How Dirty Money Disappears Into the Black Hole of Cryptocurrency (#GotBitcoin?)
Journal investigation documents suspicious trades through venture capital-backed ShapeShift. How Dirty Money Disappears Into the Black Hole of Cryptocurrency (#GotBitcoin?)
A North Korean agent, a stolen-credit-card peddler and the mastermind of an $80 million Ponzi scheme had a common problem. They needed to launder their dirty money.
They found a common solution in ShapeShift AG, an online exchange backed by established American venture-capital firms that lets people anonymously trade bitcoin, which police can track, for other digital currencies that can’t be followed.
Since bitcoin was introduced nearly 10 years ago, law-enforcement authorities have worried the technology could ease money laundering. Now a new breed of cryptocurrency intermediary is giving fresh urgency to those fears, operating in plain view with scant policing and often allowing users to engage in anonymous transactions.
A Wall Street Journal investigation identified nearly $90 million in suspected criminal proceeds that flowed through such intermediaries over two years.
Most operate beyond the reach of U.S. authorities, with unidentified owners and addresses in places such as Eastern Europe and China.
Not ShapeShift, the largest recipient of the funds with a U.S. presence. The company is officially registered in loosely regulated Switzerland, but it is run out of a 1980s-era office building in a Denver neighborhood packed with tech companies and marijuana entrepreneurs. ShapeShift’s founder and chief executive, Erik Voorhees, along with its chief operating officer and its marketing chief, all live in the Denver area.
The company’s financial backers include Pantera Capital and FundersClub in California and Access Venture Partners in Colorado. Partners with Pantera and Access said their legal reviews satisfied them that ShapeShift is operating within the law. FundersClub and its partners didn’t respond to messages seeking comment.
A parade of suspected criminals has taken advantage of ShapeShift’s services since the exchange began in 2014, according to law-enforcement officials, independent researchers and the Journal’s investigation.
After hackers believed to be from North Korea extorted millions of dollars in the so-called WannaCry ransomware attack on businesses and governments, the criminals used ShapeShift to convert bitcoin into an untraceable cryptocurrency called Monero, security researchers found. For the next year, ShapeShift made no changes to its policy of not identifying its customers, and continued to process millions of dollars in criminal proceeds, according to the Journal investigation.
Many cryptocurrency exchanges say they follow federal rules intended to combat money laundering, even though the question of whether they are subject to them hasn’t been tested. They keep records of their customers’ identity and monitor transactions to root out and report suspicious activity.
Mr. Voorhees has long scoffed at such constraints. “I don’t think people should have their identity recorded to catch an occasional criminal,” he said in a May interview.
Bitcoin and other cryptocurrencies are based on software that acts as a digital ledger maintained across thousands of computers. The ledgers, or blockchains, for most cryptocoins are publicly viewable, and allow people to track the movements of coins from one anonymous online account or wallet to the next. That anonymity can be broken, though, when a criminal trades bitcoin for dollars. Bad actors must therefore figure out a way to erase traces of their crimes from their currency’s digital trail.
To examine the scope of crypto money laundering, the Journal built computer programs that tracked funds from more than 2,500 suspected investment frauds, hacks, blackmail schemes and other alleged crimes that used bitcoin and Ethereum by analyzing the currencies’ underlying software.
The Journal’s analysis—which encompassed only a narrow slice of suspected criminal behavior involving cryptocurrencies—identified $88.6 million laundered through 46 exchanges. Many alleged perpetrators are unknown or on the run. Some were arrested. A small portion of the money, less than $2 million that the Journal identified, may have been seized by law enforcement in a few cases, though court filings don’t list precise amounts.
The Journal found that ShapeShift processed nearly $9 million of the suspect funds, more than any other exchange with U.S. offices.
The Journal provided ShapeShift with a list of the suspicious addresses it found using the exchange. In response, Veronica McGregor, who joined ShapeShift last month as its chief legal officer, said the company reviewed those addresses and banned them from using the exchange.
Ms. McGregor also said ShapeShift plans to start requiring users to provide identification starting Oct. 1. She said the company is doing that to “de-risk” itself in the face of potential new regulations and abuse by criminals, “not in response to any regulatory enforcement action.” She said the company plans to start monitoring for and reporting potential money laundering.
Ms. McGregor said she wants to separate Mr. Voorhees’s views from the company’s. “Just because it’s the personal philosophy of the CEO doesn’t mean that’s how the business is going to be run,” she said. “He’s not pro-money-laundering.”
Here’s how the money trail was disguised in one example the Journal traced to ShapeShift. An online entity calling itself Starscape Capital (US gov. false flag?) collected almost $2.2 million from investors who were promised outsize returns. Investors paid Starscape by depositing Ethereum, the most popular cryptocurrency after bitcoin, into an anonymous wallet. Starscape’s website soon went dark, and investors began complaining online about their missing money.
Ethereum, like many cryptocurrencies, has a publicly viewable ledger, even though the identity of the wallet holder isn’t readily apparent. So the recipients of the money decided to hide their trail before cashing out. They sent millions of dollars in Ethereum to two exchanges via separate routes. One stream of money went to another anonymous wallet and onto an Asian exchange called KuCoin, the Journal investigation found. Another $517,000 went directly to ShapeShift, which exchanged it for Monero. At that point the trail vanished.
The Monero could then be traded for clean bitcoin or sold for hard currency without any way to trace it back to the original transaction. The Starscape founders haven’t been identified.
The 12 million-plus transactions the Journal analyzed reveal numerous instances of suspicious behavior: The pseudonymous Marco Fike raised more than $2 million for a made-up bitcoin startup and disappeared; Makoto Takahashi (also an apparent alias) got nearly $600,000 to develop an online betting platform that never launched; a “sextortion” racket raised money blackmailing people by threatening to release explicit photos. Even spoofers who robbed ShapeShift’s own would-be customers by setting up a copycat ShapeShift website that stole their money used the real ShapeShift to launder their funds, according to publicly visible online data reviewed by the Journal.
Mr. Voorhees points out that ShapeShift does offer a measure of transparency—much like bitcoin itself, it allows people to see the movement of cryptocurrency, but not to identify the owner. The exchange’s system lets people see which anonymous wallets received cryptocurrency, but in the case of Monero, recipient addresses and transaction amounts remain secret and the trail is severed.
Mr. Voorhees has argued that ShapeShift and similar cryptocurrency exchanges that don’t take custody of customer funds shouldn’t be subject to anti-money-laundering regulations. “This whole narrative that the government is out to protect people is total bullshit,” he said.
The U.S. Department of Treasury appears to disagree. Asked at a recent event about ShapeShift, Kevin O’Connor, an enforcement officer at Treasury’s Financial Crimes Enforcement Network, said that any crypto-to-crypto exchange that has U.S. customers must comply with rules governing money transmitters. A FinCEN spokesman said Mr. O’Connor was speaking broadly and not just in relation to ShapeShift.
Other exchanges, including U.S.-based Bittrex, say they follow federal guidelines. Among other things, Bittrex says it examines where funds originated and how many intermediary wallets they passed through before arriving.
Still, the Journal found that $6.3 million in funds from apparent criminal activity flowed into Bittrex. Some of that was confiscated by law enforcement, for example in the case of a man who recently pleaded guilty to selling drugs and laundering money.
Europol, the European policing agency, has investigated several cases in which criminals used ShapeShift, says a person close to those probes. U.S. authorities also are keenly aware of ShapeShift’s role in exchanging suspicious funds, says a person with direct knowledge. “You can only run a red light so many times before you get pulled over,” the person says.
Lured by bitcoin’s boom, investors in Europe, California and Colorado looked past legal risks to put more than $12 million behind ShapeShift. They say Mr. Voorhees, who says he “would like the national government to be dissolved,” has convinced them he is a pragmatic businessman willing to follow federal laws.
“I trust Erik. I know that Erik is not a first-time entrepreneur,” says Paul Veradittakit, of Pantera Capital, one of the most prominent crypto-focused venture funds and an investor in ShapeShift. He says Pantera examined the model of an instant exchange that doesn’t collect user ID, and decided it was worth betting on, particularly after meeting with Mr. Voorhees, whom Mr. Veradittakit calls “a visionary.”
About 7% of ShapeShift’s volume between February and August 2018 were trades exchanging traceable currencies for a stealth coin named Monero.
He says lawyers assured Pantera that an argument could be made that a crypto-only exchange may not fall under federal financial regulations.
Mr. Voorhees, a pale and slender 34-year-old, discovered bitcoin in 2011 after joining the “Free State Project,” which is trying to bring 20,000 libertarians to New Hampshire in a collective effort to create a libertarian haven.
He started a gambling site, Satoshi Dice, in 2012, which paid out in bitcoin. He also took a job at a bitcoin exchange, though it eventually closed; its founder was later convicted of money laundering.
Mr. Voorhees said bitcoin could undermine the inheritance tax. “Wouldn’t it be great if you could just take the money that you were going to donate to someone, put it into a hidden form that couldn’t be confiscated and would be invisible to the authorities, and then there’s no longer a death tax?” he asked on a 2013 panel.
Mr. Voorhees sold stock in Satoshi Dice in exchange for bitcoin and, by his own account, moved to Panama to avoid taxes. He bought back investors’ stock and sold the site for bitcoin now worth more than $800 million.
The U.S. Securities and Exchange Commission later said selling stock in Satoshi Dice and another bitcoin company he owned were unregistered securities offerings. Mr. Voorhees paid a settlement of just over $50,000.
“As much as I hated government before, then I was like, ‘Man, this is what these people do, go around ruining innocent people’s lives,’ ” Mr. Voorhees says.
He left Panama for Telluride, a Colorado ski town, and decided to start his own exchange that would make money by buying cryptocurrency and reselling it at a markup.
ShapeShift launched in 2014, identifying its CEO as “Beorn Gonthier”—the first name from a Tolkien character who shifts from man to bear—because Mr. Voorhees wanted anonymity, he says. When New York state initiated a “Bit License” three years ago forcing companies to collect customer information, Mr. Voorhees decided ShapeShift wouldn’t operate there.
In 2016, ShapeShift’s monthly volume reached $11.7 million, the company says. Mr. Voorhees dropped the pseudonym and pitched established investors. Pantera and a group of other funders invested $10.4 million in a new ShapeShift funding round in the spring of 2017.
Soon after the venture capital came, ShapeShift had its first public money-laundering problem. The WannaCry attack commandeered hundreds of government and corporate computers, holding their data for bitcoin ransom. Security specialists—and later federal officials—blamed North Korea. Researchers including Priscilla Moriuchi, formerly with the top-secret National Security Agency, started tracking WannaCry’s proceeds.
When the bitcoin moved from the original wallet, Ms. Moriuchi, who now works for consultancy Recorded Future, followed it to ShapeShift, where it was traded for untraceable Monero. After reviewing some 30,000 transactions, she determined the trail went cold. ShapeShift, she says, is “without a doubt providing a service that is very useful to criminals.”
Mr. Voorhees says ShapeShift assists law enforcement when asked, though it has limited information to share.
After the WannaCry hack, users of internet chat rooms that give advice on money laundering recommended using ShapeShift to erase the trail of dirty bitcoin, the Journal found via services that monitor such sites.
In February, the Journal began following money from more than 2,500 wallet addresses that security researchers and court records had linked to criminal activity.
In one such case, a website belonging to BTC Global disappeared after raising $80 million by promising 5% weekly returns on deposits, according to an archived version of the site. South African authorities launched an investigation when investors alleged they no longer received payments and the company’s “primary trader,” Steven Twain, disappeared. The Journal traced funds from BTC Global through intermediary wallets to ShapeShift.
The Journal also traced funds from addresses provided by security consultance Recorded Future that were controlled by dark-web vendors advertising stolen credit cards and e-commerce accounts to ShapeShift.
Centra Tech Inc. last year started fundraising to develop a cryptocurrency debit card. Owners Sohrab Sharma and Robert Farkas claimed they had deals with Visa, Mastercard and Bancorp. Investors put in $32 million.
The claims were false, federal prosecutors say. Centra’s founders, who used their real names in marketing materials, were arrested in South Florida earlier this year and charged with fraud. The two men have pleaded not guilty. A lawyer for Mr. Sharma declined to comment. Mr. Farkas’s lawyer said Centra funds that went to ShapeShift weren’t from investors, and weren’t sent by his client.
While the government seized much of the money, millions had been liquidated before the arrests through exchanges including ShapeShift. Where the money went from there is unknown.
How The Journal Traced Suspicious Cryptocurrency Trades
The Wall Street Journal compiled a database of more than 2,500 suspicious wallet addresses from multiples sources including the Ether Scam Database, Bitcoin Who’s Who scam reports, reports of fraud from investors and security researchers. The Journal then worked with Elliptic—a London-based blockchain forensics company—to trace funds from a limited number of wallets directly to exchanges.
To identify intermediary wallets, the Journal downloaded transactions linked to illicit wallet address from Blockchain.info and Etherscan.io. The Journal then downloaded a list of wallet addresses used by exchanges from ShapeShift.io, Walletexplorer.com and Etherscan.io.
The Journal’s analysis traced funds sent from suspicious wallet addresses to no more than two intermediaries before reaching an exchange and excluded transactions sent from exchanges.
To analyze Shapeshift transactions, every 15 seconds the Journal downloaded and stored a list of the 50 most recent transactions published on the company’s website. Because ShapeShift’s public transaction reports don’t uniquely identify trades, the Journal removed transactions involving identical currencies and amounts occurring at the same time.
Crypto Extortion On The Rise, Says Academic Study
Crypto-based extortion – basically the process of using spam-flinging botnet armies to “ransom” dirty pictures and compromising information in exchange for bitcoin – has turned virtual crime into child’s play.
Speaking this week at the Advances in Financial Technology conference in Zurich, an international team comprised of researchers from the Austrian Technology Institute and security provider GoSecure sampled a population of email spam and found that the extortion process was quick, easy, and very lucrative.
Using public data hack info, the researchers found that a single instance of the popular Necurs botnet launched over 80 campaigns and in the 4.3 million emails surveyed by the team. In almost all cases the criminals had no incriminating information on the victims.
The team said that the botnet was surprisingly lucrative. By renting a botnet for $10,000 per month, the extortionists have been making at least $130,000. Compared to most extortion schemes, the spam campaign is incredibly simple, largely due to its employment of cryptocurrencies, said GoSecure’s Masarah Paquet-Clouston.
As such, the researchers expect crypto-backed email extortions to increase.
“If you look at traditional spam, it’s much more complicated … [crypto] extortion spam is much simpler,” Paquet-Clouston said.
Examples provided in the paper describe an email informing the victim that the hacker will release compromising personal information if bitcoin isn’t provided in a timely manner. For example, one email claimed the hackers were performing surveillance via malware:
“Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your account. I’ve been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited.”
Tracking the bitcoin addresses used and languages employed in emails allowed the researchers to further understand how botnets operate. For instance, whoever was behind the botnet charged certain nationalities higher prices than others, with English speakers topping out around $745 per recipient compared to Spaniards on the lowest end at $249.
The botnet reused bitcoin addresses, backing up similar research which saw one address used 3 million times. The researchers speculate address re-use is employed to increase the tactics overall simplicity.
Only 0.135 percent of bitcoin extorted could be traced to publicly verifiable wallets on exchanges, signifying the use of CoinJoins and other measures to mask transactions before off-ramping funds into fiat currency.
Knowledge about bitcoin and methods to track payments have lead botnet campaigns to other cryptos, the team said, particularly litecoin. Counterintuitively, privacy coins like monero and zcash are not being heavily used.
How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,How Dirty Money Disappears,