The cornerstone of the modern approach to money laundering is to prevent illicit funds from entering the financial system. The rationale is understandable: If criminals can't use their money, they'll eventually have to stop whatever they're doing and go get a 9-to-5 job.
However, after twenty years of stricter (and more expensive) anti-money laundering regulations, levels of organized crime, tax evasion, or drug use show no signs of decreasing. At the same time, the fundamental right to privacy is being unceremoniously violated on a daily basis, as every financial transaction, no matter how small, is subject to extensive checks and tons of paperwork. Check out part one of this story for details and numbers.
This raises the question: Should we reconsider our approach to anti-money laundering strategy?
Two years ago, fintech author David J. W. Birch wrote an article for Forbes magazine, reflecting on the key principle of anti-money laundering – gatekeeping. The main idea can be resumed as follows: “Instead of trying to prevent criminals from entering the system, we let them in and monitor what they are up to.”
Indeed, why set up expensive anti-money laundering gates and force the bad guys to resort to hard-to-trace cash or artwork, when we can simply let them in and follow the money to chase them? To do this, we can use both the existing reporting system within traditional finance and existing on-chain analytics within blockchain. However, while the former is somewhat understandable, the latter remains a mystery to most people. Furthermore, politicians and bankers regularly accuse cryptocurrencies of being a tool for criminals, tax evaders, and all kinds of Satanists, exacerbating misunderstandings.
To shed more light on this issue, we need to better understand how on-chain analytics work. However, it is not a straightforward task: blockchain analysis methods are often proprietary, and analytics companies that share them may risk losing their commercial edge. However, some of them, such as Chainalysis, publish fairly detailed documentation, while Luxembourg company Scorchin agreed to share some of its trading details for this story. Combining this data can give us a good idea of the capabilities and limitations of on-chain analytics.
How does on-chain analytics work?
The blockchain is transparent and auditable by anyone. However, not everyone is able to draw meaningful conclusions from the countless data sets that make up them. Collecting data, identifying entities, and putting conclusions into a readable format is the specialty of on-chain analytics companies.
It all starts with having a copy of the ledger, i.e. synchronizing the internal software with the blockchains.
Then begins the arduous phase of mapping. How do we know that this address belongs to the exchange, and this address belongs to the dark web market? Analysts use all their creativity and resourcefulness to try to remove pseudonymization from the blockchain as much as they can. Any technology is good as long as it works: collecting open source data from law enforcement, scanning websites, navigating Twitter-X and other social media, obtaining data from specialized blockchain explorers like Etherscan, and following the trail of stolen funds based on lawyers' requests. …Some services are learned by interacting with them, i.e. sending funds to central exchanges to learn their addresses. To reduce errors, data is often verified with different sources.
Once the addresses are identified to the best of one's ability, one can see a little more clearly into the maze of transaction hashes. However, the picture is still far from complete. If specifying an address for account-based blockchains like Ethereum allows tracking their funds in a fairly straightforward way, the situation is much less clear for UTXO blockchains like Bitcoin.
In fact, unlike Ethereum, which tracks addresses, the Bitcoin blockchain tracks unspent transaction outputs (UTXO). Each transaction always sends all the coins associated with the address. If a person wishes to spend only a portion of their coins, the unspent portion, also known as change, is assigned to a newly created address controlled by the sender.
It is the job of on-chain analytics companies to understand these movements and identify groups of UTXOs associated with the same entity.
Can on-chain analytics be trusted?
On-chain analytics is not an exact science. Both mapping and grouping of UTXOs are based on experience and a carefully calibrated set of heuristics that each company has developed for itself.
This issue was highlighted last July in a court hearing involving Chainalysis, which provided its forensic expertise in United States v. Sterlinghoff. A company representative admitted that not only were its methods not peer-reviewed or scientifically validated, but the company also did not track its false positives. In defense of Chainalysis, the first point is understandable: the methods each company uses to analyze the blockchain are closely guarded trade secrets. However, the issue of false positives needs to be better addressed, especially if they could end up sending someone to prison.
Scorechain uses a different approach, erring on the side of caution and only choosing methods that do not generate false positives in the aggregation process, such as multi-input heuristics (assuming that in a single transaction, all input addresses come from a single entity). Unlike Chainalysis analysis, they do not use any change heuristics, which produces a lot of false positives. In some cases, their team could track UTXOs manually if a human operator had sufficient reasons to do so, but in general, this approach tolerated blind spots, relying on additional information in the future that would fill them in.
The very idea of heuristics—that is, strategies that use a practical but not necessarily scientifically proven approach to solving problems—implies that they cannot guarantee 100% reliability. The result is what measures its effectiveness. The FBI's statement that Chainalysis' methods are “generally reliable” could serve as evidence of quality, but it would be better if all on-chain analytics companies started measuring and sharing their false positive and negative rates.
Seeing through the fog
There are ways to obfuscate the money trail or make it more difficult to find. Cryptocurrency hackers and scammers are known to use all kinds of techniques: chain hopping, privacy blockchains, mixers…
Some, such as swapping or bridging assets, can be tracked by on-chain analysis firms. Others, like the Monero privacy chain, or various blenders and mugs, often can't. However, there have been instances where Chainalysis has claimed to scrape transactions passed through a mixer, and recently Finnish authorities announced they tracked Monero transactions as part of an investigation.
However, the fact that these cloaking techniques are being used is very clear and can serve as a red flag for any AML purposes. The US Treasury Department which last year added the Tornado Cash Mixer smart contract address to the Office of Foreign Assets Control (OFAC) list is one example. Now, when the history of the coins is traced back to this mixer, it is suspected that the money belongs to illicit parties. This isn't great news for privacy advocates, but it's reassuring for anti-money laundering in cryptocurrencies.
One might ask, what's the point of tagging and tracking hybrid currencies via blockchain if we don't have a tangible person to pin them to, like in the banking system? Fortunately, criminals have to interact with the non-criminal world, and sooner or later tainted money ends up either in goods or service providers, or in a bank account, and this is where law enforcement can identify the actual people. This is how the FBI secured the largest ever seizure of Bitcoin worth $4.5 billion (in 2022 prices) after the Bitfinex hack. This also works in reverse: If law enforcement has access to a criminal's private keys, they can leverage the blockchain history to determine which addresses interacted with him at some point. This is how the London Metropolitan Police exposed an entire drug trafficking network with a single arrest (Source: Crypto Crime 2023 report by Chaina Analysis).
Crime has existed since the dawn of humanity, and will likely accompany it until its end, using ever-evolving camouflage techniques. Fortunately, crime detection methods are following suit, and blockchain technology happens to be an ideal environment for deploying digital forensic tools. After all, it is transparent and available to everyone (which, by the way, cannot be said about the banking sector).
One could argue that current on-chain analysis methods need improvement – and the point is valid. However, it's clear that even in this imperfect form, it's actually an effective tool for tracking down the series' villains. Maybe it's time to reconsider our approach to AML and allow criminals into the blockchain?
Special thanks to the Scorechain team for sharing their knowledge.
This is a guest post by Marie Potreva. The opinions expressed are entirely their own and do not necessarily reflect the opinions of BTC Inc or Bitcoin Magazine.
