Unchained - How Chainalysis Helps Solve Crimes: Jonathan Levin Tells All - Ep.62
Episode Date: May 29, 2018Jonathan Levin, cofounder and chief operating officer for blockchain analytics company Chainalysis, describes how the company was born out of questions he had while a grad student, how they began mapp...ing the Bitcoin blockchain to certain entities, and how their customers, which include government agencies such as the FBI, DEA, IRS, Europol and others, use Chainalysis to help solve Bitcoin crimes. He also reveals what level of detail the software tracks, how privacy coins could affect their work, and what new developments in the technology could decrease current crimes, such as physical extortion of crypto holders. Plus, he answers the question of whether or not Chainalysis's work destroys the fungibility of Bitcoin. Chainalysis: http://chainalysis.com/ Jonathan Levin: https://twitter.com/jony_levin Chainalysis report on the changing nature of crypto crime: https://www.chainalysis.com/static/Cryptocrime_Report_V2.pdf Forbes article on Chainalysis: https://www.forbes.com/sites/thomasbrewster/2018/04/05/snooping-on-bitcoin-is-big-business/#234e6792d198 Usage of Chainalysis by IRS: https://www.thedailybeast.com/irs-now-has-a-tool-to-unmask-bitcoin-tax-cheats Threats of violence against bitcoin and other crypto holders: https://www.nytimes.com/2018/02/18/technology/virtual-currency-extortion.html Thank you to our sponsors! Blockchain Warehouse: https://www.blockchainwarehouse.com/ Keepkey: https://www.keepkey.com/ Preciate: https://preciate.org/recognize/ Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
Hi, everyone. Welcome to Unchained, your no-hype resource for all things crypto. I'm your host, Laura Shin. If you've been enjoying Unchained, pop into iTunes to give us a top rating or review. That helps other listeners find the show. And be sure to follow me on Twitter at Laura Shin. Today's episode is brought to you by Keep Key, the easy, safe, and simple way to protect your Bitcoin, Ether, Litecoin, and many other digital assets. There's no time like the present to protect yourself from hackers, malware, and viruses.
Visit keepkey.com to order your secure hardware wallet today and use the code Unchained 10 for a limited time 10% discount.
Blockchain Warehouse is an international blockchain accelerator, offering a wide range of token sale advisory services to promising blockchain-based ventures.
With the leading advisor network, BCW is at the forefront of building landscape-changing blockchain companies and hosting successful token sales with more than $20 million raised so far.
Unchained is sponsored by Appreciate.
Appreciate is building the most valuable relationships on Earth.
In each episode of Unchained,
Appreciate Recognize as an individual or group in crypto for an achievement,
because kindness is contagious.
Who in crypto will be recognized today?
Stay tuned to find out.
Today's guest is Jonathan Levin,
co-founder and chief operating officer of Chainalysis.
Welcome, Jonathan.
Thanks for having me.
What does Chainalysis do?
Chainalysis provides investigation and compliance software
to the world's leading institutions who are focused on cryptocurrencies.
And what are the main products it offers?
So we have two main offerings.
We have a set of investigation software that allows people to go in retrospectively
and look at cryptocurrency transactions and determine how those cryptocurrency transactions
relate to the real world.
And we also have compliance software where exchanges and other cryptocurrency businesses
are able to risk score their customers and determine.
determine which ones of their users are high risk and low risk.
And who are your customers?
So we have three main categories of customers.
So we have cryptocurrency exchanges, like the brand names that you would recognize,
all the world's leading cryptocurrency exchanges.
They are required to prevent money laundering from happening on their platforms.
And so they use us to essentially determine where their customers have been receiving
their cryptocurrency funds from and what they are using their cryptocurrency.
funds for. We have financial institutions that are interested in either getting involved in the
cryptocurrency space or have customers who are active in the cryptocurrency space and therefore they need
to understand the nature of their businesses and determine the risk associated with them and put in
place adequate controls. And then we also have customers in the government space and those customers
are primarily focused on either regulatory or law enforcement actions that could
protect society and essentially weed out egregious actors against, you know, other consumers or
other nations or things of that nature.
Some of the big government agencies and law enforcement that you work with include the DEA,
the FBI, ICE, which I'm just blanking, that's immigration's customs enforcement or something
like that, the IRS, Europol and some of the others.
What do each of them typically use chain analysis for?
So our government customers have jurisdiction.
They have mission that is about, you know,
protecting society in different ways.
All of them have somewhat distinct domains,
but also somewhat overlapping domains.
And so you will see that in a lot of investigations
that chain analysis has been used in,
there's actually collaboration among all of those different customer sets
that come together in order to, for example,
take down dark net markets or take regulatory action against
exchanges that are not complying with regulation.
And so really, each one of them use, the way that I think about it is that cryptocurrency is just a new tool in the toolkit.
Those agencies were focused on preventing crime yesterday.
They're focused on preventing the same crimes today.
The only difference is that the people that they are targeting the threats that they're trying to mitigate now also involve cryptocurrency.
And so all of those agencies use us to essentially achieve their mission, which has not changed since yesterday.
And can you walk me through what that looks like when they're using chain analysis software to either take down a dark net market or whatever it might be?
Yeah, sure. So chain analysis investigation software is a web interface that you actually can investigate historical cryptocurrency transactions.
different agencies might have different starting points.
Exchanges file suspicious activity reports here in the US with FinCEN.
Those suspicious activity reports contain information about certain transactions that they deemed were suspicious.
And that could be like a starting point for an investigation.
And then they would take that information about some specific transactions of interest,
put that into the chain analysis software and find out more context behind those transactions,
which counterparties were involved, which other services were involved,
was there dark net market activity, was there other exchanges that were involved?
And so they start to sort of build out an investigation that way.
And how does this software do that?
Is it sort of like a big map of the blockchain where you know which addresses are linked
with exchanges and which ones are linked with dark markets and et cetera?
Yeah.
So essentially, chain analysis maintains a database about the linkages between cryptocurrency,
identifies and the real world.
And essentially the real world for me is about, you know, who is transacting and why
are they transacting?
So are these wallets managed by exchanges or are they managed by merchant services, by dark
net markets, by ransomware, by other types of threat actors?
And we maintain that database of, you know, how those addresses and transactions linked
to real world entities.
And how do you figure out which address is associated with which entities?
So this gets into, you know, in cryptocurrencies, you've got a blockchain.
And blockchain is a public ledger of all transactions that have ever happened.
And it turns out that those transactions have certain patterns about how they are constructed.
They can reveal how multiple addresses are actually all controlled by the same piece of wallet software.
And we are able to pick up those patterns.
that is kind of step one is to determine which transactions on the blockchain were broadcast
by the same piece of wallet software.
And how would you figure that out?
And by that, do you mean like these are all blockchain wallets and these are all Coinbase
wallets?
Or I'm not sure what you mean by it's the same.
So a wallet for me is just a wallet could be a piece of software that you run on your own
laptop or it could be the Coinbase hot wallet.
So essentially wallets are just the unit of a.
analysis when it comes to cryptocurrencies because in essence,
addresses are controlled by by wallets.
And so the wallet is the piece of software that is generating all of these different transactions.
And the task for us is to determine which addresses are maintained and controlled by the same
wallet.
And would that include like these are all ledger style wallets and these are all?
Yes.
Oh, interesting.
So so.
But that makes sense.
So there's like, so step, the unit of analysis is really, okay,
cryptocurrencies for everyone, for all cryptocurrencies,
are controlled by wallet software.
And so that's really the unit of analysis that I look at.
And the heuristics that we write, like the patterns that we're trying to pick up,
are about how we can tie addresses into the wallets that they're controlled by.
And that applies equally for all the different types of wallets.
How do you go from knowing, okay, these are ledger wallets and these are blockchain and dot info
wallets and whatever to I know that it's this person controlling this wallet?
Yeah.
So what happens is the first stage is just to determine which transactions, which addresses are
controlled by specific wallets.
And I can call those entities or we can just call them wallets.
And the second step is, you know, how do we tie that back to a real world identifier?
buyer because even if I know that these 10 transactions were all sent by the same wallet, I actually
don't have any idea about where that wallet is in the world, who that wallet is controlled by.
And so the next step is to actually, you know, in the beginning when we started, we started just
making transactions. So we opened accounts at all the different service providers out there
from Coinbase to Cracken and Mount Gocks and, you know, all the, all the service.
that are around in 2014.
And we would send small transactions, you know, a deposit, a withdrawal.
And that would give us some identifiers that then once we look back at step one,
we could see that this wallet actually, you know, conducted 100,000 transactions.
And all the withdrawals that we made from that service were contained within that 100,000
transactions and therefore we know that all these 100,000 transactions were actually, you know,
Mount Gox transactions, for example.
Okay.
So meaning it's sort of like right now if you sign up for one of those financial services where
they deposit like three cents and then 10 cents in your bank account and then you can say like,
yes, this was my bank account?
Yeah.
So that was in the beginning.
And then, you know, as those services started to use us for compliance purposes, that actually
feeds our data data set as.
well. So when our customers in the exchange space use our services, they actually verify that these
are transactions and addresses that they actually control. Oh, okay. So, but then now we've got to that
level of like, okay, these are the exchanges. Then how do you figure out what person? So what person,
we actually don't touch that. So. Oh, but what, okay. Yeah. So the map inside chain analysis is to the
level of the service that is being used by someone to transact in cryptocurrency.
I actually never go down to like an individual level.
So the...
Wait, really?
Yeah.
Because I could have sworn that there was a podcast where you said something about
how you would be able to identify the person.
So there might have been a podcast in which I said something along the lines of
someone had actually tweeted about an address that they had controlled and I actually got back down to the person because they had associated their own wallet in public with their own individual identity.
But that's not something that we map to just directly from the blockchain.
That person had to in public sort of broadcast this is my Bitcoin address or something like that associated to a Twitter account or something.
like that. Okay, so if somebody's using like a blockchain. Info wallet or a ledger wallet or something,
like you wouldn't be able to figure out who the person is. No. But if they're using something like
Coinbase or Cracken, then you could maybe if you talk with, you know, if those companies are
using your service and then they're talking to, but let's say it's like the IRS. Yeah, so the IRS
would issue a subpoena to, you know, a Cracken or a Coinbase and ask for more information about a
specific set of transactions. And that would then lead them down to an identity because
Coinbase and Cracken are obliged to have KYC know your customer requirements. And so they're
under the obligation to identify who their customers are. I did see that the IRS is using your
software to capture tax evaders or catch tax evaders. The FBI, I'm presuming in your poll,
are doing this to, or using challenges as to, you know, catch criminals. Everybody always talks
about how 2017 was such a big year in crypto. And I just imagine from your place in the ecosystem
that you must have seen a change in a very interesting way. So I'm just curious to know, like,
how did your customers change? How did the products and services that they were interested in
change? Like, if you were to characterize that year from your perspective, what would it look like?
Yeah, it's a great question. So I think that the attention on cryptocurrency
in 2017, no doubt went up dramatically.
You know, we look at transaction volumes and we have a lot of information about why people
are transacting on the blockchain.
And so we saw, you know, big changes in the nature of some of that activity.
We saw, you know, dark net market activity as a percentage of overall cryptocurrency activity
go down.
There were a number of takedowns in 2017.
As well as, you know, there was massive increase in the amount of speculative.
activity inside
cryptocurrencies. And so
the nature of
how people are transacting, we saw
increases in merchant processing, we saw
decreases in dark net market activity
both in absolute and relative terms.
And then we saw
a massive change in like the number of
entrance inside the market. So we saw
financial institutions trying to
look more like cryptocurrency businesses.
And we saw cryptocurrency businesses trying to
or cryptocurrency businesses try and look more like financial institutions.
And that trend for us has been really interesting because ultimately we are the company that
allows financial institutions to look a little bit more like cryptocurrency businesses
because they can put in place controls about, you know, here's how we prevent money laundering
in this new world.
And for, you know, cryptocurrency businesses to look more like financial institutions, well,
they need to have controls.
They need to actually be able to.
to monitor the transactions of their users.
And I think the biggest shift that I saw in 2017 was among the cryptocurrency businesses,
you saw their customer bases explode in number.
And this meant for a shift in how we thought about our product,
because everything that we were doing for cryptocurrency businesses in 2017 was all retrospective.
The transactions were being processed by cryptocurrency exchanges, deposits and withdraws.
And then, you know, there was like a look back tool that you could assess the risk of your users.
But now, you know, I think that people want to get ahead of that problem.
You know, when you're dealing with millions of customers, you need much more automated solutions.
And so we started to think about, well, how much can we help these cryptocurrency exchanges solve this problem in real time?
How much can we automate compliance so that they have automated workflows so that they don't have armies of people like the financial institutions looking back on transactions?
And so that's something that we saw in 2017.
And we launched a new product this year in light of that called KYT, chain analysis KYT.
Chain analysis know your transaction.
And that's where we're thinking about automated risk scoring for our cryptocurrency customers.
customers. That product is really interesting to me because it claims to identify suspicious
activity in real time and to be able to discern the purpose of a transaction. How do you do that?
So essentially, if you think about the difference between cryptocurrencies to real world
financial institutions is that when banks send money bank to bank, sometimes the beneficiary
is there inside the transaction. So you can see who you're sending to. But sometimes
that that entity doesn't really give you like a real purpose
understanding of what that transaction is really for
especially you know for illicit use right so
no drug dealer puts you know their real company name
being like drug dealer the best biggest drug dealer in new york city limited
um you know there's there's a level of obfuscation that um whereas in
cryptocurrencies actually we identify, you know, different types of services that have, you know,
specific purposes why you would use those. So like ransomware, we identify ransomware addresses.
So we can see why or like the purpose behind this transaction being sent from the exchange is actually
being used to pay a ransom. That's like a good example. Or like I might not know exactly what good
in service is being bought, but I can see that money being sent from, say,
bit stamp to bit pay is something being used for merchant services or you know some some similar
transaction like that could be also applied to the dark net markets this really requires you to kind
of know the bad actors in advance but if there's i assume a lot of these bad actors create new
addresses and account so how do you figure those out i call them sort of you know i like to be like
fact specific so so like a dark net market for example so a dark name market
has typically a service where you have an address that you top up that to that address
and that's associated with your account.
So yes, there can be new addresses being generated over time, but also from a usability
standpoint, it's quite hard to develop trust within these environments.
So if you are logging on through tour, there's lots of fishing.
darknet markets there's lots of you know difficult abilities to build reputation systems in these
markets and so sometimes they'll be reusing that address because it has some familiarity for that
user like that ease of customer experience also allows us to it then identify you know some of those
accounts oh wow okay that's interesting that makes a lot of sense i also wanted to ask you about
this reactor product it enables
people to input a transaction and immediately find connected wallets. I know a lot of the very wealthy
people in crypto will put a bunch of their coins across like 15 or 20 different wallets. So how can
you tell whether a connected wallet is owned by the same person or simply a wallet that they
sent a payment to? This is a great question. So ultimately in investigations, you have to
understand, you know, typical behavior of different wallets.
So, you know, for the most part, actually what people don't realize is that, you know,
most people transacting in crypto are using third-party services.
I don't know whether this is like news to some people or like not.
But, you know, we can identify third-party activity.
That's what we're really good at.
And third-party activity would be like exchanges, hosted wallets, stuff like that.
For the stuff that's private, like personal wallets,
wallets that you control the keys for yourself,
those are also have specific types of patterns, right?
Laura uses cryptocurrencies in Laura's way.
And, you know, there will be timing and behavioral patterns that you then leave behind
based on, you know, how you are transacting.
And so it's not always, you know, that clear where that change of ownership takes
place, but we give you the data points that you need to then, you know, make some judgment
calls on that.
There's not stuff that we like.
That level of confidence is something that I would say is like a human judgment call
rather than something that we automate out of like pattern recognition or like deep AI or
machine learning.
This is stuff that actually typically are the people using our software as trained investigators
would be able to make that determination.
Although maybe an AI could be trained to figure that stuff out.
Maybe I'm less confident about that.
Oh, really?
Yeah.
Wait, why is that?
Because you know those, like, I don't know if you heard that story about the Target shopping data.
Do you remember this?
It came out quite a while ago, but basically this father of a teenage girl was really upset
because Target began sending advertisements about like expecting a baby, blah, blah, blah.
And he was like, you know, my daughter's 16.
whatever, why are you sending these? Well, it turned out that from her shopping behavior,
target, or the algorithm they were using, figured out that she was expecting a baby,
and that was how he found out. So I think, yeah, so I do think that these algorithms can,
like, discern a lot from our financial behaviors. Yeah, that's true. I mean, the, the argument
that I use about this is that there's still, like, a relatively low data, like, relatively
low number of actors that you're talking about within the cryptocurrency space.
And so, you know, for that, for that example, you've got like millions of mothers or potentially
to be mothers all transacting in a certain pattern.
And actually, you know, Target has the data on exactly those, you know, candidate mothers
turned into real mothers.
And so, you know, the actual computing behind that is, and the models being used can be
trained in that way. Like in cryptocurrencies, you're talking about like a smaller data set, a
noisier data set, stuff where like that level of ground truth data doesn't really exist. And so it's not,
I'm not saying that machine learning is like completely futile in this, but there is,
and there is some stuff that we think about in that domain, but it's not always that straightforward.
Okay. And one other thing that I wanted to ask about was earlier you were saying the vast majority of people
use third-party services. What percentage is that?
So we can identify, it's quite hard to know like how many people.
I would say that, I would say that 80% of transactions that occur on these cryptocurrency
ledgers have a counterparty that is a third party service, more than 80%.
Okay.
Oh, that's interesting.
Yeah.
So I guess despite all the admonitions to manage your own private keys, a lot of people
are not doing that.
Did that percentage change, by the way, in 2017?
Did it used to be a lower percentage?
It's been roughly consistent.
I haven't tracked it all the way back to the, you know, 2016 and do those trends.
I could try and take a look at that.
Okay.
Yeah.
Yeah, I just was curious because obviously maybe in the libertarian days it was a higher or rather lower percentage.
But then maybe now after this big speculative period, it's higher.
Well, actually, like, even in like the, I mean, I don't know where we call like the libertarian days of big.
But, you know, in, say, March 2012, there were weeks where 30% of the Bitcoin blockchain transactions were all Silk Road.
And so, you know, Silk Road is a third-party service that was being trusted by people to affect payments.
And so.
Oh, okay. Oh, so you even include.
I include those as well.
Like places where, you know, Silk Road was top up to play.
So you had to give Silk Road your money in order to get.
balance on the account in order to buy goods and services at that.
And so that is you're not in control of your private keys.
Wait.
Oh, oh, okay.
Now I get it.
Okay.
Yeah.
That's true.
That does make sense even just to do that kind of transaction.
One other thing I want to ask you about was how you came to do this work.
I got into crypto by sitting in a pub in 2012 with my friend Tom.
and he told me that we should write an arbitrage bot going between Bitstamp and Mount Gox.
And I asked him, I was like, Tom, where is Mount Gox? I don't understand.
And he said, well, have you heard of Bitcoin?
And I was like, no, I haven't heard of Bitcoin.
And that's when I kind of went down the rabbit hole of personal research.
I was a grad student in Oxford at the time.
I was very much interested in environmental economics, had no sort of technical background at all,
and spent, you know, day and night just diving into the Bitcoin Talk Forums,
writing on the Bitcoin Dev mailing list, and bringing some economic rigor to the discussion.
By the way, you, me and Chris Berniske, we all, like, came from environmental backgrounds
because for a while I did environmental journalism.
That's super funny.
That's really funny.
And actually, our chief economist, Philip, actually also came from an environmental economics background.
Oh, really?
All I have to say is that Chris and I have been joking that we're so glad that we don't do that kind of
work anymore because it's so depressing.
Yeah.
And I feel that one of the reasons that I got into this space was that the ability to
actually have impact in terms of not doing, participating in an academic debate that was
so far removed from like the reality in day to day.
And the confluence of that in the tech sphere is something that like got me really excited.
And so I, um, I started.
off like in my in my bedroom and in grad school sort of studying at bitcoin i then quickly realized
that while there was a lot of excitement about the technical details about bitcoin the bitcoin itself
was a socioeconomic innovation there was nothing about you know something new technologically that
had really changed about the world but rather it was a way to construct new trust relationships
between people, new modes of transacting that people hadn't really thought about before.
And the thing that underpins all of that is the system of incentives that are present in
order to get people to adopt or participate in this new world.
And so I felt like there was no real economist looking at it.
In fact, you know, I went round Oxford as a grad student trying to get people to supervise my
thesis.
I pitched 80 professors out of the economics department and no one took it.
on as a project because they were like, this doesn't relate to my research area.
Oh, man.
And so, you know, it felt like a little bit like pitching VCs.
But the thing about it was is that I then started to go to conferences.
And, you know, in 2013, when I went to my first cryptocurrency conference in London,
I think it was called Bitcoin London and the predecessor of Coin Summit, they actually
had a bunch of presentations and no one put a single number up on the graph.
No one put a graph on the screen, no one put a number up there.
They all spoke about flying cars and machine to machine payments and a utopian world about, you know, how the once governments are gone that we could, you know, live a freer life.
And my thought was, well, if this really is a socioeconomic shift that is going to take place, that there needs to be someone measuring what is happening in the real world as it relates to cryptocurrencies.
And that's why, you know, we started chain analysis was essentially to bridge that gap between, you know, connecting what is actually the real world implications of what is happening in cryptocurrencies.
And tying that together meant building this data set about how the real world relates to cryptocurrency transactions.
The best initial use cases for that are, you know, investigations and providing governments with enough insight into what is actually going on in cryptocurrencies and providing cryptocurrencies and providing business.
businesses with the ability to access traditional financial services. And so, you know, that's really,
like my journey was about like someone needs to provide credible data in how the real world is
actually relating to cryptocurrencies. And I feel like that hasn't really changed since 2012.
Clearly, that was a brilliant idea because as you know from your own company, things are going
quite well and you have a lot of customers and a lot of people need your services.
Quickly before the break, I actually want to ask you, you currently support Bitcoin and
Bitcoin Cash and you plan to support 10 blockchains by the years end. Do you know which ones you're
going to add? We're not yet committing to exactly which ones. We're tracking all of them internally.
We've got this kind of like nice graph internally, which is about the technical difficulty of
supporting some of these cryptocurrencies and the business value that those cryptocurrencies present to us.
And we're currently sort of working through exactly which ones to launch in which order.
Probably Ethereum has to be on there.
Ethereum has to be on there.
But further than that, I'm not going to make any commitments on radio.
Okay.
We're going to discuss ransomware, physical crimes, and more.
But first, I'd like to take a quick break to tell you about our fabulous sponsors.
Blockchain Warehouse is an international blockchain accelerator,
offering a wide range of token sale advisory services to promising blockchain-based ventures.
With access to heavyweight technology leaders, the accelerator is heavily involved
in crafting the blockchain technology, token sale, and regulatory landscape.
On May 25th, Blockchain Warehouse launched the first ever Crypto Shark Tank, a new series exhibiting blockchain warehouse's review of candidate projects chaired by Adrienne Gutridge, CEO of blockchainwarehouse.com.
This week's episode features Mesmer, a decentralized media ecosystem, offering digital collectibles to consumers for watching the content they already consume and enjoy.
Find out more at www.mesmer.tv. That's M-E-S-M-R.TV. Or find all else.
episodes at www.com.
Cryptosherktank.com.
Cryptocurrency is vibrant and exciting, but it's not without its share of bad actors.
Exchanges and personal accounts can get hacked.
Computers can be infected with malware.
Left unprotected, your digital wealth is up for grabs.
Don't let yourself be a victim.
Keep Key is the safest and simplest way to protect your Bitcoin, Ether, light coin,
and other tokenized assets.
This hardware wallet is a separate device that you control.
Brought to you by the Pioneering Team.
team at ShapeShift. KeepKee works with a wallet software on your computer to manage your private
keys and transactions. Your device is pin protected, which renders it useless even if it falls into
the wrong hands. Its large display lets you carefully view and approve every transaction. And if your
keep key is ever lost or stolen, you can safely recover your device without compromising its private
keys. The bottom line, you'll sleep easier, knowing that your digital wealth is safe and secure.
Visit keepkey.com to order yours today and use the code Unchained 10 for a limited time 10% discount.
The ScoreBet app here with Trusted Stats and Real Time Sports News.
Yeah, hey, who should I take in the Boston game?
Well, statistically speaking.
Nah, no more statistically speaking.
I want hot takes.
I want knee-jerk reactions.
That's not really what I do.
Is that because you don't have any knees?
Or?
The score bet.
Trusted sports content, seamless sports betting.
19 plus Ontario only if you have questions or concerns about your gambling or the gambling of someone close to you please go to conicsontario.ca.
Everyone needs help with something. If investing is your something, we get it.
Cooperators' financial representatives are here to help with genuine advice that puts your needs first.
We got you. For all your holistic investment and life insurance advice needs, talk to us today.
Cooperators, investing in your future together.
Mutual funds are offered through Cooperators Financial Investment Services, Inc.
to Canadian residents except those in Quebec in the territories.
Segregated funds are administered by cooperators' life insurance company.
Life insurance is underwritten by cooperators' life insurance company.
Now it's time to recognize someone in crypto, sponsored by Appreciate.
Today we are recognizing Jeremy Epstein, a marketing professional in crypto who has a special
knack for explaining complex topics in terms everyone can understand.
Jeremy has inspired friends and colleagues to join the crypto movement and change the
world. Kudos to you for guiding the way and leading the charge, Jeremy. Appreciate welcomes Unchained
listeners to nominate a friend to get props on a future episode of Unchained. Just go to appreciate.org
slash recognize. That's appreciate.org slash recognize. I'm speaking with Jonathan Levin of Chainalysis.
Let's talk about some of the big types of crimes that we're seeing, or big trends in crimes that we're
seeing. How does a ransomware attack unfold? How is it disseminated to whom, what happens,
those who, you know, for those who pay the ransom versus those who don't.
Yeah, I think it's an interesting phenomenon.
Like, ransomware is not new, right?
Rantamware has been around since, I mean, you could say that it relates to extortion.
Extortion has been around for centuries.
Ransomware as a malware attack has actually been around since 1989.
The ransomware families that we've seen are cyber criminals who are turning to new methods to raise funds from,
victims that they are infecting with malware.
And so the interesting thing about this is that you read a lot about data breaches
and people stealing people's personal information.
And then the problem with that is that you need some mechanism to actually cash out
or you need some way to turn that goods into monetary value.
You can think of those people as like burglars.
You break into someone's house, you steal their TV,
you then need to pawn that TV to then get the money that you want from that crime.
You're not trying to necessarily monetize the asset that you've stolen.
You actually just need to get the person that you've stolen it from to pay you for returning that back to them.
And that's basically what ransomware is.
And so the way that ransomware is disseminated is the same way that any sort of malware campaign is sort of run.
there were many different types and vectors.
The predominant vector is someone opening a PDF or a word document from an email that they shouldn't have.
And it downloads the software onto that machine.
It then encrypts all of the files on that machine.
It looks around which machines that machine is connected to and then spreads out laterally.
And so in the early days, there were very unsophisticated versions and that then get caught by sort of antivirus software.
And more and more, you know, this is a cat and mouse game.
And there's more sophisticated forms of ransomware that can infect networks.
And when did they start asking for Bitcoin and how prevalent is that now?
So I would say that they started asking for Bitcoin probably the earliest was in 2013.
and the growth of that was really felt last year.
There was a lot of campaigns that were being run
where essentially it's a business decision.
So with ransomware,
the people who are financially motivated
are making decisions whether to use infrastructure
that they have at their disposal
to steal personal identifying information
or to try and get
business executives to sign
false invoices, sign off on false invoices,
or there's a whole variety of different things at their disposal,
including now cryptocurrency mining.
But they will decide essentially what to have,
what strategies that they want to pursue.
And so, you know, ransomware last year was probably one of the biggest,
a lot of the efforts of these cybercriminal groups shifted towards running
ransomware infrastructure.
And what percentage of them are using Bitcoin out of all the cryptocurrencies?
Because I just feel like if you're going to use cryptocurrency,
why would you use one where you can trace it?
Like, why wouldn't you use Monaro or something?
I don't get it.
Okay.
So again, it comes back to ransomware as a business.
It's not something that is a, you're a financially motivated actor.
You have a P&L that you need to run.
And you look at adoption rates.
So actually, you know, ransomware also used stuff like PayPal.
You're like, why would you ever use PayPal?
It's traceable or PayPal are going to shut your account.
Well, yeah, in a certain percentage of cases, PayPal will shut the account before you can get the money out.
But in a certain percent of cases, then they don't.
And the same kind of goes for Bitcoin and the same then goes for Minero.
So if you use Minero as the ransomware payment mechanism, do you get a double?
drop off in the rate of adoption or like users paying the ransom out.
So if it's harder for that user, if you think about it, this is a lot of these ransomware
campaigns are mass campaigns, trying to not target sort of cryptocurrency exchanges, which
would be able to get, you know, hold of any sort of cryptocurrency.
They're targeted at the mainstream and the mainstream find it hard to get obscure cryptocurrencies.
And so if the percentage of people paying the ransom went from 10% down to 1%, maybe you're
better off risking it in Bitcoin.
I also want to bring up this trend of the physical crimes that are happening against holders
of cryptocurrency, where the perpetrator will hold the victim up at gunpoint and force them
to send crypto to another wallet.
What kinds of patterns do you see in those crimes?
I definitely see, so extortion still plays a role.
So one of the things that we've found more and more is that someone threatens to physically attack someone, a school, a institution, a bank, or something like that.
And that's a physical threat that actually has an extortion note attached to it with Bitcoin.
That's becoming more prevalent.
Oh, interesting.
But what about this other one that I mentioned?
So the physical, yeah.
So this is where, just to segue from ransomware into, you know, physical threats is that actually
there's physical, quote unquote, extortion that happens via cryptocurrencies.
Okay.
The other thing that happens is you're right, is that someone, you know, in Washington Heights
and on the island of Manhattan is held up at gunpoint to send cryptocurrency to the, you know,
the people that are standing there with a gun.
and actually that was the first time that I saw a good example of someone who understands how to even use a hardware wallet who also has access to a gun in New York City that is quite surprising that it is a sign of you know this has become an instrument that is as I say ubiquitous that like you know the people who have sort of physical arms are also now familiar with
cryptocurrencies. And so, you know, that attack space has really opened up. And I think that the trend
that I see is that the more and more cryptocurrencies get understood by different types of people,
that level of crime will go up. Well, you did mention in one of the articles on that trend that
there are some tools that are being developed that will quote unquote quietly alert authorities
that a transaction is being made under duress,
how would that kind of thing work?
Yeah, so this is something where, you know,
if someone, a lot of these devices have a passcode
or something associated with,
you might be able to have something like a password
that you enter under duress.
Oh, like for your ledger?
For your ledger.
Or something like that.
And there will be more and more mechanisms that are developed,
I imagine, over time that allow people to,
send out emergency signals without actually alerting the person that's extorting them or
standing there with them. I know that, you know, this is, this gets into the realm of more like
security in a much broader sense. And I'm sorry, who would be alerted? So you could have someone,
you could have a private security firm alerted, you know, or, or something like that. This is like,
you know, I've seen a trend of, you know, people in this space get worried about.
physical threats to their person and their family and invest in, you know,
security processes and drivers and stuff like that because people have this impression
that those people can send a billion dollars at the click of a button.
Now, in reality, those people can't do that, but, you know,
the probability of them getting hands on some cryptocurrency to pay a ransom are, you know,
relatively high. And so they need to make sure that, you know, yes, a crazy person could come
along and try and extort them for that. But, you know, they invest in security processes like
other members of society that need to be protected. So we've laid out a bunch of different crimes
that happen with cryptocurrency. But because the wallets that they're sending the money to, you know,
whether it's the ransomware or these, you know, crimes at gunpoint or whatever, that, you know,
these wallets are visible on the blockchain, what do cryptocurrency? What do
criminals then do with the money? How do they get away with it? So they actually pay their bills, right? So criminals, I mean, financially motivated, criminals are financially motivated at the end of the day. They want to afford a good lifestyle. They want to go on holiday. They want to own property and, you know, do what people who have money do. So for those people, they need mechanisms to then reenter the financial system. And so this is
something that is sort of not very well understood by financial institutions is that ultimately
financially motivated criminals within cryptocurrencies are users of the existing financial system.
And, you know, there's a bunch of like pointing the finger over at cryptocurrencies and saying,
look at all this terrible activity that's going on in cryptocurrencies, it's all money laundering.
Well, all of that is actually being sent through the existing financial system and being used to pay for
yachts and boats and, you know, houses and...
But to turn it back into dollars or another fiat currency,
you would presumably need to use an exchange.
Yeah.
And those have no-your-customer-will, so how did they do that?
I don't understand.
So sometimes, you know, it might not be the criminal's person
or the actual identity of the criminal, per se, at the exchange.
They have, like, spoof accounts, they have other people,
they have mules who use...
But like, but what I'm saying is,
is if everyone knows like, okay, that's that account that everybody was sending their ransom to,
then the exchange is going to know, like, okay, then we're not going to, anyone who tries to
exchange the bitcoins from that account into dollars, they were the one extracting these ransoms,
right?
Yeah, so I would hope that, right?
But you've also got like a lot of exchanges around the world, many of which are in
jurisdictions that are outside the United States that don't have KYC,
requirements, there are, you know, exchanges that willfully turn a blind eye.
And you saw that sort of BDCE was kind of the main venue that those ransomware payments
were being processed through.
And so, you know, eventually FinCN took action against BDCE and shut it down and seized it
and, you know, made it harder for criminals to go from cryptocurrencies back into existing, you know,
financial systems.
But fundamentally, you know, just because you do KYC on your customer, even within the
United States, does not mean that none of your accounts get used for bad activity.
And we've just launched the ability for people to do real-time checking of transactions about,
you know, did this come from ransomware or did it not?
And so that also means that, you know, if people are fast enough or if that, if the compliance
processes are not adequate enough to deal with that.
then, you know, money can easily be laundered through, you know, existing, quote-unquote, compliant exchanges.
Obviously, a lot of these criminals use tumblers to mix their transactions up in a way that would be difficult for, you know, the office case the trail.
So how does a Tumblr work and then how do they affect your ability to do your work?
Let me just go back to the first part of that question. Obviously, many criminals use tumblers.
what percentage of criminals do you think use tumblers?
Oh my God.
What percentage of criminals use tumblers?
Maybe like, I don't know, 30%.
Yeah, so I would say it's probably less than 10.
Really?
And the reason is that, again, it's about trust and cost.
So tumblers on the internet are not that trustworthy,
and people need easy user experiences and speed of trust.
transaction and tumblers basically create this way where you give your hard-earned cash to some
anonymous entity on the internet that may or may not return it after a period of time so and they'll
charge you for the privilege so the ability to use tumblers is definitely there that can make
you know tracing transactions extremely difficult but the
reality is that it's a small portion of criminal use of cryptocurrencies and I think that shows the
ability of them to actually move money into traditional exchanges that actually maybe aren't
don't have the compliance processes that they really need to prevent this money laundering.
Okay.
So, but if they do use a Tumblr, does it make it difficult for you to?
Yeah, it definitely makes it difficult for us to...
Impossible or difficult?
Nothing is ever impossible.
Oh, okay. Good answer.
I was curious, what are some of the most common mistakes that criminals make that enable law enforcement to catch them when it comes to, you know, using cryptocurrency for their crimes?
So I think the main mistake that people make when they use cryptocurrencies for crime is that the evidentiary trail is there forever.
And it's actually quite difficult as a criminal to remember exactly what.
what you were doing back in the past where you were using cryptocurrency at some other point
for some other reason.
Or, you know, quite frankly, there's like an impression that cryptocurrencies are like totally
anonymous.
And so either it's something that they did like way back in the past or it's even during
the mode of like how they operate in a day to day that means that, you know, they get caught
using cryptocurrencies.
I would say that still, you know,
cryptocurrencies and their use
doesn't necessarily mean that like criminals
either get away or don't get away with crimes necessarily.
Some of the criminals that get caught are people who like
accept delivery of stuff to their house or their mum's house or, you know,
there's like other mistakes that people are making.
And cryptocurrencies then can confirm what has been happening with that person.
Yeah, it's similar to what Ross Ulbrook did where he made one slip up. That's all you need.
So chain analysis also tracked the stolen Mount Gawks bitcoins. What did you determine about what happened there?
Yeah, so this was like the initial case that we got called in to do. So the Mount Gox case was the event in 2014 where suddenly Mount Gawks woke up and said, well, the bank vault is basically empty.
and they weren't doing daily reconciliation between the deposits that were being made on Mount
Gox and what was still in the wallet at the end of the day.
And the determination that we made was that there were other people who were stealing money
out of Mount Gox that had access to some of the keys within the Mount Gox wallet,
and they were stealing money over time.
And for about 18 months to two years,
they were when money was being deposited into Mount Gox it was being withdrawn from Mount
Gox but without Mount Gox knowing and you know I can see you shake your head and everyone else
in the world shakes their head at that but that was really the lesson that was being learned there
and then what happened was those funds were stolen from Mount Cox those were accumulated into
certain wallets those wallets were then used to pay into exchanges
in order to cash out that money.
And what people say is that, like, oh, my God, they stole so much Bitcoin.
They must be multi-billionaires.
And where is all this money?
You know, at the time of transaction, in total, I estimate somewhere between 20 and 30 million
was made out of that theft.
But that's about it.
Oh.
Oh, wow.
Wait, and I'm so confused because at the time they were saying that it was like half a million
dollars where the Bitcoin was stolen.
So why would they only be making 20 or 30?
So there were 650,000 bitcoins being.
stolen from Mount Gox. In today's terms, that's a huge amount of money. But in actual fact,
during the whole period when they were taking money out of Mount Cox, they were they were cashing
out immediately. Okay. Now I get it. Those assets were not worth, you know, the billions of dollars
that people think that they're worth. Okay. Something else I wanted to ask you about was Bitcoin
activity in countries looking to avoid sanctions like North Korea and Venezuela.
I know you guys are looking at kind of the whole blockchain.
I was curious to know what trends you're seeing there.
Yeah.
So, you know, the North Korea question is quite interesting.
It's quite difficult to get a real sense of, you know, what is happening in North Korea.
You know, as people who ask me about it is that, you know, North Korea is a state.
It's a geography.
There are also actors associated to North Korea that operate outside of that geography.
and so they could be using other types of services that don't exist.
There is no North Korean exchange, right?
Right.
That we can identify.
And so there is a trend to try and identify, well, what North Korea sympathetic actors
or state-sponsored actors are conducting activity in other exchanges around the world
that are not within the North Korean geography.
That's quite a difficult challenge.
So it's quite hard to give you a real sense of how much Bitcoin is being used in North Korea, for example.
And what about Venezuela?
Venezuela is slightly more transparent.
You know, there are Venezuelan exchanges that allow people to convert between local currency and Bitcoin.
And those exchanges are growing.
And actually the number of exchanges is growing, which is, you know, something that is definitely bringing the attention of.
of the US government and financial institutions and cryptocurrency businesses that have to be
concerned about sanctions evasion, you know, we've spoken a lot about like criminal uses of
Bitcoin and that's like kind of petty to some extent. But when it comes into the realm of sanctions,
the fines associated and the actions associated to sanctions evasion is a lot stronger
than, you know, missing a drug dealer saw that you should have been filing.
So, you know, what happens here is that exchanges should be to the extent possible monitoring some of their exposure to those countries because ultimately there's actions and there's some very sharp instruments that exist to in the toolkit of US Treasury to actually go after people that help facilitate sanctions evasion.
and you know this is where there is almost no compromise with sanctions of asian in fact everyone like whether you're a financial institution or not has to be somewhat concerned with you know facilitating relationships um that are with sanctioned entities and you know with the the falling of the iran deal that's like another country that's like top of the agenda and so making sure that you have some processes and proceed
lieges in place to understand your exposure to that is something that I think exchanges would be wise to think about.
Do you have any sense as to why criminals turn to Bitcoin at all? Why don't they just use Manero or Zcash?
So I think that, you know, Manero and Zcash are currencies that do actually attract criminal activity
because of their anonymity. We've seen, you know, a lot of different markets adopt Manero, for instance, as a form of payment mechanism.
but still, you know, in terms of its widest acceptance,
those privacy coins are relatively low.
If you even look at like how people use Bitcoin,
how people use Bitcoin to me gives revealed preference
about what they really care about.
And most cryptocurrency users, criminals, almost even included,
actually entrust their identities to third parties,
even within the Bitcoin sphere.
And that level, and when you, when you,
you open an account at an exchange based in the US, you entrust your privacy to that, that institution,
the same way that you entrust it to your bank.
And even if you are conducting activity on the blockchain, that service, as we've sort of described
in the early part of the interview, is the custodian of your identity and protects your privacy.
And so most people are pretty happy with that form of privacy that exists inside the Bitcoin
ecosystem.
And so they don't really feel the needs to move to like more private cryptocurrencies.
And especially when they're not as usable or widely accepted as as Bitcoin itself.
So for both, you know, criminal use cases and actually like the majority of early adopters
in cryptocurrency, who you would almost say are like the most privacy conscious people on
the planet, like actually a lot of them are willing to entrust their privacy.
to institutions that are gaining their trust.
And if people end up switching to more privacy coins,
is that just going to make your work impossible?
I don't think it ever makes our work impossible
because I believe that our work has to be concerned
with the economic majority.
So as long as I...
But someday it could be that the economic majority
transacts in privacy coins, right?
It is possible.
So, but my take is that we would need to have some signal
that that's something that, you know,
people have preferences over.
So if you look at like Bitcoin as like a great example of I would say like the earliest part of the adoption curve of cryptocurrencies and you look at the preferences that are being revealed by the people who are actually transacting cryptocurrencies like they don't actually are on the side of like controlling their own keys necessarily or like you know a lot of them trust consumer brands in the space like Coinbase to protect their identity and.
privacy and fight back against, you know, John Doe subpoenas against the IRS or something like that.
Right.
Are you killing the fungibility of Bitcoin?
So I don't believe we're killing the fungibility of Bitcoin.
In fact, like the word fungibility to me actually has like a slightly weird definition as if it's like an innate right or an innate property of a particular type of instrument.
Like actually like fungibility to me has like both technical elements and sort of more legal or norm based elements.
And so, you know, for me, what we are doing in terms of fungibility and cryptocurrencies
is we're actually enabling people to make decisions about who they are transacting with.
In fact, like, US dollars are not fungible in the sense that you can't take money from
someone in Iran who gives you a $100 bill, right?
Now, but everyone says that the US dollar is fungible.
Ultimately, you need to understand, you know, the facts.
the purpose behind transactions in order to assess risk, whether or not, whatever monetary instrument
you're using.
And so what we allow people to do in cryptocurrencies is to identify the purpose and the services
that are being used to transact in cryptocurrencies that allow for people to then determine
who they want to do business or not with.
And so really understanding the technical specifics allow us to say, okay,
When you are receiving money from a regulated financial institution on the Bitcoin network,
that is something that you have some opinion about.
When you are receiving it from a ransomware account,
you are not wanting to facilitate the proceeds of crime.
It's not the Bitcoins.
It's actually like you facing a counterparty that you do not want to do business with.
And so the way that I think about fungibility is about, well, yeah, obviously every unit within the ledger is equal,
but people have opinions and need to have business requirements around, you know, who they want to be doing business with.
And so you feel like if a coin has been tainted by, you know, the fact that it went to a dark market at some point, dark net market,
that that's not making it less fungible?
We never taint bitcoins.
Okay.
So there are no currency units within our system that maintain a degree of taint.
In fact, all we do is point out the facts about how different wallets have interacted.
And so we like to think about, are you interacting with someone that you want to do business with?
Or are you about to interact with someone that you do not want to do business with?
Okay.
And then there are the cases where you want to interact with someone that you shouldn't want to interact with.
Yeah.
For those businesses, we say you can go somewhere else.
Okay, great.
Well, it's been so fantastic having you in the show.
Where can people get in touch with you?
So I'm on Twitter, J-O-N-Y-E-11.
You can also go to our website to learn more about us, chain analysis.com.
Yeah, we're based in New York.
If you're ever in town, hit me up on Twitter.
Okay, great. Well, thanks for coming on Unchained.
Thanks, Laura.
Thanks so much for joining us today. To learn more about Jonathan, check out the show notes
inside your podcast episode. New episodes of Unchained come out every Tuesday.
If you haven't already, rate review, and subscribe on Apple Podcasts.
If you like this episode, share it with your friends on Facebook, Twitter, or LinkedIn.
Unchained is produced by me, Laura Shin, with help from Elaine Zelby, Fractal Recording,
Jenny Josephson, Daniel Ness, and Rahul Singareti. Thanks for listening.
Thank you.