"He was taken aback by what he saw: Many of this child abuse site’s users—and, by all appearances, its administrators—had done almost nothing to obscure their cryptocurrency trails. An entire network of criminal payments, all intended to be secret, was laid bare before him."
It is a weird story. On the one end, anyone using crypto by now should know, there is a trail following it ( there are means to obscure it, but a lot of ways to screw up too ). On the other, does that mean this investigation was a low hanging fruit?
My experience with friends in law enforcement is that what defines the majority criminals is a lack of understanding of risk. That lack creates a strong sense of "I know how to get away with this."
I remember a story of a guy being busted who ran a business, bought his $500k house in cash, his half dozen trucks in cash, and yet paid almost nothing in taxes. The thought was, "I'll under-report my income, and pay everything all in cash so they can't trace anything!" Except for the fact that transactions over $10K get reported to the IRS, not to mention all of the property to various agencies which circle back to the IRS.
People who have a least a clue what could go wrong tend to also realize they probably aren't seeing other ways for it go wrong, as well.
Used to be worth about $65,000. This will probably be a requirement when $10,000 is worth $1,000 of today's dollars--do nothing, and more and more stuff comes under reporting requirements.
Ridiculous that these things aren't inflation adjusted. I ended up paying the alternative minimum tax once, the old "millionaire's tax". Spoiler: I'm not a millionaire. If I was, millionaire isn't what it used to be, either. https://www.thebalance.com/alternative-minimum-tax-amt-who-h...
1. Clued up criminals will choose crimes that are less risky.
2. The more ignorant the criminal is, the more likely they are to be caught.
3. When you are smart enough, there are legal ways to make criminal amounts of money.
Smart people either avoid crimes, or they avoid getting caught, or they do crimes with low penalties (some white collar crimes can have very high expected gains).
Yes, absolutely. The same law that provides for banks reporting deposits and withdrawals over $10K also puts similar requirements on retail establishments that accept payments that large.
Although in practice they're probably buying a $9k salvage truck in cash, then paying mechanics in cash to fix it up to be a $75k truck.
The same thing happens with houses. Someone buys an absolute dumpster fire in cash. Then they pay contractors to fix it up nice, beautiful appliances, tiling etc. The house gets sold and the money ends up all in the white.
IDK. The bank reports that the J. Random Chevrolet dealer deposited $75,000. The bank doesn't know where that came from. They don't know if it represents 75 $1,000 cars or one $75,000 car.
I used to work at a restaurant that regularly deposited more than $10,000 cash per day. We never filed any IRS reports for that, maybe the bank did.
I bought a car a few years ago half cash, half financing. The dealer sent me a letter stating that they notified the IRS under their obligation to report cash transactions over $10K.
In order to use crypto secretly you have to heavily launder your money in a way that’s not easy or guaranteed to work.. and the laundering itself is a crime which isn’t so easy to hide.
People think it’s private because they are told so but actually it’s a public ledger where anyone can see what you’ve spent and associate you fairly easily by your behavior and links to not so secret crypto addresses.
Not really. You buy mining resources to mine it as opposed to purchasing already mined bitcoin.
There’s rarely any paper trail between buying GPUs/ASICs and the mining itself. That’s why these currently sell above the amount they’d be profitable mining with. Because illicit actors are willing to pay a premium for anonymous crypto.
Where can you buy GPUs/ASICs with crypto? Or are you just talking about the buyers? If the sellers get spooked I'm not sure it matters if buyers are safe.
> In order to use crypto secretly you have to heavily launder your money in a way that’s not easy or guaranteed to work.. and the laundering itself is a crime which isn’t so easy to hide.
Or you use Monero, which as far as I know is not illegal, let alone a crime.
We've been getting increasingly involved in crypto investigation discussions, and largely:
- money side is getting more anonymous, e.g., monero / tornado
- ... in theory. Money crime still often using less anonymous schemes and often at exchange points, so chainanalysis-style companies still make sense, though decreasingly so IMO. A lot of the startups have shifted to verifying contracts, or providing (dubious) KYC risk scores, and interesting to consider why.
- For our customer base (half of which are sec/fraud/crime teams)... what's happening is the criminal platforms + participants have broken (digital) operational security. So it is more about offchain data (app logs, ...) and sometimes combining onchain<>offchain data.
So not too different from our projects tracking malware/phishing/misinformation/etc via OSINT techniques (IP addresses, unmasked metadata, ...), or detecting account takeovers on their websites
- ... more new, IMO, in this space is areas like graph neural networks that have the potential to act smarter & more automatically, e.g., understanding behavior. Very early days here though, so interesting times !
I don't think it was low-hanging at the time (2017). They had to figure out how to trace the bitcoin chain to unmask users. They also had to cast a wide international net with different jurisdictions and rules to get the people arrested by their locality.
Now having a clearnet IP address over Tor website, as well as converting straight to fiat using standard exchanges is about as low-hanging as it gets.
No single technology is a magic bullet for privacy.
In the article, there were many users with low technical competence interacting with a central criminal site that, itself, made some pretty glaring mistakes. The stupidity of all is what made them easy to catch.
What if the central site had not left its IP out in plain sight? Its operators would still likely have been caught because many of the bitcoins they were cashing out could have been tracked due to mistakes made by the site's users. Then, once the site's servers were captured, it's data could have been used to track down users who had made fewer mistakes.
Will future sites and users make the same mistakes? Probably less frequently, but they'll make new mistakes too. Law enforcement will adapt and come up with new ways to track criminals down. No system with users can ever be totally secure.
On the other hand, you can do a lot better if you cut down the number of users. e.g. If criminals hack a company's servers and extract a ransom, the transaction will probably have a much higher standard of anonymity because the hackers are more security minded and can specify how their victim acquires cryptocurrency and transfers it.
The crypto haters and maxis are both right and wrong at the same time. Bitcoin isn't private if you aren't careful and knowledgeable, but bitcoin absolutely can be used for crime if it's the right kind of crime. We're currently seeing a renaissance in ransomware attacks thanks to bitcoin.
It is a weird story. On the one end, anyone using crypto by now should know, there is a trail following it ( there are means to obscure it, but a lot of ways to screw up too ). On the other, does that mean this investigation was a low hanging fruit?