The cornerstone of the modern approach to money laundering is preventing illicit funds from entering the financial system. The reasoning is understandable: if criminals can't use your money, they will eventually have to stop what they are doing and look for a 9-to-5 job.
However, after 20 years of increasingly strict (and increasingly costly) AML regulations, levels of organized crime, tax evasion or drug use show no signs of decreasing. At the same time, the basic right to privacy is ruthlessly violated on a daily basis, and every financial transaction, no matter how small, is subject to extensive verifications and tons of paperwork. See Part 1 of this story for details and numbers.
This raises a question: should we reconsider our approach to AML strategy?
Two years ago, fintech author David GW Birch wrote a article for Forbes, reflecting on the fundamental principle of AML: access control. The key idea could be summarized as “instead of trying to prevent criminals from entering the system, we let them in and monitor what they are doing.”
Indeed, why do we erect expensive anti-money laundering barriers and force bad guys to resort to hard-to-trace cash or artwork, while we can simply let them in and follow the money to hunt them down? To do this, we can use both the existing reporting system within traditional finance and on-chain analytics within blockchain. However, while the former is more or less understandable, the latter remains a mystery to most people. What's more, politicians and bankers regularly accuse cryptocurrencies of being a tool for criminals, tax evaders, and all manner of Satan worshipers, further exacerbating the misunderstanding.
To shed more light on this issue, we need to better understand how chain analysis works. However, it is not an obvious task: blockchain analysis methods are often proprietary, and analysis companies that share them could risk losing their commercial advantage. However, some of them, such as Chainalysis, publish fairly detailed documentation, while Luxembourg firm Scorechain agreed to share some details of its business for this story. Combining this data can give us a good idea of the potential and limitations of chain analysis.
How does chain analysis work?
The blockchain is transparent and auditable by anyone. However, not everyone is able to draw meaningful conclusions from the countless data sets that comprise it. Collecting data, identifying the entities, and putting the conclusions into a readable format is the specialty of on-chain analytics companies.
It all starts with obtaining a copy of the ledger, that is, synchronizing the internal software with the blockchains.
Then a tedious mapping stage begins. How can we know that this address belongs to an exchange and this one to a darknet market? Analysts use all their creativity and ingenuity to try to remove pseudonymization from the blockchain as much as they can. Any technique is good as long as it works: collecting open source data from law enforcement, crawling websites, browsing Twitter-X and other social networks, acquiring data from specialized blockchain explorers like Etherscan, following the trail of funds stolen from request of the lawyers. …Some services are identified by interacting with them, that is, sending funds to centralized exchanges to identify their addresses. To reduce errors, data is often cross-checked with different sources.
Once the addresses are identified as best as possible, you can see a little more clearly into the maze of transaction hashes. However, the picture is still far from complete. If for account-based blockchains like ethereum, identifying an address allows you to track your funds in a fairly simple way, for UTXO blockchains like bitcoin, the situation is much less obvious.
In fact, unlike ethereum, which keeps track of addresses, the bitcoin blockchain keeps track of the results of unspent transactions (UTXO). Each transaction always sends all coins associated with an address. If a person wants to spend only a portion of their coins, the unspent portion, also known as change, is assigned to a newly created address controlled by the sender.
It is the job of on-chain analytics companies to make sense of these movements and determine groups of UTXOs associated with the same entity.
Can chain analysis be trusted?
Chain analysis is not an exact science. Both UTXO mapping and clustering are based on experience and a set of carefully calibrated heuristics that each company has developed itself.
This issue was highlighted last July in the court hearing involving Chainalysis, which had provided forensic expertise in the United States v. Sterlingov case. The representative of the firm. accepted that not only were its methods not peer-reviewed or otherwise scientifically validated, but the company also failed to track its false positives. In defense of Chainalysis, the first point is understandable: the methods each company uses to analyze the blockchain are closely guarded trade secrets. However, the issue of false positives needs to be better addressed, especially if they can end up sending someone to jail.
Scorechain uses a different approach, erring on the side of caution and only choosing methods that do not generate false positives in the clustering process, such as the multiple input heuristic (assumption that in a single transaction all input addresses come from one entity). . Unlike Chainalysis, they do not use any switching heuristics, which produces many false positives. In some cases, your team can manually track UTXOs if a human operator has enough reason to do so, but in general, this approach tolerates blind spots, relying on additional information to fill them in the future.
The very notion of heuristics – that is, strategies that employ a practical but not necessarily scientifically proven approach to problem solving – means that it cannot guarantee 100% reliability. It is the result that measures its effectiveness. That the FBI claims that Chainalysis's methods are “generally reliable” could serve as proof of quality, but it would be better if all chain analysis companies could start measuring and sharing their false positive and false negative rates.
Seeing through the fog
There are ways to hide the trail of funds or make them harder to find. Cryptocurrency hackers and scammers are known to use all kinds of techniques: chain hopping, privacy blockchains, mixers…
Some of them, such as exchange or asset bridge, can be tracked by on-chain analysis companies. Others, such as the privacy chain Monero, or various mixers and tumblers, often fail to do so. There was, however,crypto-ceo-likely-stole-11-billion-of-ether/?sh=24fc27b47f58″> instances when Chainalysis claimed to have unmixed transactions passed through a mixer, and more recently the Finnish authorities Announced who have tracked Monero transactions as part of an investigation.
In any case, the very fact of having used these masking techniques is highly visible and can serve as a red flag for any anti-money laundering purposes. An example of this is that the US Treasury added the Tornado Cash mixer smart contract address to the OFAC list last year. Now, when the history of the coins is traced back to this mixer, the funds are suspected to belong to illicit actors. This is not great news for privacy advocates, but rather reassuring for crypto AML.
One might wonder what is the point of marking mixed coins and tracking them through blockchains if we don't have a concrete person to link them to, like in the banking system. Fortunately, criminals have to interact with the non-criminal world, and tainted money sooner or later ends up with suppliers of goods or services, or in a bank account, and this is where law enforcement can identify the real people. This is how the FBI achieved the greatest success in its history Seizure of $4.5 billion in bitcoin (at 2022 prices) after the Bitfinex hack. This also works the other way around: if law enforcement gains access to a criminal's private keys, they can scroll through blockchain history to identify the addresses that interacted with them at some point. This is how the London Metropolitan Police uncovered an entire drug trafficking network from a single arrest (source: crypto Crime 2023 report by Chainalysis).
Crime has existed since the dawn of humanity and will probably accompany it until its end, using constantly evolving camouflage techniques. Fortunately, crime detection methods are following suit and it turns out that blockchain is an ideal environment for implementing digital forensic tools. After all, it is transparent and accessible to everyone (which, by the way, cannot be said about the banking sector).
One can argue that current chain analysis methods need to be improved, and that point is true. However, it is clear that even in this imperfect form it is already an effective tool for tracking down the bad guys in the chain. So perhaps it's time to reconsider our approach to anti-money laundering and let criminals onto the blockchain?
Special thanks to the Scorechain team for sharing their knowledge.
This is a guest post by Marie Potterieva. The opinions expressed are entirely their own and do not necessarily reflect those of btc Inc or bitcoin Magazine.
