The US National Security Agency (NSA) is reportedly able to locate senders and receivers of Bitcoin around the world, as classified documents provided by Edward Snowden reveal, The Intercept reports March 20.

The sources used for this article were disclosed to The Intercept, a publication dedicated to ‘adversarial journalism’ founded by Glenn Greenwald, Laura Poitras, and Jeremy Scahill following Edward Snowden’s revelations of mass reconnaissance in 2013.

The NSA managed this by creating a system for harvesting, analyzing, and processing raw global internet traffic using a program disguised as a popular anonymizing software, according to other documents dating March 2013.


Though the agency was interested in monitoring some competing cryptocurrencies, Bitcoin (“a decentralized digital currency system, wherein the units are known as Bitcoin or BTC”) was its primary target.

Tracking was performed by means of a secret internet surveillance program under the code name OAKSTAR, which represents a range of covert corporate partnerships that enabled the agency to monitor communications and pull data directly from the fiber optic connections that form the internet undergird.

A VPN-like service called MONKEYROCKET, a subprogram of OAKSTAR, played a crucial role in identifying Bitcoin users. Instead of hiding user data, MONKEYROCKET tapped network equipment to obtain data from Europe, the Middle East, Asia, and South America.

In the NSA documents, MONKEYROCKET is also described as a “non-Western internet anonymization service in support of counter-terrorism” launched in summer 2012.

“Currently there are approximately 16,000 registered users, and the site is generating about 2,000 events per day… Iran and China are two of the countries with a significant user base,” stated the report.

MONKEYROCKET is governed primarily by the Executive Order 12333, which extends powers of U.S. intelligence agencies when investigating U.S. citizens. The NSA points out that a key piece of the “long-term strategy” for MONKEYROCKET was to “attract targets engaged in terrorism, to include Al Qaida COMSEC security that the NSA can then exploit.”

As a result, the NSA collected a significant amount of Bitcoin user data, including passwords, browser history, and even MAC address of their devices. All this information was enough to identify the users of specific Bitcoin wallets.

Not only Bitcoin

In March 2013, the NSA gave an update on intelligence collection efforts using MONKEYROCKET, which targeted Bitcoin and LibertyReserve, “2 of the top 3 virtual currencies” of their interest.

LibertyReserve is regarded as a predecessor to Bitcoin, but according to The Intercept, was created with criminal intent in mind. A Costa Rica-based digital currency service, LibertyReserve was founded by Arthur Budovsky, who was eventually arrested in connection with a $6 bln money laundering operation, resulting in a 20 year conviction.

Five months after Liberty Reserve was shut down, US federal agents apprehended Ross Ulbricht, the man behind the world’s largest darkweb marketplace, Silk Road, where transactions were conducted in Bitcoin.

Snowden’s files don’t give much information about whether the NSA actually participated in the FBI’s Silk Road investigation. However, Ulbricht himself claimed that all evidence against him was obtained by the NSA in violation of the Fourth Amendment, and should be deemed inadmissible to his trial. The prosecution dismissed his theory.

The monitoring of cryptocurrencies by government surveillance agencies may come as a cause for concern for those who value cryptocurrency for its anonymity and decentralized nature.