KYC, Bitcoin, and the Failed Hope of AML Policy: Tracking Funds On-Chain
A cornerstone of the modern approach to money laundering is preventing illicit funds from entering the financial system. The rationale is understandable. When a criminal is unable to use his money, he is eventually forced to stop whatever he is doing and get a 9 to 5 job.
But after two decades of increasingly stringent and costly AML regulations, levels of organized crime, tax evasion and drug use show no signs of abating. At the same time, the fundamental right to privacy is unknowingly violated every day, and each financial transaction, no matter how small, is subject to extensive verification and mountains of paperwork. Check out Part 1 of this story for more details and numbers.
This prompts the question: Should we rethink our approach to AML strategies?
Two years ago, fintech writer David GW Birch wrote an article for Forbes reflecting on a key tenet of AML: gatekeeping. The core idea is that “instead of preventing criminals from breaking into the system, we let them in and monitor what they are doing.”
Indeed, why would we set up expensive AML gates and force the bad guys to find hard-to-trace cash or works of art, while at the same time letting them in and tracking them down by following the money? To do this, we can use both existing reporting systems within traditional finance and on-chain analytics within blockchain. However, while the former is somewhat easy to understand, the latter is still a mystery to most people. Moreover, politicians and bankers regularly accuse cryptocurrencies of being a tool for criminals, tax evaders, and Satanists of all kinds, further exacerbating the misconception.
To shed more light on this issue, we need to better understand how on-chain analytics works. But this is not an obvious task. Blockchain analytics methods are often proprietary, and analytics companies that share them risk losing their business edge. However, some companies, such as Chainalytic, have published somewhat detailed documents, and Luxembourg company Scorechain has agreed to share transaction details for this story. Combining this data can give us a good idea of the potential and limitations of on-chain analytics.
How does on-chain analytics work?
Blockchain is transparent and auditable by anyone. However, not everyone can draw meaningful conclusions from the numerous data sets they have constructed. Collecting data, identifying entities, and writing conclusions in a readable format is the specialty of on-chain analytics companies.
It all starts with obtaining a copy of the ledger, i.e. synchronizing the internal software with the blockchain.
Then the tedious mapping phase begins. How do I know that this address belongs to an exchange and that this address belongs to a darknet marketplace? Analysts use all their creativity and resourcefulness to de-identify blockchains as much as possible. Any technology is good as long as it works. Collecting open source data from law enforcement agencies, scraping websites, browsing Twitter-X and other social media, acquiring data from specialized blockchain explorers like Etherscan, tracking stolen funds at the request of lawyers… Some services are identified through interaction. This means sending your funds to a centralized exchange to identify your address. To reduce errors, data is often cross-checked with other sources.
Once an address has been identified to the best of its ability, it can be seen more clearly in the maze of transaction hashes. However, the picture is not yet complete. For account-based blockchains like Ethereum, identifying the address allows you to track funds in a rather simple way, but for UTXO blockchains like Bitcoin, things are much less clear.
Unlike Ethereum, which actually tracks addresses, the Bitcoin blockchain tracks unspent transaction outputs (UTXOs). Each transaction always sends all coins associated with the address. If you only want to use a portion of your coins, the unspent portion (also known as change) is assigned to a newly created address controlled by the sender.
It is the job of on-chain analytics companies to understand these movements and determine clusters of UTXOs associated with the same objects.
Can you trust on-chain analytics?
On-chain analysis is not an exact science. UTXO’s mapping and clustering both rely on experience and a carefully tuned set of heuristics developed by each company in-house.
This issue was highlighted in a court hearing last July involving Chainalytic, which provided forensic expertise in the case United States v. Sterlingov. A representative for the company acknowledged that not only were the company’s methods not peer-reviewed or scientifically validated, but the company did not track false positives. The first point in the Chainalytic defense is understandable. The methods each company uses to analyze blockchains are closely guarded trade secrets. But the problem of false positives needs to be better addressed, especially when it could send someone to jail.
Scorechain takes a different approach, being careful and only choosing methods that do not produce false positives in the clustering process, such as the multi-input heuristic (which assumes that all input addresses in a single transaction come from one entity). . Unlike Chainalytic, they do not use a change heuristic that generates many false positives. In some cases, teams can manually track UTXOs if a human operator has good reason to do so, but overall, this approach allows for blind spots and relies on additional information to fill them in the future.
The very idea of a heuristic, a strategy that uses a practical but not necessarily scientifically proven approach to problem solving, means that it cannot be guaranteed to be 100% reliable. It is the results that measure its effectiveness. The FBI, which says Chainalytic’s methods are “generally reliable,” can attest to their quality, but it would be better if all on-chain analytics companies could measure and share their false positive and false positive rates.
visible through the fog
There are ways to obfuscate your money trail or make it harder to find. Cryptocurrency hackers and fraudsters are known to use all kinds of techniques, including chain hopping, privacy blockchains, and mixers.
Some, such as asset exchanges or connections, can be tracked by on-chain analytics companies. Other products, such as privacy chain Monero or various mixers and tumblers, often do not. However, there have also been instances where Chainalysis claimed to have segregated transactions through mixers, and most recently, Finnish authorities announced they had been tracking Monero transactions as part of their investigation.
In any case, the fact that these masking techniques have been used is very noticeable and can act as a red flag for all AML purposes. One such example is the U.S. Treasury’s addition of Tornado Cash Mixer’s smart contract address to the OFAC list last year. Now, tracing the history of those coins back to this mixer raises suspicions that the funds belong to illicit actors. This is not good news for privacy advocates, but it is reassuring news for cryptocurrency AML.
You might ask, what’s the point of flagging mixed coins and tracking them through the blockchain if there’s no specific person to lock the coins, like in a banking system? Fortunately, criminals have to interact with the non-criminal world, and sooner or later the tainted money ends up in a goods or service provider or bank account, where law enforcement can identify the real person. This is how the FBI seized $4.5 billion worth of Bitcoin (at 2022 prices) following the Bitfinex hack, the largest ever. This also works in reverse. Once law enforcement has access to a criminal’s private keys, they can move up the blockchain history to identify addresses they interacted with at some point. This is how London police uncovered an entire drug trafficking network with a single arrest (Source: Chainalytic’s Crypto Crime 2023 report).
Crime has existed since the dawn of humanity, and will probably be with us until the end of time, using evolving camouflage techniques. Luckily, crime detection methods follow suit, and blockchain is an ideal environment for deploying digital forensics tools. After all, it is transparent and accessible to everyone (which, by the way, cannot be said about the banking sector).
It could be argued that current on-chain analysis methods need to be improved, and that point is true. But even in this imperfect form, it’s already clear that it’s an effective tool for tracking down bad guys within the chain. So is it time to rethink our approach to AML and bring criminals to the blockchain?
Special thanks to the Scorechain team for sharing their knowledge.
This is a guest post by Marie Poterieva. The opinions expressed are solely personal and do not necessarily reflect the opinions of BTC Inc or Bitcoin Magazine.