enforcement and surveillance. But it’s very easy to think you’re doing enough to avoid this tracking when you’re not. And there’s an entire industry of very bright and well-funded people whose job it is to find ways to surprise you and track the seemingly untrackable.
How have both law enforcement agencies and independent tracking companies stepped up their game since the bulk of the reporting in your book took place?
When Tigran Gambaryan [the IRS agent and investigator who is a main character of Greenberg’s book] tracking down corrupt Secret Service agents, he worked essentially on his own, after hours, and did so without any real tools. Now, if you flash forward to 2022, IRS criminal investigators have routinely used this technique to make the first, second, and third largest seizures of money of any kind in Justice Department history. There are entire teams at probably every major law enforcement agency in the US and probably others around the world that use this fluently. I know there are full time crypto trackers in the FBI, DEA and IRS.
But also, there’s this whole arsenal of tools created by an entire industry of companies, first by Chainalysis, which was the first startup to focus on Bitcoin tracking as a business. Now they compete with Elliptic, TRM Labs, CipherTrace and more every day.
Read more: Inside the chess match that led the Feds to $3.6 billion in stolen Bitcoin
The cat-and-mouse game is only going to continue—or at least, the feline side of it is becoming so groundbreaking. They are all competing to come up with new techniques to track people’s money.
It also means that these tools are becoming a commodity. If you’re a law enforcement agency that doesn’t know how to track cryptocurrency, you don’t need to learn. You can just pay for a contract with one of these companies that will give you super polished tools to do it and teach you how to do it.
At the end of your book, cryptography professor and tracking pioneer Sarah Meiklejohn expresses dismay at how this kind of power can be used by oppressive governments.
One scenario is that people might want to use crypto as a means to pay for abortions in states where it is illegal. Now it can be tracked. Internationally, it is even more startling to think how there will be Russian, Chinese or other powerful repressive regimes using this tool to crack down on people seeking financial privacy or raising money for dissent or resistance or activism.
There is no doubt that this is a complicated ability, ethically speaking. I’m not necessarily saying that Chainalysis or the US government will abuse it. But it seems clear at some point that these capabilities will be available to regimes we would rather not give new surveillance powers to.
When I was working on this book, I dreaded telling a whole story from the perspective of law enforcement: I didn’t want to tell a simple cops-and-robbers story. So much of the narrative came from federal agents and prosecutors, and I felt I really needed to offer the perspective of someone who could set this straight. Luckily for me, Sarah serves as the story’s conscience. She invented so many of these techniques but decided not to work for the crypto tracking industry. She is a super thoughtful person who can talk about the not so good ways that crypto can be traced so easily.
In August, the Ministry of Finance became sanctioned Tornado Cash, a privacy-preserving blockchain tool, claiming it was “a significant threat to the national security” of the United States. Its defenders have filed lawsuits, arguing that to ban it would be to make privacy a crime. What do you think about this legal battle?
I don’t think the future of crypto privacy depends on the outcome of this one case. There will be other decentralized mixing services, and there are tools like ZCash and other alternative cryptocurrencies that already seem very difficult to track. As these tools become more widely used, new both technical and political battles will arise over these things.
I think untraceable transactions may still be possible – and a world of true financial privacy may still come, for better or for worse. Some of it will no doubt be punishable.
- For more of TIME’s coverage of the future of the internet, subscribe to our Into the Metaverse newsletter by clicking here.
Join TIMEPieces at Twitter and Discord
More must-reads from TIME