Samurai Wallet: Breaking a Dangerous Precedent

On Wednesday, the founders of Bitcoin privacy wallet Samourai Wallet were arrested and indicted on behalf of the U.S. government. The indictment could set a dangerous precedent beyond Bitcoin privacy services.

“If your government is worried about its citizens controlling their own money, the most important question you should ask is, ‘What is wrong with our government?’”

– Andreas Antonopoulos

Last Wednesday, Samourai Wallet founders Keonne Rodriguez and William Hill were arrested and charged with conspiracy to launder money and conspiracy to operate an unlicensed financial services business in the U.S. District Court for the Southern District of New York. The indictment alleges that Samourai Wallet “facilitated more than $100 million in money laundering transactions in illicit dark web markets.”

Defining non-custodial wallets as money service businesses and prosecuting wallet administrators accordingly could set a dangerous precedent in the broader Bitcoin space, could have implications for freedom on the internet, and would essentially put all individuals, organizations, and organizations in danger. It could put you at risk. A technique for transferring financial transactions without exercising control over the funds.

Can a non-custodial wallet be a money services business?

FinCEN’s 2019 guidance for persons who manage, exchange, or use virtual currencies defines a money transmitter as “a person who provides money transfer services” or “any other person who engages in the transfer of funds.” According to the guidelines, “the sender initiates the transaction that the sender actually executes.”

The guidelines also define the term “money transfer service” to mean the acceptance of currency, funds or other value as a substitute for currency from a person.

The transfer of currency, funds, or other value substitutes for currency by any means to another place or person.”

As a non-custodial Bitcoin wallet, the operator of Samourai Wallet does not manage user funds and therefore cannot technically “accept” deposits or “execute” fund transfers. On an unlicensed receipt

Transfer of funds, including funds deposited in Samourai wallets by secretive law enforcement agencies located in the Southern District of New York.”

However, technically speaking, the agents deposited funds into an application running locally on their own devices without the involvement of Samourai operators. The prosecution pinpointed this situation throughout the prosecution. “The private keys of these cryptocurrency addresses are stored on each user’s personal mobile phone”, “These private keys are not shared with Samourai employees”, “The Samourai software on the user’s mobile phone broadcasts the transaction to the blockchain.”

The indictment still alleges that Samurai Wallet “facilitates transactions between Samurai users.” This is clearly a false claim in light of the fact that CoinJoin transactions do not facilitate transactions between users at all, but rather create shared transactions that are consumed by all users. their own funds.

The indictment repeatedly alleges that Samourai creates “new addresses” used during transactions and that “Samourai servers are responsible” for broadcasting the transactions. This claim is also technically incorrect as transactions are only created on the user’s device and not only on Samourai. If a user chooses to broadcast a transaction through Samourai’s node, it will broadcast the transaction on the user’s behalf. For anyone running their own node with Samourai Wallet, known as a “Dojo”, transactions are broadcast directly by the user.

Figures provided by node provider Ronin Dojo show that up to 85% of Whirlpool users run their own Dojo. It remains to be seen whether organized criminals will rely on the nodes provided by Samourai Wallet, as gaining knowledge of users’ extended public keys allows operators to effectively de-anonymize transactions, an often-criticized design choice in Samourai Wallet’s architecture. I wonder. In particular, there is no mention of ‘seal’ in the indictment.

DoJ Challenges FinCEN Guidance

The indictment against Samurai appears to suggest that the Justice Department does not believe FinCEN guidelines apply, as reflected in the language used to describe Samurai’s services. Here the prosecution refers to the broadcasting of transactions, the operation of centralized servers and the subsequent collection of fees. Services provided:

“Samurai servers are responsible for broadcasting Ricochet transactions to the BTC network (…) From Whirlpool and Ricochet, RODRIGUEZ and HILL earned at least $4 million in fees.”

The DoJ’s argument appears to be more consistent with the recommendations recently released by the Financial Action Task Force. FATF, an intergovernmental organization established by the G7 in 1989 to combat money laundering and terrorist financing risks, is not a regulatory body, but the task force’s recommendations are known to form the basis for informing AML/CFT regulations around the world.

In its recommendations released in 2021, the FATF defines a virtual asset service provider as a “decentralized exchange or platform” that “has a central party with some degree of participation or control, including developing a user interface for accounts that hold custodial keys.” expanded to . “” or “fee”.

Following the logic presented by FATF, it appears that the development of individuals, organizations or technologies that interface with financial transactions may require a monetary services business license. In particular, the new AML package adopted by the European Parliament last week aimed to update current AML regulations in line with FATF recommendations, particularly exempt self-managed services.

A similar attempt to circumvent FinCEN guidelines is currently being made in the Tornado Cash case. In a dissent issued April 26, prosecutors argued that the definition of remittance “does not require that the sender “control” the funds being transferred, emphasizing that Section 1960 of the United States Code, which codifies permanent federal law, do. Expands the definition of transfer of funds to “transfer of funds on behalf of the public by any means.”

According to the Justice Department’s interpretation, AT&T needs a financial services business license to give customers access to PayPal, ISPs need a financial services business license to give users access to online banking services, and postal workers need a financial services business license to give their users access to PayPal. You need this. Delivering cash by mail requires a Money Services Business License to hand out change at grocery stores, and Telegram, WhatsApp, Signal and X (formerly Twitter) require currency services if users utilize the platform to share PSBT or Lightning A service business license is required. Invoice – All these services hereafter are deemed to require full customer confirmation.

Is KYC possible on the Bitcoin network?

The indictment has sent ripples through the Bitcoin ecosystem and thrown everyone involved in broadcasting Bitcoin transactions into uncertainty, including Bitcoin miners and node operators. The non-custodial Lightning wallet Phoenix has since been presentation Operations in the United States ceased. Wasabi Wallet, a privacy-first Bitcoin wallet, has banned US users from accessing its services and software.

Reading the indictment, it appears that everything we know about the regulatory aspects of money transfers may have been misapplied because the indictment goes so far as to attempt to criminalize self-spending. According to the indictment, self-spending, as evidenced by coinjoins and Samourai’s Ricochet, “further obscures the ownership of the funds.” However, any Bitcoin wallet allows users to generate their own spending and essentially circumvent blockchain surveillance mechanisms and censorship, further muddying the regulatory waters.

The basis for introducing KYC to the Bitcoin network was studied through the MIT ChainAnchor project in early 2016. The project sought to prevent unregistered users from mining transactions in blocks by introducing identities and permission groups to the blockchain.

Due to miner centralization, approximately 47% of hashrate mining rewards are managed by a single custodian, including pools from AntPool, F2Pool, Binance Pool, Braiins, btcom, SECPOOL and Poolin, the KYC scheme for the Bitcoin network is It may not be that far away. I brought it. In 2023, F2Pool has already begun censoring transactions under the OFAC sanctions list.

After the Samourai founders were indicted, the FBI issued a PSA on cryptocurrency financial services businesses, warning the public to avoid services that do not require them to know customer information.

If a non-custodial service operation is determined to be classified as a transfer of funds, it could open the door to enforcing KYC on the communications protocols the service operates on, from Nostr to WiFi hotspots and telecom providers. If it were absurd, it could be argued that KYC registration is required when using the highway or purchasing a briefcase.

KYC initiatives on the internet have been around since 2014, when the US government attempted to introduce an “internet driver’s license” similar to plans to introduce digital identities around the world.

It is important to note that the treatment of Samourai’s founders, currently in pre-trial detention, cannot be compared to the handling of alleged financial crimes around the world. Since 2000, traditional financial institutions such as UBS, JP Morgan, and Bank of America have been fined more than $380 billion. The argument that traditional banks are primarily used for legitimate transactions can also apply to Samourai Wallet. That’s because the indictment alleges illicit fund transfers, representing only 3.6% of Samourai’s total transaction volume, leaving 96.4% of legitimate use.

Samourai’s case was assigned to Judge Richard M. Berman, who previously handled the Jeffrey Epstein case. In 2005, Berman ruled that police random searches of passengers’ bags on New York City subways did not violate the U.S. Constitution.

This is a guest post by L0la L33tz. The opinions expressed are solely personal and do not necessarily reflect the opinions of BTC Inc or Bitcoin Magazine.