On May 22, 2019, cryptocurrency mixers (also called tumblers) were front and center on the news cycle, following reports of European authorities shutting down one such service. Law enforcement officials involved said the action was necessitated by reports on Bestmixer.io — i.e., the platform in question that was being used to funnel dirty money via cryptocurrencies.
Stakeholders in the crypto industry decried the action, calling it a gross overreach by government agents. They also declared that it set a dangerous precedent, one that could be inimical to cryptography as a whole.
In the wake of the shutdown, Vitalik Buterin, the co-founder of Ethereum, suggested the creation of an on-chain mixing service. With the eyes of law enforcement seemingly fixed on anonymous cryptocurrency operations, a pivot toward on-chain anonymization might be the solution for those preferring to keep their cryptocurrency transactions anonymous.
Is cryptocurrency transactional anonymity a myth?
While it is common to hear phrases like “anonymous transactions” with respect to cryptocurrencies, the truth is that activities on many blockchains are more pseudonymous than anonymous. Cryptocurrency transactions proceed without the need for a third-party intermediary, and oftentimes, this feature gets conflated with actual anonymity.
In mainstream finance, if person A wishes to send funds to person B, then A has to use a service — e.g., a bank to facilitate the transaction. The identity of both participants will be known to the third-party authenticator, and it could be provided to law enforcement, tax bodies or other government agencies.
For cryptocurrency transactions, the absence of an intermediary means A and B can transact between themselves without revealing their identities. While this may seem like anonymity, it really isn’t, as their transaction is still visible to other participants with access to the blockchain.
Now, let’s imagine a spy or some other “bad actor” — who really has it in for either A or B — using careful blockchain forensics: They can follow these transactions to uncover the real-life identities of the participants. These days, public addresses belonging to cryptocurrency exchanges and other major stakeholders are known to many in the community.
This knowledge is one of the reasons why monitors can become aware of a hack even before platforms become aware of what is happening. A large transaction from a known wallet to an unknown wallet usually raises eyebrows.
There have been numerous instances when the alphanumeric cryptocurrency addresses have been linked to their owners. Back in November 2018, Cointelegraph reported on the United States Treasury Department sanctioning a couple of Iranian nationals implicated in the SamSam bitcoin ransomware scheme.
At the time, the Office of Foreign Assets Control (OFAC) of the U.S. Treasury Department remarked that it was the first time that BTC addresses had been publicly attributed to individuals on its sanctions list.
Cryptocurrency mixers and how they work
There are, of course, cryptocurrencies that offer near-total anonymity by obscuring almost every detail of a transaction — addresses, amounts involved, etc. Monero (XMR) and zcash (ZEC) are popular examples of these so-called “privacy coins.”
These cryptocurrencies mostly utilize transaction mixers or high-anonymity consensus protocols, such as zero-knowledge proofs (zk-SNARKs), to create almost total obfuscation of transaction details. Zero-knowledge proofs enable transaction verification without needing to authenticate the validity of transactional information.
Not everyone who values anonymity would necessarily want to use these privacy coins, and that is where cryptocurrency mixers come into play. These services obscure the source and destination of virtual currency transactions.
As the name implies, mixers take the target transaction and include it in a basket of other transactions of the same value. The idea is that the “mixing” of these transactions would throw off any spy trying to “follow the money.”
Tumblers aren’t only used for sending cryptocurrencies to other users, though. They can also be employed when trying to remain anonymous when receiving cryptocurrencies from platforms that utilize Know Your Customer (KYC) protocols, like trading services.
For example, person C has made a total of 1 bitcoin (BTC) this past week: 0.5 BTC from trading, 0.3 BTC from her online store, and 0.2 BTC from working as a freelance writer. If C withdraws all 1 BTC to her bitcoin address, she could lose her anonymity because these transactions would be originating from platforms with robust KYC provisions.
Person C could use a cryptocurrency tumbler to mix up these transactions by adding inputs from other users. At the end of the process, C receives her 1 BTC, but the information recorded on the blockchain would be sufficiently scattered to throw off any potential spy.
Cryptocurrency mixing services employ numerous features to ensure privacy and anonymity. Users usually have to create “burner cryptocurrency addresses” (i.e., temporary wallets). These platforms do not store user information for more than 24 hours. The mixing process can last between 30 minutes and six hours. Longer time frames tend to produce more secure transactions.
While there are several cryptocurrency mixing platforms, they usually employ the same process. Users specify their target addresses for receiving the “mixed coins,” then select a convenient time frame and agree to the fee, which typically ranges from 2-5%.
In April 2019, Cointelegraph reported that mixed BTC transactions (“CoinJoins”) constituted about 4.09% of all bitcoin payments. Data from Long Hash — a blockchain analytics firm — showed that bitcoin payments via CoinJoins were up by more than 300% since August 2018.
The war against cryptographic anonymity
Privacy and anonymity aren’t usually concepts that go down well with governing bodies. Thus, it is no surprise that various jurisdictions have taken steps to curtail efforts for ensuring anonymity for cryptocurrency payments.
Countries such as France and Japan have called for privacy coins like monero and dash (DASH) to be banned. In China, blockchain companies are forbidden from designing anonymity-enhancing features, with Beijing saying such regulation is healthy for the industry in the long run.
Government officials usually put forward the same argument to justify their actions: Privacy coins enable criminals to launder money, evade taxes or sponsor terrorist organizations.
As previously reported by Cointelegraph, various governments are stepping up their efforts to monitor blockchain transactions. Some of these jurisdictions are even turning to blockchain analysis specialists like Chainalysis to identify cryptocurrency hackers and tax evaders.
Now, it appears that law enforcement agencies are turning their attention toward cryptocurrency tumblers. Recently, Europol, in conjunction with Dutch and Luxembourgian authorities, shut down Bestmixer.io — one of the largest cryptocurrency mixers in the industry, with a turnover of more than $200 million since its inception back in May 2018.
According to the Europol report, the platform was involved in money laundering and several forms of illegal financing. The investigation reportedly began back in June 2018, with Europol planning to share the information gathered from the bust with several other law enforcement agencies in different jurisdictions.
Once the news became public, several notable figures spoke out, including internet security guru and cryptocurrency bull John McAfee, who responded to the news via Twitter, saying:
“Bitcoin mixers are now being targeted. Anonymity itself is slowly being considered a crime. The word ‘Privacy’ will soon mean ‘Criminal Intent.’”
McAfee’s comment echoes those of many in the industry who accuse the government of conflating privacy with criminality. These critics argue that there are many noncriminal reasons why someone would wish to protect their privacy and anonymity while transacting in cryptocurrencies.
Sjors Provoost, a bitcoin developer, quipped:
Cryptocurrency-related robberies aren’t restricted to online hacks. There have been physical assaults on cryptocurrency owner, with some even leading to the death of the victim. From Dubai to Singapore, and even the United Kingdom, cryptocurrency owners have fallen victim to armed bandits looking to steal their valuable virtual coins.
Many government agencies around the world argue that the use of cryptocurrency-anonymizing services akin to being involved in illegal activities. In many ways, it seems to be an extension of anti-cryptocurrency rhetoric by state officials in different jurisdictions.
Cointelegraph reached out to Emin Gün Sirer associate professor of computer science at Cornell University and the co-director of the initiative for cryptocurrencies and smart contracts (IC3), to speak about the merits of such government action vis-à-vis the pervasiveness of money laundering via virtual currencies. According to the professor:
“Money laundering is a problem for all bearer assets, starting with government-issued cash. Every society on earth has decided that the benefits of cash on hand outweigh the downsides of a small percentage of money laundering transactions. And they have enacted effective means for controlling these unwanted use cases at the edges of the financial system, where the banking system meets consumers.”
Despite the continued assertion by state agents that cryptocurrencies find extensive use in criminal activities, the actual hard data available in the public domain shows the exact opposite. Earlier in the year, Japan’s National Police Agency (NPA) released its 2018 money laundering report, which showed virtual currency-related money laundering at less than 2% of all recorded cases.
However, the Financial Services Agency (FSA) of Japan recently declared that it would increase its oversight of cryptocurrency exchanges to stamp out money laundering. With the Financial Action Task Force (FATF) visiting the country in the fall of 2019, Japan hopes to gain a favorable rating from the intergovernmental body.
Perhaps the FSA could focus on the other avenues on which close to 99% of all money laundering in the country happen. Cryptocurrencies certainly didn’t contribute to the country receiving the FATF’s lowest rating in terms of Anti-Money Laundering (AML) and KYC compliance back in 2008.
Perhaps a pivot toward on-chain anonymization?
If governments continue to clamp down on avenues that ensure transactional anonymity, then it stands to reason that developers will create more robust platforms that will be more difficult to police. Professor Sirer made similar remarks in his correspondence with Cointelegraph, writing:
“The problem with shutting down a mixer/tumbler is that it will force the community to develop more effective tumblers and mixers that cannot be shut down or traced as easily.”
One such example could be the pivot toward on-chain anonymization. Shortly after the Bestmixer.io shutdown, Ethereum’s Buterin proposed the creation of an on-chain ether (ETH) mixer as a way of improving user privacy on the blockchain.
Buterin’s proposed ETH mixer goes beyond spreading transactions among multiple users, instead suggesting to completely obfuscate all transaction details by ensuring that they don’t appear on the blockchain. Buterin did, however, mention that such a system might only be able to handle small amounts of ETH.
When asked about the viability of on-chain mixers, Sirer opined:
“I doubt that either Bitcoin or Ethereum will add on-chain anonymity measures any time soon. Bitcoin is capacity limited and change-averse, while Ethereum is focused on building a world computer. But other coins will emerge with stronger guarantees, and there's plenty of research into bolt-on alternatives. By clamping down on a service that is easy to trace, law enforcement is setting the stage for another generation of services that they will not be able to control or corral.”
Section 10 of the bitcoin white paper, as written by its creator Satoshi Nakamoto, focuses on privacy — i.e., the limiting of personal information of transacting parties. Privacy and anonymity are arguably fundamental tenets of cryptocurrency held by many enthusiasts. It doesn’t appear to be beyond the realms of comprehension to envision that developers will create censorship-resistant platforms that allow anonymous cryptocurrency transactions — if pushed to do so.