Yesterday we had a major scoop from CoinDesk’s Danny Nelson, who unearthed a set of slides showing the crypto investigations firm Chainalysis has been running a wallet explorer site that scrapes users’ IP addresses as part of the firm’s investigative services for law enforcement agencies.
While the idea of a honeypot website harvesting IP data is definitely creepy, I would argue Chainalysis’ apparent methods here are laudable because the data is gathered as part of targeted investigations rather than as a form of sweeping surveillance. Legislators around the world sometimes seem to forget the distinction, as when they pressure companies like Apple for backdoors into its system that compromise the privacy of all users – or, increasingly, push for crypto legislation with blanket invasive surveillance requirements.
This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.
Particularly notable here is that the block explorer in question, walletexplorer.com, is not particularly well-known, at least in the West. That, along with its primitive appearance, suggests that Chainalysis may have actively promoted it in criminal circles, perhaps even as a “safe” alternative to more mainstream block explorers. The IP addresses gathered by the site, as the leaked slides explain, could be correlated with other data, on and off the blockchain, to help establish the real-world identities of investigation targets. That means that if you’re not in Chainalysis’ crosshairs, visiting its block explorer is unlikely to have compromised your identity on its own.
Now, this is not an advice column for criminals, but if it were, this would be my takeaway: Don’t use cryptocurrency to do crime. For whatever reason, early discussion of Bitcoin often described it as “anonymous,” but that’s profoundly inaccurate. In fact, real privacy is extremely hard to implement on public blockchains, which in many cases must keep transaction data transparent to function. That includes, in the case of Bitcoin, a public record of every transaction ever.
So while a Bitcoin wallet provides a useful level of everyday privacy in that it doesn’t have your name attached to it, there’s a whole lot of metadata that can be correlated. Over the last few years, it has become increasingly clear that data often leads back to a real-world name – the IP addresses gathered by Chainalysis are one obvious source of clues, but probably not the only one. Even crypto specifically designed for privacy seems to have major limits – Chainalysis also claims it was able to “provide usable leads” in 65% of investigations on the Monero blockchain.
The good news is that if you’re looking for money laundering services, you have some better options. If you’re a big enough fish, give megabank HSBC a call: The bank has been extremely attentive to the illicit finance needs of Mexican drug cartels. If your requirements are more esoteric, consider a trip to Vatican City: The Holy See, through its affiliated banks, allegedly played a key role in funneling the Central Intelligence Agency’s drug money to terrorist cells throughout Italy and Europe as part of Operation Gladio.
Again, this is not a criminal advice column – but I hope I’m doing some good here. We already know (thanks to Chainalysis, in fact), that the level of criminal activity on blockchain networks is low. It’s simply not an application the technology is built to fit, or maybe ever will be. The more people figure that out, the less pressure authorities can bring to bear to systematically compromise the privacy of law-abiding citizens.