Re: [Cryptography] Bitcoin theft and the future of cryptocurrencies
https://www.reddit.com/r/DarkNetMarkets/comments/5cb74u/blockchain_analysis_...
(Unfortunately the original text of the above post has been deleted. I've been looking for an archived copy but haven't found one yet. Suffice to say, it showed that as of 2016 law enforcement already had off-the-shelf software capable of deanonymizing coinjoin'd transactions.)
From what was demonstrated, this software basically matches up all
From our conversations (and inherent alarm of this in the audience, leading to the conclusion there are plenty of my peers buying from markets) as far as we have ascertained, this data is not yet being used for any purpose aside from mass de-anonymising users, which leads my peers and me to believe that the movement of funds alone cannot be used for raising charges, this does raise other concerns at an administrative level, as it is likely this data could be shared between government bodies to authorise a "probable cause" warrant on mail and houses. I can also confirm that this software was used in the most recent
Nothing really new here that wasn't understood by blockchain tech community in early days... ========== https://www.reddit.com/r/DarkNetMarkets/comments/5cb74u/blockchain_analysis_... Blockchain Analysis and Anti-Money Laundering (X-post from /r/DarknetmarketsOz) submitted 20161110T233518 by Realitybytes_ http://archive.is/zLPcs As promised many months ago, I have attended my first CP session on AML/CTF for cryptocurrency and I am now in a position to discuss at a high level what the current state of play is. While AML issues have not been touched on in this course yet (strategies and counter strategies will be discussed in session 2), I felt some of these issues are too important to wait for a better write up post this time and the overall method they are using to undertake AML analysis is now exceptionally clear. I note some of the technology demonstrated to us in these sessions is very new (been in use for less than 90 days) and from what we are being shown, it's powerful enough that some significant steps may need to be taken in the future to avoid being tagged, I will address this after outlining what is being demonstrated to us. ──────── The current state of play Not much surprise too many of you who are concerned with significant opsec, however banks have been indiscriminately flagging every transaction related to bitcoin purchases and sales for quite some time, I even raised in this my previous post on AML/CTF. When I raised this previously, I assumed it was just regular AML/CFT controls, however I was wrong, this information has been used in a project I was not privy too, and this data from the banks I have worked with (in Australia) has been consolidated with many banks within the 5 eyes and provided to a data science corporate (Palantir) to conduct large scale inference matching alongside the distributed ledger. transactions that show funds being flowed into the block chain (via banks, credit cards and KYC/verified website sites) and matches this information up to begin building out a map of who wallets relate to. The software is currently being developed to undertake profile matching (albeit this is only in a preliminary stage) so if you have sent funds to the same wallet from a different wallet, it will link them to the owner again (this is still inherently inaccurate). ──────── What this means for buyers The systems in place seem heavily predecated around buyers not vendors which I found surprising, with the early reports showing that in as few as 2 transactions matched between the block chain distributed ledger and bank accounts de-anonymising wallets which is undertaken using information relating to a weight price of bitcoin (with tolerances) and the tracking of the specific value of bitcoins being sent, due to the finite nature of bitcoin transactions flowing from bank accounts to wallets this is already being tracked in real time. police sting in New Zealand, adding weight to the conclusion that judges are comfortable signing warrants on this information. If you have always undertaken cash purchases of LBC, avoided KYC requirements and never cashed out bitcoins, you are likely still anonymous. ──────── What this means for vendors As detailed above, as the software undertakes bank and transaction matching to wallets as long as they have never directly cashed out money from a wallet to their bank, they should still be safe. This section will likely be expanded on post session two when we address AML concerns. ──────── Tumblers are useless Against my better judgement, I’m going with this click bait heading, but the premise is correct. Due to the software running real time analysis on the ledger, simply avoiding taint and breaking up coins is now entirely ineffective, as it matches the full bitcoin amount to be received over a period of time, as the software is built around a neural net of sorts (talking out of school here, I’m not a programmer) it appears to self-correct in real time as a more "likely" or "accurate" owner conclusion is reached. ──────── Frequently asked questions These are the questions asked in the audience and their response (not mine; I have no opinion either way). How quickly can it de- anonymise a user? If the user has sent coins from a KYC verified organisation, the wallets sent through will be de-anonymised in real time, otherwise it will assign a unique primary key to the wallet once it has been identified as unique and it will flag all wallets believe to be owned by this user. Who is this data currently being shared with? The information is available to all major international anti-crime organisations; however at this time the analysis has been undertaken for Australia, New Zealand, America, Canada and the United Kingdom. How will this impact other cryptocurrencies? The overall process it determined to be identical, if there is a block chain to be analysed and a trade of cash to these coins it is anticipated we will continue to de-anonymise wallets. How will this to used to combat the drug trade? The software will inherently flag dealer wallets in the same process it flags purchasers; however as the overall end result between buyers and sellers is the opposite this information will be used to assist law enforcement to identify volume of sales based on turnover. - Are we legally allowed to utilise this information? As cryptocurrencies are determined to be an asset not a currency, the existing laws allow this to be monitored similar to that of any asset. What about monero? We believe due to the low adoption rate difficult in obtaining coins and converting into cash that monero adoption will continue to be low, similar to that of any alternative cryptocurrency. ──────── What measures should now become the default Under no circumstance should you be purchasing bitcoins from any KYC verified organisation, and banks should be avoided. Purchasing in cash is now the default. - Wallets should be changed regularly, at a "on a per transaction" basis is possible. Everyone should send bitcoins in rounded amounts from 0.25 to 1.0, this would destroy the entire matching algorithm, if we all just send coins in amounts of 1.0 it would be impossible to ascertain users if we avoided KYC. - All bitcoin movements should be undertaken via a non-domestic VPN or TOR ──────── Apologies if this article seems like a doom and gloom speech, I am actually surprised as to how well developed this process is. I got to play with the software for a few minutes and I was surprised to see it new I purchased bitcoins and what my wallet was (fortunately for me, there was no solid line to a market). If you have any questions, please let me know, I will do another follow up post my session two, however this is booked in for February, so in the meantime stay safe and stay anonymous. ==========
On Mon, Dec 25, 2017 at 07:45:47PM -0500, grarpamp wrote:
https://www.reddit.com/r/DarkNetMarkets/comments/5cb74u/blockchain_analysis_...
(Unfortunately the original text of the above post has been deleted. I've been looking for an archived copy but haven't found one yet. Suffice to say, it showed that as of 2016 law enforcement already had off-the-shelf software capable of deanonymizing coinjoin'd transactions.)
Nothing really new here that wasn't understood by blockchain tech community in early days...
========== https://www.reddit.com/r/DarkNetMarkets/comments/5cb74u/blockchain_analysis_... Blockchain Analysis and Anti-Money Laundering (X-post from /r/DarknetmarketsOz) submitted 20161110T233518 by Realitybytes_ http://archive.is/zLPcs
As promised many months ago, I have attended my first CP session on AML/CTF for cryptocurrency and I am now in a position to discuss at a high level what the current state of play is. While AML issues have not been touched on in this course yet (strategies and counter strategies will be discussed in session 2), I felt some of these issues are too important to wait for a better write up post this time and the overall method they are using to undertake AML analysis is now exceptionally clear. I note some of the technology demonstrated to us in these sessions is very new (been in use for less than 90 days) and from what we are being shown, it's powerful enough that some significant steps may need to be taken in the future to avoid being tagged, I will address this after outlining what is being demonstrated to us. ──────── The current state of play Not much surprise too many of you who are concerned with significant opsec, however banks have been indiscriminately flagging every transaction related to bitcoin purchases and sales for quite some time, I even raised in this my previous post on AML/CTF. When I raised this previously, I assumed it was just regular AML/CFT controls, however I was wrong, this information has been used in a project I was not privy too, and this data from the banks I have worked with (in Australia) has been consolidated with many banks within the 5 eyes and provided to a data science corporate (Palantir) to conduct large scale inference matching alongside the distributed ledger. From what was demonstrated, this software basically matches up all transactions that show funds being flowed into the block chain (via banks, credit cards and KYC/verified website sites) and matches this information up to begin building out a map of who wallets relate to. The software is currently being developed to undertake profile matching (albeit this is only in a preliminary stage) so if you have sent funds to the same wallet from a different wallet, it will link them to the owner again (this is still inherently inaccurate). ──────── What this means for buyers The systems in place seem heavily predecated around buyers not vendors which I found surprising, with the early reports showing that in as few as 2 transactions matched between the block chain distributed ledger and bank accounts de-anonymising wallets which is undertaken using information relating to a weight price of bitcoin (with tolerances) and the tracking of the specific value of bitcoins being sent, due to the finite nature of bitcoin transactions flowing from bank accounts to wallets this is already being tracked in real time. From our conversations (and inherent alarm of this in the audience, leading to the conclusion there are plenty of my peers buying from markets) as far as we have ascertained, this data is not yet being used for any purpose aside from mass de-anonymising users, which leads my peers and me to believe that the movement of funds alone cannot be used for raising charges, this does raise other concerns at an administrative level, as it is likely this data could be shared between government bodies to authorise a "probable cause" warrant on mail and houses. I can also confirm that this software was used in the most recent police sting in New Zealand, adding weight to the conclusion that judges are comfortable signing warrants on this information. If you have always undertaken cash purchases of LBC, avoided KYC requirements and never cashed out bitcoins, you are likely still anonymous. ──────── What this means for vendors As detailed above, as the software undertakes bank and transaction matching to wallets as long as they have never directly cashed out money from a wallet to their bank, they should still be safe. This section will likely be expanded on post session two when we address AML concerns. ──────── Tumblers are useless Against my better judgement, I’m going with this click bait heading, but the premise is correct. Due to the software running real time analysis on the ledger, simply avoiding taint and breaking up coins is now entirely ineffective, as it matches the full bitcoin amount to be received over a period of time, as the software is built around a neural net of sorts (talking out of school here, I’m not a programmer) it appears to self-correct in real time as a more "likely" or "accurate" owner conclusion is reached. ──────── Frequently asked questions These are the questions asked in the audience and their response (not mine; I have no opinion either way). How quickly can it de- anonymise a user? If the user has sent coins from a KYC verified organisation, the wallets sent through will be de-anonymised in real time, otherwise it will assign a unique primary key to the wallet once it has been identified as unique and it will flag all wallets believe to be owned by this user. Who is this data currently being shared with? The information is available to all major international anti-crime organisations; however at this time the analysis has been undertaken for Australia, New Zealand, America, Canada and the United Kingdom. How will this impact other cryptocurrencies? The overall process it determined to be identical, if there is a block chain to be analysed and a trade of cash to these coins it is anticipated we will continue to de-anonymise wallets. How will this to used to combat the drug trade? The software will inherently flag dealer wallets in the same process it flags purchasers; however as the overall end result between buyers and sellers is the opposite this information will be used to assist law enforcement to identify volume of sales based on turnover. - Are we legally allowed to utilise this information? As cryptocurrencies are determined to be an asset not a currency, the existing laws allow this to be monitored similar to that of any asset. What about monero? We believe due to the low adoption rate difficult in obtaining coins and converting into cash that monero adoption will continue to be low, similar to that of any alternative cryptocurrency. ──────── What measures should now become the default Under no circumstance should you be purchasing bitcoins from any KYC verified organisation, and banks should be avoided. Purchasing in cash is now the default. - Wallets should be changed regularly, at a "on a per transaction" basis is possible. Everyone should send bitcoins in rounded amounts from 0.25 to 1.0, this would destroy the entire matching algorithm, if we all just send coins in amounts of 1.0 it would be impossible to ascertain users if we avoided KYC. - All bitcoin movements should be undertaken via a non-domestic VPN or TOR ──────── Apologies if this article seems like a doom and gloom speech, I am actually surprised as to how well developed this process is. I got to play with the software for a few minutes and I was surprised to see it new I purchased bitcoins and what my wallet was (fortunately for me, there was no solid line to a market). If you have any questions, please let me know, I will do another follow up post my session two, however this is booked in for February, so in the meantime stay safe and stay anonymous.
==========
Interesting. I always bought coins directly from a guy who was happy to take my money, at a cost to me only slightly above TX fee, and send coin straight to my wallet(s). The whole concept of the KYC requirements of all the major online exchange sites seemed both antithetical to BTC and dangerous. I was always wary of tumbling the coins for anonymity, and stopped screwing around with it when I lost easy access to my point of contact that would do direct coin for cash... In any case, its been going on a couple years since I did anything at all with BTC. I do wish I had held on to some of the coins I went through, with the current prices (*bleh!*). -- GPG fingerprint: 17FD 615A D20D AFE8 B3E4 C9D2 E324 20BE D47A 78C7
On Tue, 26 Dec 2017 09:41:55 -0500 John Newman <jnn@synfin.org> wrote:
Interesting. I always bought coins directly from a guy who was happy to take my money, at a cost to me only slightly above TX fee, and send coin straight to my wallet(s). The whole concept of the KYC requirements of all the major online exchange sites seemed both antithetical to BTC and dangerous.
It's a disaster. https://blog.coinbase.com/kathryn-haun-joins-coinbase-board-of-directors-65b... https://cointelegraph.com/news/coinbase-is-tracking-how-users-spend-their-bi... https://motherboard.vice.com/amp/en_us/article/ywnmkk/coinbase-irs-14000-bit... oh and coinbase was literally 'founded' by goldman sachs scum .
I was always wary of tumbling the coins for anonymity, and stopped screwing around with it when I lost easy access to my point of contact that would do direct coin for cash...
In any case, its been going on a couple years since I did anything at all with BTC. I do wish I had held on to some of the coins I went through, with the current prices (*bleh!*).
On Tue, Dec 26, 2017 at 03:11:36PM -0300, Juan wrote:
On Tue, 26 Dec 2017 09:41:55 -0500 John Newman <jnn@synfin.org> wrote:
Interesting. I always bought coins directly from a guy who was happy to take my money, at a cost to me only slightly above TX fee, and send coin straight to my wallet(s). The whole concept of the KYC requirements of all the major online exchange sites seemed both antithetical to BTC and dangerous.
It's a disaster.
https://blog.coinbase.com/kathryn-haun-joins-coinbase-board-of-directors-65b...
https://cointelegraph.com/news/coinbase-is-tracking-how-users-spend-their-bi...
https://motherboard.vice.com/amp/en_us/article/ywnmkk/coinbase-irs-14000-bit...
oh and coinbase was literally 'founded' by goldman sachs scum .
Taxation is “necessary” so that the Oldman GoliSachs can keep taking their 10% yearly cut from "society" without paying anything back, whilst the sheeple pay their own way, pay "for the poor", AND pay the 10% annual (govt) interest fee so Goldman Oilisarchs can get another "free" despot payment this year, under the banner of democracy of course.
participants (4)
-
grarpamp -
John Newman -
juan -
Zenaan Harkness