At the end of April, Russian citizen Roman Sterlingov was arrested in the United States. He is being held as a suspect in a bitcoin money laundering case. The Americans believe that Sterling is behind the creation and operation of the Bitcoin Fog cryptocurrency mixing service, with the help of which criminals can cover up the traces of Bitcoin transactions. Today we’ll talk about how cryptocurrency is used for money laundering and what ways exist for this to anonymize bitcoin wallets.
Bitcoin allows pseudo-anonymous payments. That is, when creating a bitcoin wallet on an underground exchange, you do not need to register it on your passport, as is the case with a bank account. At the same time, the Bitcoin network retains information about all past transactions: when, where and in what amount virtual coins were transferred. And if in this chain of wallets you somehow light up a bread crumb that can lead to a specific person, all the anonymity of payments through bitcoin crumbles.
Mistake made
This happened in the case of Roman Sterling. On one mistake he made, the US tax service, together with operatives, contacted a man who for many years helped others to launder bitcoins and cover up the traces of transactions with their use. In total, more than a million bitcoins were transferred through Bitcoin Fog – this is approximately $ 335 million at the time of transactions. This “washing machine” got coins from the darknet markets and robbed cryptocurrency exchanges. We’ll talk a little further about how internet laundries work, but for now let’s get back to Sterling.
Ten years ago, in 2011, Sterling paid for the hosting of his “laundry” to launder bitcoins using the now defunct Liberty Reserve cryptocurrency.
First, on the already defunct stock exchange Mt. Gox, he exchanged euros for bitcoins, after which he transferred these bitcoins between several wallets, until he exchanged them on another cryptocurrency exchange for virtual Liberty Reserve coins – and already used them to pay for the server for Bitcoin Fog.
The IRS said that the very bread crumb that helped identify Sterling was his account on the first exchange in the chain. In this account, ten years ago, a Russian left his home address and phone number, and also indicated a Google account. In his cloud storage Google Drive, they found a text document in Russian describing approaches to hide payments in the Bitcoin system. The rest was already a matter of normal operational work of US law enforcement officers.
Transparent safe
Each user of the Bitcoin network has a record of the complete history of all transactions in the form of a log file. When a user initiates a transfer of bitcoins to another wallet, the transfer information is updated in this journal. Miners on the Bitcoin network process the log and confirm the transaction.
Once confirmed, this transaction is broadcast over the air, so that each node in the network updates the set of confirmed transactions in its database. The transaction becomes part of history – the blockchain, the blockchain – on which bitcoin is based. This story cannot be cut out with an ax.
Anyone, at any time, can see the history of all Bitcoin transactions, as well as the current balance of wallets. And this is an important disadvantage for the use of bitcoin by criminals. It is worth tracing the connection of the wallet with illegal activity, how it and bitcoins are compromised in front of law enforcement officers. For example, transactions could potentially involve obtaining a ransom, selling illegal goods, or ordering a DDoS attack.
Like cash, transactions in bitcoins do not allow unambiguously identifying the payer or recipient and are irreversible – only if an inaccurate payer does not leave behind bread crumbs that can be used to reach him, as in the case of Sterling.
Networked “laundry”
And for this, there are cryptocurrency mixers – “laundries” that launder bitcoins from a dubious history and allow you to cash them into fiat money without the risk of “getting burned” in front of the authorities.
In December 2013, Bitcoin Fog, for example, was used to launder 96,000 bitcoins. Some of them were stolen from the Sheep Marketplace service. It is an anonymous dark web marketplace that traded drugs, hacker gadgets and other illegal stuff. But it closed down without even a year. Site administrators claimed that one of the merchants used a software bug to steal virtual money. At the time, these were coins equivalent to $ 6 million.
How do bitcoin mixers work and how do criminals withdraw money through laundered bitcoins? Researchers from the Netherlands University of Technology and the local Ministry of Security and Justice will help explain the entire chain and its performance. In 2018, they put on a hands-on experiment with mixers and cashing in to see how criminals could use these services on the darknet.
The typical mode of operation of the mixer is that it provides customers with a newly created bitcoin address, a wallet to which they need to make a deposit in order to launder. The mixer breaks these bitcoins into smaller pieces and then mixes them with coins from other clients.
It’s like a glass of smoothie in which many small pieces of fruit are blended together. So the mixer mixes bitcoins from one wallet with bitcoins from another, giving out a new random batch of bitcoins received from a random address.
Another option for the mixer to work is the payment of bitcoins from the service reserve. When a client sends a certain amount of bitcoins to the mixer, they go to the end of the reserve chain, and the client receives the same amount of bitcoins to a new wallet, but from the beginning of the reserve chain (minus the commission, of course – usually in the amount of 1-3% of the amount) … To ensure greater anonymity, payments are distributed over time, and some element of randomness is introduced in the distribution of amounts. If the mixing was done correctly, then there will be no connection between the “tainted” bitcoins deposited and the output received.
Mixing services offer a service to loyal customers, which ensures that previously deposited spoiled bitcoins are not accidentally paid to the same customer in the future. After each mixing, the client is given a number that can be presented when re-accessing the mixer. Thanks to this number, the mixer knows what dirty bitcoins the client contributed, and therefore will not give them back.
Those same researchers from the Netherlands settled on five mixing services from the darknet, in which they invested a total of 3.5 bitcoins, and got a little less than 1 at the output. Three of the five sites turned out to be a scam, after which the researchers did not return 2. 5 invested to launder bitcoin. The other two mixers took a small commission – up to 1%, but the laundered bitcoins were withdrawn. They did not trace back to the control wallet that the experimenters used in the beginning.
They were then able to withdraw bitcoins into dollars using PayPal. The account required for this in the system can be purchased in underground markets or generated using a trash mailbox, which, in turn, can be created in the same Tor anonymous network, which is the gateway to the darknet. They also had to pay a commission, but that shouldn’t stop criminals looking to cash out their proceeds.
In the course of the experiment, the researchers concluded that laundering cybercrime proceeds using bitcoin is a convenient and working model of criminal services. Of course, if you pay attention to the feedback on mixers and take a serious approach to isolating scam services. However, the researchers note that their scheme worked with a small amount of bitcoins. How much work it will be in the case of large amounts remains a mystery. There is always the possibility that the owner of the mixer decides to embezzle thousands or tens of thousands of bitcoins.
All this begs the question: how should one treat bitcoin from a legal, legislative point of view? He is now in a kind of twilight zone. In many countries, its use is not prohibited, but also not regulated, since states do not consider Bitcoin as a currency.
Although some are able to make money on it. The well-known North Korean group Lazarus is accused of converting the money stolen from banks into cryptocurrency, passing it through several crypto-exchanges, hiding their origin, and then converting it back into fiat money and sending it to North Korea.
So far, experts believe that criminals rarely use cryptocurrencies to launder large amounts of illegal income. However, they also believe that this type of money laundering will only grow in popularity in the future. And you have to do something about it. In developed countries, de-anonymization will await bitcoin, exchanges and account holders. But this will not solve the problem of underground services that exist now and will continue to exist, since there is a demand for their services.