As public understanding of how digital assets work becomes more nuanced along with the mainstreaming of crypto, the language of Bitcoin’s (BTC) “anonymity” gradually becomes a thing of the past. High-profile law enforcement operations such as the one that recently led to the U.S. government seizing some $3.6 billion worth of crypto are particularly instrumental in driving home the idea that assets whose transaction history is recorded on an open, distributed ledger are better described as “pseudonymous,” and that such a design is not particularly favorable for those wishing to get away with stolen funds.
No matter how hard criminals try to obscure the movement of ill-gotten digital money, at some point in the transaction chain they are likely to invoke addresses to which personal details have been tied. Here is how it went down in the Bitfinex case, according to the documents made public by the U.S. government.
Too comfortable too early
A fascinating statement by a special agent assigned to the Internal Revenue Service, Criminal Investigation (IRS-CI) details a process whereby the U.S. federal government’s operatives got a whiff of the couple suspected of laundering the money stolen in the 2016 Bitfinex hack.
The document describes a large-scale operation to conceal the traces of stolen Bitcoin that involved thousands of transactions passing through multiple transit hubs such as darknet marketplaces, self-hosted wallets and centralized cryptocurrency exchanges.
In the first step, the suspects ran the crypto earmarked as being looted in the Bitfinex heist through darknet market AlphaBay. From there, a portion of funds traveled to six accounts on various crypto exchanges that were, as investigators later found, all registered using email accounts hosted by the same provider in India. The emails shared similar naming styles, while the accounts exhibited similar patterns of trading behavior.
Related: Making sense of the Bitfinex Bitcoin billions
The chain wore on, and the BTC that law enforcement followed was further funneled to a slew of self-hosted wallets and other exchange accounts, a few of them registered in the real name of one of the suspects. Following along the investigators’ narrative, a reader eventually gets an impression that, at one point, Ilya Lichtenstein and Heather Morgan felt that they had done enough to cover up their tracks and that they could spend some of the money on themselves.
That was it: Gold bars and a Walmart gift card, purchased using the funds traceable back to the Bitfinex hack and delivered to Lichtenstein and Morgan’s home address. Everything was right there on the ledger. The resulting report reads as a compelling description of a crime that has been reverse-engineered using an immutable record of transactions.
Following the money
The scale of the investigation was perhaps even more formidable than that of the laundering operation. Despite the suspects’ years-long efforts to obscure the movement of the funds, government agents were able to gradually unravel the paths by which the majority of stolen BTC traveled, and ultimately seize it. This goes to show that the U.S. government’s capacity to follow the money on the blockchain is at least on par with the tactics that the people behind some of the major crypto heists are using to escape the law.
Speaking of the investigation, Marina Khaustova, chief executive officer at Crystal Blockchain Analytics, noted that the Bitfinex case is an especially hard one to crack due to the sheer amount of stolen funds and the perpetrators’ extensive efforts to conceal their operations. She commented to Cointelegraph:
“Any case of this size, which has been running for years, it will no doubt take a long time for financial investigators to examine and understand the data they have before using it as evidence.”
The U.S. government agents were well-resourced and had access to state-of-the-art blockchain analytics software as they tackled the case. It is no secret that some of the leading players of the blockchain intelligence industry supply law enforcement in multiple countries, the United States included, with software solutions for digital asset tracing.
One possible explanation of why Lichtenstein and Morgan ultimately got busted is the seeming nonchalance with which they abandoned caution and began spending the allegedly laundered funds in their own name. Were they simply not smart enough, or is it because law enforcement has gone unprecedentedly deep into the transaction chain, deeper than the suspects could reasonably expect?
Khaustova thinks that there was “a bit of carelessness to the methods employed” as the suspects let investigators obtain one of the key documents – which allowed them to link email addresses to exchanges, KYC records and personal accounts – from cloud storage.
Yet, it is also true that there is a point where any crypto launderer has to step out of the shadows and turn the stolen funds into goods and services they can use, at which point, they become vulnerable to deanonymization. The Bitfinex investigation showed that, if law enforcement is bent on tracing the suspects to that point of “cashing out,” there is little that criminals can do to avoid getting caught.
A case to be made
The big-picture takeaway here is that governments — the U.S. government in particular, but many others are not too far behind when it comes to bolstering their blockchain-tracing capacities — are already up to speed with the tactics and techniques that crypto launderers are using. The blockchain’s perfect traceability could have been a theoretical argument some years ago, but now it is an empirically proven reality, as evidenced by enforcement practice.
There are two big reasons why this notion is good for the crypto industry. One is that there could be some degree of recourse for the victims of major crypto heists. Granted, not every instance of crypto theft will attract the scarce attention of federal investigators, but the most high-profile and egregious ones certainly will.
Another powerful consequence of law enforcement’s newfound prowess with blockchain tracing is that it renders some regulators’ tired argument of “crypto as a perfect tool for money laundering” obsolete. As real-life cases demonstrate, digital assets are, in fact, opposite to that. Hammering this point into policymakers’ minds will eventually moot one of the fundamental anti-crypto narratives.