The Breakdown - Samurai Wallet Founders Arrested
Episode Date: April 26, 2024The US continues its assault on crypto mixers. NLW explores the community reactions -- the good, bad and ugly. Today's Show Brought To You By Ledger - 5% to Bitcoin Developers When You Buy https:/.../shop.ledger.com/pages/bitcoin-hardware-wallet Consensus 2024 is happening May 29-31 in Austin, Texas. This year marks the tenth annual Consensus, making it the largest and longest-running event dedicated to all sides of crypto, blockchain and Web3. Use code BREAKDOWN to get 15% off your pass at https://go.coindesk.com/3PWW96A. Superintelligent - Learn AI fast. Get 50% off your first month with code "breakdown" https://besuper.ai/ Enjoying this content? SUBSCRIBE to the Podcast: https://pod.link/1438693620 Watch on YouTube: https://www.youtube.com/nathanielwhittemorecrypto Subscribe to the newsletter: https://breakdown.beehiiv.com/ Join the discussion: https://discord.gg/VrKRrfKCz8 Follow on Twitter: NLW: https://twitter.com/nlw Breakdown: https://twitter.com/BreakdownNLW
Transcript
Discussion (0)
Welcome back to The Breakdown with me, NLW.
It's a daily podcast on macro, Bitcoin, and the big picture power shifts remaking our world.
What's going on, guys? It is Thursday, April 25th, and today we are talking about the samurai arrests.
Before we get into that, however, if you are enjoying the breakdown, please go subscribe to it,
give it a rating, give it a review, or if you want to dig deeper into the conversation,
come join us on the Breakers Discord. You can find a link in the show notes or go to bit.ly slash breakdown pod.
Well, friends, some big news yesterday and a lot of discussions surrounding it,
the U.S. government has launched the latest round in their attack against crypto mixers,
shutting down Samurai wallet. Founders Keone Rodriguez and William Lonergan Hill have been arrested.
They are charged with conspiracy to commit money laundering and conspiracy to operate an
unlicensed money-transmitting business. The charges carry maximum sentences of 20 years and
five years respectively. The DOJ alleged that Samurai executed over $2 billion in unlawful
transactions and facilitated more than $100 million in money laundering transactions from
dark web markets and crypto hacks. Samurai's web servers and domain have been seized with
assistance from law enforcement in Iceland where the server was physically located.
Google has also been served with an order to remove the wallet from their app store.
FBI assistant director in charge James Smith said that Samurai, quote, provided other criminals
of virtual haven for the clandestine exchange of illicit funds.
IRSCI special agent in charge Thomas Faderuso said,
Samurai wallet is now closed for business.
To give a little context around the service,
Samurai was a Bitcoin-only wallet with a number of privacy functions,
including protocol native coin joins.
Samurai users also had the option to mix their Bitcoin in a common pool,
similar to the way that Tornado Cash worked.
In addition, the Samurai wallet allowed users
to program multiple consecutive payments to fresh wallets,
putting additional on-chain distance from sketchy transactions.
Samurai was intended for advanced users
and gave access to powerful privacy tools
in a relatively unrestricted manner. For a sense of scale, the app has been downloaded more than 100,000
times. There's currently over 10,000 Bitcoin in the Samurai Whirlpool worth around $700 million.
2 billion in illicit transactions cited by the DOJ seems to include the entire volume which
passed through the wallet from all users. The suggestion there is that all of the transactions were
illicit because Samurai didn't hold a money transmitter license. The DOJ also alleges that Samurai
received $4.5 million in fees since 2017.
Now, crypto mixers exist on a spectrum, from those that take steps to minimize illicit use
to those that have a more, shall we say, free market approach.
Authorities are claiming that Samurai not only accepted illicit use, but actively
courted it. The indictment cites a private message from Hill in which he stated,
at Samurai, we are entirely focused on the censorship resistance and black-slash-gray circular
economy. This implies no foreseeable mass adoption, although black-slash-gray markets have already
started to expand during COVID and will continue to do so post-COVID. There were also a
of public statements along those lines. In March 2021, Europol highlighted Samurai as an emerging,
quote, top threat to the ability for law enforcement to trace the proceeds of criminal activity.
In a thread discussing the article, Hill implied that no changes would be made to the service,
saying, do you see us us our pants? Perhaps the most damning example came in June 2022,
as sanctions against Russian entities were escalating. Samurai tweeted from their public-facing
Twitter account, welcome new Russian oligarch samurai wallet users. The samurai team also courted
controversy within the crypto community. Last year, there was a very public spat between Samurai and
rival Bitcoin privacy wallet Wasabi. The controversy began when Wasabi announced they would be
blacklisting certain transactions for legal and regulatory reasons. The public argument quickly
moved to pointing out technical deficiencies around how each service chose to implement privacy
tools. Finally, it devolved into supporters of each project, suggesting that the other was a fed
honeypot that was not to be trusted. So, if you were just watching from the outside, this is how
Samurai is appearing. Now though, let's talk about how the broader Bitcoin and Crypto
community is responding to this news. Let's start with what is perhaps the most common take
that financial privacy is normal and should be defended. Lawrence Day, the developer of Wildcat
protocol wrote, The ability to hide where your funds are moving is not a feature designed to allow
people to launder their proceeds of crime. It is a perfectly reasonable thing to utilize on a public
and permanent ledger. Samurai are flawed heroes here because they really waved a red flag
in a bull with their posts, but this is tornado all over again. Well, Lawrence means
is that we are now two years into the U.S. government's renewed crusade against crypto mixers.
During that time, multiple smaller mixers have been shut down, but the big example is obviously
tornado cash. The government at this point appears to be taking a systematic approach to shutting
down on-chain privacy tools one by one. Ryan Sean Adams of bankless thinks the point is clear,
tweeting, Samurai is a Bitcoin wallet that makes Bitcoin private. These developers face up to
25 years in prison for writing code. The U.S. is sending a message. No transaction will be private.
Edward Snowden writes,
The Department of Justice has once again criminalized the developers of an app that restores financial
privacy. The way to fix this is to make money private by default. Privacy must never be exceptional
or they will make it criminal. Alex Gladstein writes,
A monumentally bad day for privacy on the internet. The implications of this are so dire. A real
before and after moment. Crypto Quant CEO He Yongju writes,
The USDOJ has arrested pioneers in Bitcoin privacy technology. Privacy stands as a core value
of Bitcoin. Mixing itself is not a crime. Even crypto exchanges use mixing to
safeguard user privacy. It's like punishing the inventor of the knife instead of the one who uses it.
One obvious response then to the increased prosecution around privacy tools would be to double down
on decentralization. During the dust-up between Wasabi and Samurai, one of the big critiques was that
samurai had too many centralized elements. The way the service operated suggests that transaction data
would have been on the server that was seized in Iceland. Beyond that, the team was public and
operated through a regular corporate structure. This case then becomes a prime example of
decentralization not mattering at all until it becomes the only thing that matters.
matters. Udi Worthheimer made the point that this work is critically important, tweeting,
it is one of the biggest failings of this industry that in 15 years we still didn't find a way
for people to maintain their privacy legally. Crypto lawyer Preston Byrne offered this suggestion.
Don't run servers, don't take fees, don't provide customer support, publish code and do nothing else.
That is what it means to get all centralization out. Then again, each of these comments received some
pushback. Crypto lawyer Gabriel Shapiro pointed out that just pushing code out into the world for
free is not a great business decision, so probably isn't a viable solution. Shapeshift founder Eric
Vorhees put an even finer point on it, saying it is not the industry's fault that privacy is
illegal. Hello, breakers. Today's episode is sponsored by Ledger. As another cycle ramps up,
it's another chance to think about your Bitcoin custody best practices, and of course, to help all
the new folks do the same. Ledger is the global platform for securing Bitcoin and other crypto.
ledger combines both hardware wallets and the ledger live app to offer the best way to buy,
sell, swap, and stake without sacrificing on security or self-custody.
Ledger features cutting-edge technology in the form of a certified secure chip and a proprietary
operating system, but also brings ease of use.
This makes Ledger a safe and secure way to manage your digital assets without all the stress.
Check out the link to the Bitcoin Ledger Nano in the show notes.
5% of all sales of the Bitcoin Ledger Nano go to support Bitcoin Development.
once again to Ledger for supporting the breakdown.
All right, breakers.
Consensus 2024 marks the 10th gathering of the biggest event that's devoted to all sides of
the crypto, blockchain, and Web3 ecosystems.
Join pioneering fingers and builders as they delve into the future of Defi and
explore game-changing tech, from AI to ZK Proofs and everything in between.
The event is three days of jam-packed content, networking, and so much more.
Some of the speakers at the event include Chris Dixon, the founder and managing partner at A16Z
crypto, Sergei Nazarov, the co-founder of Chainlink, Kathy Wood, the CEO of Arc, Hester Perce,
commissioner of course, from the U.S. SEC, and Tom Emmer, Republican Majority Whip for the U.S.
House of Representatives.
Visit Consensus24.coindex.com to learn more and save 15% on registration with the code
breakdown. That is 15% on registration with the code breakdown.
Before we get back to the breakdown, I want to share something fun we have coming up on
Super Intelligent next month. Superintelligent is, of course, our new plan.
platform for teaching people how to use AI in a way that is much more fun, fast, and practical.
The platform has hundreds of short tutorial videos, each of which is paired with a set of
step-by-step instructions that get you using AI tools in minutes, not hours, and certainly
not days.
For those of you who haven't signed up yet but want to check it out, in May, I am running
a special NLW cohort.
What this means is that people who sign up with the code NLW May will get $5 off their first
month, but they'll also have access to a private channel in our Discord with me.
I'll be handpicking tutorials each week that I think are the most useful to start with,
and I'll also be available for questions, advice, and feedback from this group.
Spots for this cohort are limited, so if you want to be a part of it, again, sign up at
B-Super.a.I with code NLW-May.
That's B-Super.A.I with code NLW. May.
So if an industry goal is to figure out a way to maintain privacy, then it's worth
spending a little time digging into the charges to figure out exactly what the DOJ claims was
illegal in this case. Crypto lawyer Orlando Cosme had the best breakdown of the indictment tweeting,
the indictment alleges Samurai was operating an unlicensed money transmitter, which typically
requires controlling user funds. But the indictment never alleges such control. Indeed,
it concedes that Samurai employees didn't have access to user private keys, and without that,
Samurai can't control user funds and by extension be a money transmitter. Instead of alleging
control of user funds, somewhat similar to Tornado Cash, the DOJ alleges other actions taken by
the team to operate the service. In Tornado Cash, it was operating the relayer.
Here, the DOJ alleges that the Samurai team created transactions for users,
and broadcasted said transactions for users as the basis for being a money transmitter.
Does that sound like your favorite crypto project?
It should.
If I'm right, and this is the DOJ's theory of how Samurai was a money transmitter,
and courts end up siding with the DOJ,
the entire crypto industry, in particular on-chain apps, are in major trouble.
On the money laundering side of the case,
Dystopia Breaker pointed out some key differences between this case and Tornado Cash,
writing,
criminal use. The devs ran a centralized coordinator without which the privacy software does not function.
The funds are actually mixed in the sense that they are literally commingled using a coin join and then
split, with other people's funds as opposed to being simply encrypted and not mixed.
Realistically, I don't think the feds care about any of that, though. They're just looking
for crypto privacy, then firing off indictments, calling everything a mixer and operated with
zero care for the actual underlying facts. Indeed, one of the big issues with these mixer cases
has been that the legal standard for these kind of crimes are being eroded. Previously, having some
degree of control over user funds was the critical element of running a money transmission business
and therefore needing a license. Now we're increasingly seeing criminal charges grounded in simply
taking a fee or being the publisher of the code. Investor David Vorek pointed out,
the indictment makes it look like the feds want to criminalize the authorship of privacy code.
The centralized coordinator makes the case difficult to defend, but it'll still be
important to ensure that no precedent is set around writing code itself. Dysopia Breaker suggested
that that is entirely the point, responding, yes, this is how laws are made now,
unelected executives and government want a policy, i.e. criminalize the authorship and publishing of privacy code.
So they shop for a defendant, find the very most unlikable one, then they shop for a jurisdiction,
and then they get their bill. They see the new frontier, and they are racing to set norms and
rulings for that frontier in their favor. This is why we have to continuously fight for civil liberties.
We lose them by default. For some, this case is the latest sign that constitutional rights
will not survive into the digital age. Crypto Advocate Rainer-Stylant wrote,
The language in the samurai indictment is simply such a clear indicator that the DOJ has no intention of respecting the First and Fourth Amendment.
There's no other way to spin it.
There's no soft landing here.
There's no way that most corporate aspects of this industry can spin or cope regarding the language in that indictment.
Or what the government is basically saying about open source code in general and holding developers liable.
There just isn't any spin on this.
There's not.
It's very clear that if something like this technology exists, they will just break the Constitution and internet like a bull in a China shop to stop it,
with no regard for any aspect of constitutional law or due process.
The idea of holding developers liable for the actions of others was a key issue in the tornado
cash case as well. The undisputed facts were that the developers had not coordinated with
North Korean hackers, nor were they aware of their existence when the code was written.
Regardless of that, the tornado cash developers were charged based on the way that other people
use their code.
Cutting through the top-level discussion about online privacy and free speech rights,
many noted that these arrests were entirely predictable.
On a non-account called Runway Extender tweeted,
Bitcoin is not under attack, a pair of arrogant and incompetent developers who openly courted criminals
and operated in a way to be easy to be caught, antagonize law enforcement and jeopardize the safety of
their users are under attack. Know the difference. Cryptosecurity expert Taylor Monaghan commented,
I don't know who needs to hear this, but servicing literal thieves for a fee and bragging about
it loudly is not fighting for civil liberties. Taylor has been banging this drum pretty hard for a long time
now, arguing that the crypto industry needs to seriously engage with the hacks and sanction evasion
issues that plague it. Fleshing out the point a little further, Taylor added,
most important for today is that this is not how you achieve actual privacy, or win the right to
privacy. You cannot blatantly service hardcore thieves on a public ledger where everyone knows
the funds are stolen and expect any outcome but this one. It's stupid and delusional to keep
doing the exact same thing and expect different results. So stop doing this and do literally
anything else. Try to prevent thieves and criminals from using your service. This is not philosophical,
and I don't care how you do it. But do not pretend you cannot stop illicit flows while even refusing to
try. Grow up. You want liberty?
You want privacy? This is not how you get either.
In terms of implications, I think we have to go back to the 1990s.
During that decade, there was an attempt to criminalize the encryption of communication,
most notably a technology called PGP.
After several long years, Cypherpunks won that war, when in 1996,
cryptography experts were no longer considered in the same way as munitions.
The crypto version of this war had been simmering in the background, but really got started
in a big way when tornado cash was added to the sanctions list in October 2022.
If history is a guide, this battle will take several years,
require big legal victories and probably need a demonstration that cryptographic privacy is inevitable and
unstoppable. As part of discussion how this war is playing out, Dostopia breaker again commented,
the game is to find the most unsympathetic defendants in order to set precedents that expand power.
At an object level, yes, Samurai was bad in some sense, but at a meta level, we should be
careful to recognize that the incentive is to set precedence to outlaw on-chain privacy.
People did plenty of bad things with Zimmerman's PGP software in the 1990s, I'm sure.
But that doesn't mean that we should ignore or support the legal actions that attempt to ban PGP
under export law. And this is part of what makes the crypto privacy issue so difficult to deal with.
The government has no shortage of unsympathetic defendants that can be used to set their
precedence. From the industry side, we've failed to develop a solution that represents a satisfactory
tradeoff between privacy and crime prevention, which, to be fair, might be because it's not
even possible to create one. But for now, the reality is, there is clearly a pattern here
that isn't just about some bad actors. I agree both with the assessment, that this crew made a
particularly juicy target based on very specific decisions that they made, and that these are probably
decisions we want to avoid as an industry to not give such an easy target. And yet at the same time,
I also do think that the pattern is unmistakable. The right to privacy is never a war that is won.
It's simply an endless series of battles, which, should they go in the right direction,
buy us a little more time to gear up for the next one. Well, the battle is here once again.
And so as Bitcoin Policy Institute fellow Troy Cross put it, looks like we are at war now. Time to
fight. Big thank you to my sponsor for today's show. Check out the Ledger Bitcoin Orange Nano.
5% of sales will go to support Bitcoin development. Until next time, be safe and take care of
each other. Peace.