Jonathan Levin, cofounder and chief operating officer for blockchain analytics company Chainalysis, describes how the company was born out of questions he had while a grad student, how they began mapping the Bitcoin blockchain to certain entities, and how their customers, which include government agencies such as the FBI, DEA, IRS, Europol and others, use Chainalysis to help solve Bitcoin crimes. He also reveals what level of detail the software tracks, how privacy coins could affect their work, and what new developments in the technology could decrease current crimes, such as physical extortion of crypto holders. Plus, he answers the question of whether or not Chainalysis’s work destroys the fungibility of Bitcoin.
Chainalysis: http://chainalysis.com/
Jonathan Levin: https://twitter.com/jony_levin
Chainalysis report on the changing nature of crypto crime: https://www.chainalysis.com/static/Cryptocrime_Report_V2.pdf
Forbes article on Chainalysis: https://www.forbes.com/sites/thomasbrewster/2018/04/05/snooping-on-bitcoin-is-big-business/#234e6792d198
Usage of Chainalysis by IRS: https://www.thedailybeast.com/irs-now-has-a-tool-to-unmask-bitcoin-tax-cheats
Threats of violence against bitcoin and other crypto holders: https://www.nytimes.com/2018/02/18/technology/virtual-currency-extortion.html
Thank you to our sponsors!
Blockchain Warehouse: https://www.blockchainwarehouse.com/
Keepkey: https://www.keepkey.com/
Preciate: https://preciate.org/recognize/
Transcript:
Laura Shin:
Hi everyone, welcome to Unchained. You’re no hype resource for all things crypto. I’m your host Laura Shin. If you’ve been enjoying Unchained, pop into Itunes to give us, a top rating or review. That helps other listeners find the show and be sure to follow me on Twitter @LauraShin.
Keepkey: 00:19
Today’s episode is brought to you by Keepkey. The easy, safe, and simple way to protect your bitcoin, ether, litecoin and many other digital assets. There’s no time like the present to protect yourself from hackers, malware and viruses. Rest easy, knowing that your digital assets are protected. Visit keepkey.com to order your secure hardware wallet today and use the Code “unchained10” for a limited time 10 percent discount.
Blockchain Warehouse: 00:39
Blockchain warehouse is an international blockchain accelerator. Offering a wide range of token sale advisory services to promising blockchain based ventures. With the leading advisor network. BCW is at the forefront of building landscape changing blockchain companies and hosting successful token sales with more than $20 million raised so far.
Preciate: 01:07
Unchained is sponsored by Preciate. Preciate is building the most valuable relationships on earth. In each episode of Unchained, Preciate recognized as an individual or group in crypto for an achievement. Who in crypto will be recognized today? Stay tuned to find out.
Laura Shin: 01:16
Today’s guest is Jonathan Levin, co founder and chief operating officer of Chainanalysis. Welcome Jonathan. What does Chainanalysis do?
Jonathan Levin: 01:26
Chainalysis provides investigation and compliant software to the world’s leading institutions who are focused on cryptocurrencies
Laura Shin: 01:32
And what are the main products that you offer?
Jonathan Levin: 01:35
So we have two main offerings. We have a set of investigation software that allows people to go in retrospectively and look at cryptocurrency transactions and determine how those cryptocurrency transactions relate to the real world. And we also have compliance software where exchanges and other cryptocurrency businesses are able to risk score their customers and determine which ones of their users are high risk and low risk.
Laura Shin: 02:01
And who are your customers?
Jonathan Levin: 02:03
So we have three main categories of customers. So we have a cryptocurrency exchanges, like the brand names that you would recognize. All the world’s leading cryptocurrency exchanges. They are required to prevent money laundering from happening on their platforms. And so they use us to essentially determine where their customers have been receiving their cryptocurrency funds from and what they are using their cryptocurrency funds for. We have financial institutions that are interested in either getting involved in the cryptocurrency space or have customers who are active in the cryptocurrency space and therefore they need to understand the nature of their businesses and determine the risk associated with them and put in place adequate controls. And then we also have customers in the government space and those customers are primarily focused on either regulatory or law enforcement actions that could protect society and essentially weed out egregious actors against other consumers or other nations or things of that nature.
Laura Shin: 03:09
Some of the big government agencies and law enforcement that you work with include the DEA, the FBI, ICE, (Immigrations Customs Enforcement), The IRS, Europol and some of the others. What do each of them typically use Chainalysis for?
Jonathan Levin: 03:29
So our government customers have jurisdiction. They have mission that is about protecting society in different ways. All of them have somewhat distinct domains, but also somewhat overlapping domains. And so you will see that in a lot of investigations that Chainalysis has been used in, there’s actually collaboration among all of those different customer sets that come together in order to, for example, take down dark net markets or take regulatory action against exchanges that are not complying with regulation. And so really each one of them use. The way that I think about it is that cryptocurrency is just a new tool in their toolkit. Those agencies were focused on preventing crime yesterday. They are focused on preventing the same crimes today. The only difference is that the people that they are targeting, the threats that they’re trying to mitigate now also involve cryptocurrency and so all of those agencies use us to essentially achieve their mission, which has not changed since yesterday.
Laura Shin: 04:32
And can you walk me through what that looks like when they’re using Chainalysis software to either take down a dark net market or whatever it might be?
Jonathan Levin: 04:40
Yeah, sure. So Chainalysis investigation software is a web interface that you actually can investigate historical cryptocurrency transactions. Different agencies might have different starting points. Exchanges file suspicious activity reports here in the US with FinCEN. Those suspicious activity reports contain information about certain transactions that they deemed were suspicious and that could be like a starting point for an investigation and then they would take that information about some specific transactions of interest, put that into the analysis software and find out more context behind those transactions. Which counter parties were involved, which other services were involved. Was there dark net market activity? Was that other exchanges that were involved? And so, they start to sort of build out an investigation that way.
Laura Shin: 05:33
And how does the software do that? Is it sort of like a big map of the blockchain where you know which addresses are linked with exchanges and which ones are linked with dark net markets and et cetera?
Jonathan Levin: 05:42
Yeah, so essentially, Chainalysis maintains a database about the linkages between cryptocurrency identifiers and the real world. And, essentially the real world for me is about who is transacting and why they are transacting. So, all of these wallets managed by exchanges or are they managed by merchant services, by dark net markets, by ransomware, similar by other types of threat actors, and we maintain that database of how those addresses and transactions linked to real world entities.
Laura Shin: 06:16
And how do you figure out which address is what is associated with which entity?
Jonathan Levin: 06:20
So this gets into… in cryptocurrencies, you’ve got to blockchain. A blockchain is a public ledger of all transactions that have ever happened and it turns out that those transactions have certain patterns about how they are constructed. They can reveal how multiple addresses are actually all controlled by the same piece of wallet software and we are able to pick up those patterns. That is kind of step one is to determine which transactions on the blockchain we’re broadcast by the same piece of wallet software.
Laura Shin: 06:56
And how would you figure that out? And by that do you mean like these are all blockchain wallets and these are all Coinbase wallets? Sorry, I’m not sure what you mean.
Jonathan Levin: 07:08
So a wallet for me is just a… a wallet could be a piece of software that you run on your own laptop or it could be the Coinbase hot wallet. So essentially wallets are just the unit of analysis when it comes to cryptocurrencies because in essence like addresses are controlled by wallets. So the wallet is the piece of software that is generating all of these different transactions and the task for us is to determine which addresses are maintained and controlled by the same wallet.
Laura Shin: 07:39
And would that include like these are all ledger style wallets and these are all…?
Jonathan Levin: 07:50
Yes, all cryptocurrencies are controlled by wallet software. That’s really the unit of analysis that I look at and the heuristics that we write. The patterns that we’re trying to pick up or about how we can tie addresses into the wallets that they’re controlled by. And that that applies equally for all the different types of wallets.
Laura Shin: 08:18
How do you go from knowing, these are ledger wallets and these are blockchain.info wallets and whatever, to knowing that it’s this person controlling this wallet?
Jonathan Levin: 08:27
Yeah. So what happens is the first stage is just to determine which transactions, which addresses are controlled by specific wallets. and yeah, I can cool these entities or we could just call them wallets. And the second step is, how do we tie that back to a real world identifier? Because even if I know that these 10 transactions were all sent by the same wallet, I actually don’t have any idea about where that wallet is in the world. Who that wallet is controlled by it. And so the next step is to… Actually, in the beginning when we started, we started just making transactions. So we opened account so all the different service providers out there, from Coinbase, to Kraken, and Mt Gox and all the services that are around in 2014. And we would send small transactions. A deposit or withdrawal and that would give us some identifier that then once we look back at step one, we could see that this wallet actually conducted 100,000 transactions and all the withdraws that we made from that service were contained within that 100,000 transactions and therefore we know that all these 100,000 transactions where actually Mt. Gox transactions for example.
Laura Shin: 09:51
Okay, so meaning it’s sort of like, right now if you sign up for one of those financial services where they deposit like three cents and ten cents in your bank account and then you can say like, “Yes, this is my bank account?”
Jonathan Levin: 10:04
Yeah. So that was in the beginning. And then as those services started to use us for compliance purposes, that actually feeds our data set as well. So when our customers in the exchange space use our services, they actually verify that these are transactions and addresses that they actually control.
Laura Shin: 10:26
Oh, okay, but then now we’ve got to that level of like these are the exchanges. Then how do you figure out what person?
Jonathan Levin: 10:32
So what person, we actually don’t touch that. So the map inside Chainalysis is to the level of the service that is being used by someone to transact in cryptocurrency. I actually never go down to like an individual level.
Laura Shin: 10:55
Really? Because I could’ve sworn that there was a podcast where you said something about how you would be able to identify the person.
Jonathan Levin: 11:02
So there might’ve been a podcast in which I said something along the lines of someone had actually tweeted about an address that they had controlled and I actually got back down to the person because they had associated their own wallet in public with their own individual identity. But that’s not something that we map to just directly from the blockchain. That person had to in public sort of broadcast, “This is my bitcoin address or something like that.” Associates to a twitter account or something like that.
Laura Shin: 11:39
Okay. So if someone is using like a blockchain.info wallet or a ledger wallet or something like, you wouldn’t be able to figure out who the person is?
Jonathan Levin: 11:39
No.
Laura Shin: 11:47
But, if they’re using something like Coinbase or Kraken then you could. Maybe if those companies are your service and then they’re talking to… let’s say it’s like the IRS?
Jonathan Levin: 11:59
Yeah, so the IRS would issue a subpoena to Kraken or Coinbase and ask for more information about specific set of transactions that would then lead them down to an identity because Coinbase and Kraken are obliged to have KYC, know your customer requirements and so they’re under the obligation to identify who their customers are.
Laura Shin: 12:24
I did see that the IRS is using your software to capture tax evaders or catch tax evaders. The FBI, I’m presuming, and Europol are using Chainalysis to catch criminals. Everybody always talks about how 2017 was such a big year in crypto and it was just imagined from your place in the ecosystem that you must have seen it change in a very interesting way. So I’m just curious to know like how does your customers change? How did the products and services that they were interested in change? Like if you were to characterize that year from your perspective, what would it look like?
Jonathan Levin: 12:59
Yeah, that’s a great question. So I think that the attention on cryptocurrencies in 2017, no doubt, went up dramatically. We look at transaction volumes and we have a lot of information about why people are transacting on the blockchain and so we saw big changes in the nature of some of that activity. We saw dark net market activity as a percentage of overall cryptocurrency activity go down. There were a number of takedowns in 2017. As well as there was a massive increase in the amount of speculative activity inside cryptocurrencies and so the nature of how people are transacting, we saw increases in merchant processing. We saw decreases in dark net market activity both in absolute and relative terms. And then we saw a massive change in the number of entrance inside the market, right? So we saw financial institutions trying to look more like cryptocurrency businesses and we saw cryptocurrency businesses try and look more like financial institutions.
Jonathan Levin: 14:06
And that trend for us has been really interesting because ultimately we are the company that allows financial institutions to look a little bit more like cryptocurrency businesses because they can put in place controls about how we prevent money laundering in this new world. And, for cryptocurrency businesses to look more like financial institutions, well they need to have controls. They need to actually be able to monitor the transactions of their users. And I think the biggest shift that I saw in 2017, was the cryptocurrency businesses saw their customer bases explode in number. And this meant for a shift in how we thought about our product. Because, everything that we were doing for cryptocurrency businesses in 2017 was all retrospective. The transactions were being processed by cryptocurrency exchanges, deposits and withdrawals. And then, there was like a look back tool that you could assess the risk of your users.
Jonathan Levin: 15:07
But now, I think that people want to get ahead of that problem. You know, when you’re dealing with millions of customers, you need much more automated solutions. And so we started to think about, “Well, how much can we help these cryptocurrency exchanges solve this problem in real time? How much can we automate compliance so that they have automated workflows so that they don’t have armies of people like the financial institutions looking back on transactions.” And so that’s something that we saw in 2017 and we launched a new product this year in light of that called KYT Chainalysis, know your transaction, and that’s where we’re thinking about automated risk scoring for our cryptocurrency customers.
Laura Shin: 15:55
That product is really interesting to me because it claims to identify suspicious activity in real time and to be able to discern the purpose of a transaction. How do you do that?
Jonathan Levin: 16:04
So essentially, if you think about the difference between cryptocurrencies to real world, financial institutions is that when banks and money bank to bank, sometimes the beneficiary is there inside the transaction. So you can see who you’re sending to, but sometimes that entity doesn’t really give you like a real purpose. Of like understanding of what that transaction is really for. Especially for illicit use, right? So no drug dealer puts their real company name being like drug dealer, the best, biggest drug dealer in New York City Limited. There’s a level of obfuscation there. Whereas in cryptocurrencies actually we identify different types of services that have specific purposes. Why you would use those. So like ransomware, we identify ransomware addresses so we can see why or the purpose behind this transaction being sent from the exchange is actually being used to pay a ransom. That’s like a good example. Or I might not know exactly what good or service is being bought but I can see the money being sent from say BitStamp to BitPay is something being used for merchant service. Some similar transaction like that could be also applied to the dark net markets.
Laura Shin: 17:33
This really requires you to kind of know the bad actors in advance. But I assume, a lot of these bad actors create new addresses and accounts. So how do you figure those out?
Jonathan Levin: 17:53
I like to be fact specific. So, like a dark net market for example. So a dark net market has typically a service where you have an address that you top up that to the address that’s associated with your account. So yes, there can be new addresses being generated over time, but also from a usability standpoint, it’s quite hard to develop trust within these environments. So if you are logging on through TOR, there’s lots of [phishing dark net markets. There’s lots of difficult abilities to build reputation systems in these markets. And so, sometimes there’ll be reusing that address because it has some familiarity for that user. That ease of customer experience also allows us to then identify some of those accounts.
Laura Shin: 18:44
That’s interesting. That makes a lot of sense. I also wanted to ask you about this reactor product. It enables people to input a transaction and immediately find connected wallets. I know a lot of the very wealthy people in crypto, will put up a bunch of their coins across like 15 or 20 different wallets. So how can you tell whether a connected wallet is owned by the same person or simply a wallet that they sent a payment to?
Jonathan Levin: 19:11
This is a great question. So ultimately, in investigations you have to understand typical behavior of different wallets. So for the most part, actually what people don’t realize is that most people transacting in crypto are using third party services. I don’t know whether this is like news to some people or not. But, we can identify third party activity. That’s what we’re really good at. And third party activity would be like exchanges, hosted wallets, stuff like that. For this stuff that’s like personal wallets. Wallets that you control the keys for yourself. Those also have specific types of patterns, right? Laura uses cryptocurrencies in Laura’s way and there will be timing and behavioral patterns that you then leave behind based on how you are transacting. And so it’s not always that clear where that change of ownership takes place, but we give you the data points that you need to then make some judgment calls on that. There’s not stuff that we like, that level of confidence is something that I would say is like a human judgment call. Rather than something that we automate out of like pattern recognition or like deep AI or machine learning. This is stuff that actually, typically are the people using our software as trained investigators would be able to make that determination.
Laura Shin: 20:46
Although maybe an AI could be trained to figure that stuff out?
Jonathan Levin: 20:51
Maybe. I’m less confident about that.
Laura Shin: 20:52
Oh really? Why is that? Because, I don’t know if you heard that story about the target shopping data. Do you remember this? It came out quite a while ago, but basically this father of a teenage girl was really upset because target began sending advertisements about like expecting a baby, blah blah blah. And he was like, “My daughter is 16 or whatever. Why are you sending these?” Well, it turned out that from her shopping behavior, Target or the algorithm they were using figured out that she was expecting a baby and that was how he found out. So I think, I do think that these algorithms can discern a lot from our financial behaviors.
Jonathan Levin: 21:30
Yeah, that’s true. I mean, the argument that I use about this is that there’s still like a relatively low number of actors that you’re talking about within the cryptocurrency space. And so for that example, you’ve got like millions of mothers, or potentially to be mothers all transacting in a certain pattern and actually, Target has the data on exactly those candidate mother’s turned into real mothers. And so, the actual computing behind that and the model is being used, can be trained in that way. Like in cryptocurrencies, you’re talking about like a smaller dataset. A noisier dataset. Stuff where that level of ground truth data doesn’t really exist. And so I’m not saying that machine learning is completely futile in this, but there is some stuff that we think about in that domain, but it’s not always that straightforward.
Laura Shin: 22:34
And one other thing that I want to ask about was earlier you were saying the vast majority of people use third party services. What percentage is that?
Jonathan Levin: 22:39
So we can identify… it’s quite hard to know, like how many people. I would say that 80 percent of transactions that occur on these cryptocurrency ledgers have a counterparty that is a third party service. More than more 80 percent.
Laura Shin: 22:59
Oh, that’s interesting. So I guess despite all the admonitions to manage your own private keys, a lot of people are not doing that. Did that percentage changed by the way in 2017? Did it used to be a lower percentage?
Jonathan Levin: 23:11
It’s been roughly consistent. I haven’t tracked it all the way back to 2016 and do those trends. I could try and take a look at that.
Laura Shin: 23:23
I’m just always curious because obviously maybe in the libertarian days there was a higher or rather lower percentage. But then maybe now after this big speculative period its higher.
Jonathan Levin: 23:31
Well, actually, like even in like… I don’t know where we called the liberty libertarian days of Bitcoin, but you know in say March 2012, there were weeks where 30 percent of the Bitcoin blockchain transactions were all Silkroad. Silkroad is a third party service that was being trusted by people to affect payments.
Laura Shin: 23:31
So you’ve been including…
Jonathan Levin: 23:58
I include those as well. Places where… silkroad was top-up to play. So you had to give silkroad your money in order to get balance on the account in order to buy goods and services. And so, you’re not in control of your private keys.
Laura Shin: 24:20
Now I get it. That, that does make sense even just to do that kind of transaction. One other thing I want to ask you about was how you came to do this work?
Jonathan Levin: 24:30
I got into crypto by sitting in a pub in 2012 with my friend Tom and he told me that we should write an arbitrage bot to going between BitStamp and Mt. Gox. And, I asked him, “I was like, Tom, where is Mt Gox I don’t understand?” And he said, “Well, have you heard of Bitcoin?” And I was like, “No, I haven’t heard of Bitcoin.” And that’s when I kind of when I went down the rabbit hole of personal research. I was a grad student at Oxford at the time. I was very much interested in environmental economics, had no sort of a technical background at all and spent day and night just diving into the bitcoin talk forums, writing on the Bitcoin Dev mailing list and bringing some economic rigor to the discussion.
Laura Shin: 25:15
By the way, you, me and Chris Burniske, we all like came from environmental backgrounds because for awhile, I did environmental journalism. That’s super funny.
Jonathan Levin: 25:21
That’s really funny. And actually our chief economist Philip actually also came from an environmental economics background.
Laura Shin: 25:27
Oh really? I’ll have to say is that Chris and I have been joking that we’re so glad that we don’t do that kind of work anymore because it’s so depressing.
Jonathan Levin: 25:34
Yeah. And I feel that one of the reasons that I got into this space was the ability to actually have impact in terms of not participating in an academic debate. That was so far removed from the reality in day to day. And the confluence of that in the tech sphere is something that got me really excited. And so, I started off like in my bedroom and in grad school sort of studying Bitcoin. I then quickly realized that while there was a lot of excitement about the technical details about Bitcoin, the bitcoin itself was a socioeconomic innovation. There was nothing new technologically that had really changed about the world. But rather it was a way to construct new trust relationships between people, new modes of transacting that people haven’t really thought about before.
Jonathan Levin: 26:35
And the thing that underpins all of that is the system of incentives that are present in order to get people to adopt or participate in this new world. And so, I felt like there was no real economists looking at it. In fact, I went round Oxford as a grad student trying to get people to supervise my thesis. I pitched 80 professors out of the economics department and no one took it on as a project because they were like, this doesn’t relate to my research area. And so, it felt like a little bit like pitching VCs. But the thing about it was that I then started to go to conferences. And, in 2013 when I went to my first cryptocurrency conference in London. I think it was called Bitcoin London. And, the predecessor of Coin Summit, they actually had a bunch of presentations and no one put a single number up on the graph. No one put a graph on the screen. No one put a number up there. They all spoke about flying cars and machine to machine payments in a utopian world about, how the once governments are gone. That we could live a freer life. And my thought was, “Well, if this really is a socio economic shift that is going to take place, there needs to be someone measuring what is happening in the real world as it relates to cryptocurrencies.” And that’s why we started Chainalysis was essentially to bridge that gap between, connecting what is actually the real world implications of what is happening in cryptocurrencies and tying that together, meant building this dataset about how the real world relates to cryptocurrency transactions. The best initial use cases for that are, investigations and providing governments with enough insight into what is actually going on in cryptocurrencies and providing businesses with the ability to access traditional financial services. And so, that’s really my journey was about like someone needs to provide credible data in how the real world is actually relating to cryptocurrencies. And I feel like that hasn’t really changed since 2012.
Laura Shin: 28:46
Clearly that was a brilliant idea because as you know from your own company, things are going quite well and you have a lot of customers and a lot of people need your services. Quickly before the break, I actually want to ask, you currently support Bitcoin and Bitcoin Cash and you plan to support 10 blockchains by the years end. Do you know which ones you’re going to add?
Jonathan Levin: 29:06
We’re not yet committing to exactly which ones. We’re tracking all of them internally. We’ve got this kind of like nice graph internally, which is about the technical difficulty of supporting some of these cryptocurrencies and the business value that those cryptocurrencies present to us and we’re currently sort of working through exactly which ones to launch in which order.
Laura Shin: 29:06
Probably Ethereum has to be on there?
Jonathan Levin: 29:29
Ethereum has to be on there, but other than that, I’m not going to make any commitments on radio.
Laura Shin: 29:33
Okay. We’re going to discuss ransomware, fiscal crimes and more. But first, I’d like to take a quick break to tell you about our fabulous sponsors.
Blockchain Warehouse: 29:42
Blockchain Warehouse is an international blockchain accelerator. Offering a wide range of token sale advisory services to promising blockchain based ventures. With access to heavyweight technology leaders, the accelerator is heavily involved in crafting the blockchain technology, token sale and regulatory landscape. On May 25th, Blockchain Warehouse launched the first ever CryptoShark Tank. A new series exhibiting blockchain warehouse’s review of candidate projects. Chaired by Adrian Guttridge, CEO of blockchainwarehouse.com. This week’s episode features Mesmor, a decentralized media ecosystem, offering digital collectibles to consumers for watching the content they already consume and enjoy. Find out more at www.mesmr.tv or find all episodes at www.cryptosharktank.com.
Keepkey: 30:30
Cryptocurrency is vibrant and exciting, but it’s not without its share of bad actors. Exchanges and personal accounts can get hacked. Computers can be infected with malware. Left unprotected, your digital wealth is up for grabs. Don’t let yourself be a victim. Keepkey is the safest and simplest way to protect your bitcoin, ether litecoin, and other tokenized assets. This hardware wallet is a separate device that you control. Brought to you by the pioneering team at ShapeShift. Keepkey works with the wallet software on your computer to manage your private keys and transactions. Your device is pin protected, which renders it useless even if it falls into the wrong hands. Its large display let’s you carefully view and approve every transaction, and if your Keepkey is ever lost or stolen, you can safely recover your device without compromising its private keys. The bottom line, you’ll sleep easier knowing that your digital wealth is safe and secure. Visit Keepkey.com to order yours today. And, use the code “unchained10” for a limited time 10% discount.
Preciate: 31:32
Now it’s time to recognize someone in crypto sponsored by Preciate. Today we are recognizing Jeremy Epstein, a marketing professional in crypto who has a special knack for explaining complex topics in terms everyone can understand. Jeremy has inspired friends and colleagues to join the crypto movement and change the world. Kudos to you for guiding the way and leading the charge Jeremy. Preciate welcomes Unchained listeners to nominate a friend to get props in a future episode of Unchained. Just go to Preciate.org/recognize.
Laura Shin: 32:05
I’m speaking with Jonathan Levin of Chainalysis. Let’s talk about some of the big types of crimes that we’re seeing. Or, big trends and crimes that we’re seeing. How does a ransomware attack unfold? How is it disseminated? To whom? What happens? For those who pay the ransom versus those who don’t?
Jonathan Levin: 32:19
Yeah, I think it’s an interesting phenomenon. Like ransomware is not new, right? Ransomware has been around since, I mean you could say that it relates to extortion. Extortion has been around for centuries. Ransomware as a malware attack has actually been around since 1989. The ransomware families that we’ve seen are cyber criminals who are turning to new methods to raise funds from victims that they are infecting with malware. And so the interesting thing about this is that you read a lot about data breaches and people stealing people’s personal information. And then, the problem with that is that you need some mechanism to actually cash out or you need some way to turn that goods into monetary value. You can think of those people as like burglars. You break into someone’s house, you steal their TV, you then need to pawn that TV to then get the money that you want from that crime. You’re not trying to necessarily monetize the asset that you’ve stolen. You actually just need to get the person that you’ve stolen it from to pay you for returning that back to them. And that’s basically what ransomware is. And so, the way that ransomware is disseminated is the same way that any sort of malware campaign is sort of run. There were many different types and vectors. The predominant vector is someone opening a pdf or word document from an email that they shouldn’t have and it downloads the software onto that machine. It then encrypts all of the files on that machine. It looks around which machines that machine is connected to and then spreads out laterally. And so, in the early days there were very unsophisticated versions that then get caught by sort of antivirus software and this is a cat and mouse game. There’s more sophisticated forms of ransomware that can infect networks
Laura Shin: 34:28
And when did they start asking for bitcoin? And, how prevalent is that now?
Jonathan Levin: 34:31
So I would say that they started asking for bitcoin, probably the earliest was in 2013. And the growth of that was really felt last year. There was a lot of campaigns that were being run, where essentially it’s a business decision. So with ransomware, the people who are financially motivated are making decisions whether to use infrastructure that they have at their disposal to steal personal, identifying information or to try and get a business executives to sign off on false invoices or there’s a whole variety of different things at their disposal, including now cryptocurrency mining. But they will decide essentially what strategies that they want to pursue. And so, ransomware last year was probably one of the biggest efforts of these cyber criminal groups shifted towards running ransomware infrastructure.
Laura Shin: 35:36
And, what percentage of them are using Bitcoin out of all the cryptocurrencies? Because, I just feel like if you’re going to use cryptocurrency, why would you use use one where you can trace it? Like why wouldn’t you use Monero or something? I don’t get it.
Jonathan Levin: 35:47
Okay. So again, it comes back to ransomware as a business. It’s not something that is… You’re a financially motivated actor. You have a PnL [profit and loss] that you need to run and you look at adoption rates. So actually, ransomware also used stuff like Paypal. You’re like, “Why would you ever use Paypal? It’s traceable or Paypal are going to shut your account.” Well yeah, in a certain percentage of cases, Paypal will shut the account before you can get the money out. But in a certain set of cases then they don’t. And the same goes for Bitcoin and the same goes for Monero. So if you use Monero as the ransomware payment mechanism, do you get a drop off in the rate of adoption or like users paying the ransom out? So if it’s harder for that user, if you think about it, a lot of these ransomware campaigns are mass campaigns trying to not target sort of cryptocurrency exchanges which would be able to get a hold of any sort of cryptocurrency. Their are targeted at the mainstream and the mainstream find it hard to get obscure cryptocurrencies. And so, if the percentage of people paying the ransom went from 10 percent down to 1 percent, maybe you’re better off risky it in Bitcoin,
Laura Shin: 37:12
I also want to bring up this trend of the fiscal crimes that are happening against holders of cryptocurrency where the perpetrator will hold the victim up at gunpoint and forced them to send crypto to another wallet. What kinds of patterns do you see in those crimes?
Jonathan Levin: 37:25
I definitely see… So extortion still plays a role. So, one of the things that we found more and more is that someone threatens to physically attack someone, the school, a institution, a bank or something like that. And that’s a physical threat that actually has an extortion attached to it with bitcoin. That’s becoming more prevalent.
Laura Shin: 37:54
But what about this other one that I mentioned?
Jonathan Levin: 37:59
So this is just to segue from ransomware into physical threats. Is that actually this physical, “extortion” that happens via cryptocurrencies. The other thing that happens is, you’re right, is that someone, in Washington Heights and on the island of Manhattan is held up at gunpoint to send cryptocurrency to the people that are standing there with a gun. That was the first time that I saw a good example of someone who understands how to even use a hardware wallet who also has access to a gun in New York City. That is quite surprising, this is a sign of, this has become an instrument that is, as I say, ubiquitous. That like the people who have sort of physical arms are also now familiar with cryptocurrencies. And so, that attack space has really opened up. And I think that the trend that I see is that the more and more cryptocurrencies get understood by different types of people, that level of crime will go up.
Laura Shin: 39:15
Well, you did mention in one of the articles on that trend that there are some tools that are being developed that will “quietly alert authorities that a transaction is being made under duress.” How would that kind of thing work?
Jonathan Levin: 39:30
Yeah, so this is something where if someone, a lot of these devices have a passcode or something associates with, you might be able to have something like a password that you enter under duress.
Laura Shin: 39:30
For your ledger?
Jonathan Levin: 39:48
Or something like that. And, there will be more and more mechanisms that are developed I imagine over time that allow people to send out emergency signals without actually alerting the person that’s extorting them or standing there with them. This gets into the realm of more like security in a much broader sense…
Laura Shin: 40:11
I’m sorry, who would be alerted?
Jonathan Levin: 40:12
So you could have someone, you could have a private security firm alerted or or something like that. This is like… I’ve seen a trend of people in this space get worried about physical threats to their person and their family and invest in security processes and drivers and stuff like that because people have this impression that those people can send a billion dollars at the click of a button. Now in reality, those people can’t do that. But, the probability of them getting hands on some cryptocurrency to pay a ransom are relatively high. And so they need to make sure that, yes, a crazy person could come along and try and extort them for that. But, they invest in security processes like other members of society that needs to be protected.
Laura Shin: 41:07
So we’ve laid out a bunch of different crimes that happen with crypto currency. But because the wallets that they’re sending the money to. Whether it’s through ransomware or these crimes at gunpoint or whatever. These wallets are visible in the blockchain. What do criminals then do with the money? How do they get away with it?
Jonathan Levin: 41:27
So they actually pay their bills, right? So criminals, I mean financially motivated criminals are financially motivated at the end of the day. They want to afford a good lifestyle. They want to go on holiday. They want to own property and do what people who have money do. So for those people, they need mechanisms to then re-enter the financial system. And so this is something that is sort of not very well understood by financial institutions is that ultimately financially motivated criminals within cryptocurrencies are users of the existing financial system and there’s a bunch of like pointing the finger over at cryptocurrencies and saying, “Look at all this terrible activity that’s going on in cryptocurrencies. It’s all money laundering.” Well all of that is actually being sent through the existing financial system and being used to pay for yachts and boats and houses and…
Laura Shin: 42:26
But to turn it back into dollars or another Fiat currency, you would presumably need to use and exchange and those have know your costumer rules. So how did they do that? I don’t understand.
Jonathan Levin: 42:35
So sometimes you know, it might not be the criminals person or the actual identity of the criminal per se at the exchange. They have like spoof accounts, they have other people, they have mules who use…
Laura Shin: 42:51
But what I’m saying is if everyone knows, “That’s the account that everybody is sending the ransom to. Then the exchange is going to know like, “okay, anyone who tries to exchange the bitcoins from that account into dollars. They were the one extracting these ransoms, right?
Jonathan Levin: 43:11
Yeah. So I would hope that. Right. But you’ve also got like a lot of exchanges around the world. Many of which are in jurisdictions that are outside the United States that don’t have KYC requirements. They’re exchanges that willfully turn a blind eye. And you saw that sort of at BTC-e. He was kind of the main venue that those ransomware payments were being processed through. And so, eventually FinCEN took action against BTC-e. And, shut it down and seized it and made it harder for criminals to go from cryptocurrencies back into existing financial systems. But fundamentally, just because you do KYC on your customer, even within the United States, does not mean that none of your accounts get used for bad activity. And, we’ve just launched the ability for people to do real time checking of transactions about, did this come from ransomware or did it not? And so, that also means that if people are fast enough or if the compliance processes are not adequate enough to deal with that, then money can easily be laundered through existing “compliant exchanges.”
Laura Shin: 44:29
Obviously a lot of these criminals use tumblers to mix their transactions up in a way that would be difficult. That obfuscates the trail. So how does a tumbler work and then how do they affect your ability to do your work?
Jonathan Levin: 44:44
Let me just go back to the first part of that question. Obviously many criminals use tumblers. What percentage of criminals do you think use tumblers?
Laura Shin: 44:55
What percentage of criminals use tumblers? Maybe like, I dunno, 30 percent.
Jonathan Levin: 45:01
I would say it’s probably less than 10. The reason is that again, it’s about trust and cost. So tumblers on the internet are not that trustworthy and people need easy user experiences and speed of transaction and tumblers basically create this way where you give your hard earned cash to some anonymous entity on the Internet that may or may not return it after a period of time. And they’ll charge you for the privilege. So, the ability to use tumblers is definitely there. That can make tracing transactions extremely difficult, but the reality is that it’s a small portion of criminal use of cryptocurrencies. I think that shows the ability of them to actually move money into traditional exchanges that actually maybe don’t have the compliance processes that they really need to prevent this money laundry.
Laura Shin: 46:12
Okay. So if they do use a tumbler, does it make it difficult for you?
Jonathan Levin: 46:17
Yeah, it definitely makes it difficult for us.
Laura Shin: 46:17
Impossible or difficult?
Jonathan Levin: 46:22
Nothing is ever impossible.
Laura Shin: 46:27
Good answer. I was curious, what are some of the most common mistakes that criminals make that enable law enforcement to catch them? When it comes to using cryptocurrency for their crimes.
Jonathan Levin: 46:35
So I think the main mistake that people make when they use cryptocurrencies for crime is that the evidentiary trail is there forever and it’s actually quite difficult as a criminal to remember exactly what you were doing back in the past. Where you were using cryptocurrency at some other point for some other reason. Or, quite frankly, there’s like an impression that cryptocurrencies are like totally anonymous and so either it’s something that they did like way back in the past or it’s even during the mode of how they operate in their day to day. That means that, they get caught using cryptocurrencies. I would say that still cryptocurrencies and their use doesn’t necessarily mean that criminals either get away or don’t get away with crimes necessarily. Some of the criminals that get caught are people who accept delivery of stuff to their house or their mum’s house. There’s other mistakes that people are making and cryptocurrencies then can confirm what has been happening with that person.
Laura Shin: 47:45
It’s similar to what Ross Ulbricht did where he made one slip up. That’s all you need. So Chainalysis also tracked the stolen Mt. Gox bitcoins. What did you determine it all about what happened there?
Jonathan Levin: 47:54
Yeah, so this was like the initial case that we got called in to do. So the Mt. Gox case was the event in 2014 where suddenly, Mt. Gox woke up and said, “Well, the bank vault is basically empty.” And they weren’t doing daily reconciliation between the deposits that were being made on Mt. Gox and what was still in the wallet at the end of the day. And, the determination that we made was that there were other people who were stealing money out of Mt. Gox that had access to some of the keys within the Mt. Gox wallet. And they were stealing money over time. And for about 18 months to two years, they were, when money was being deposited into Mt. Gox. It was being withdrawn from Mt. Gox. But, without Mt. Gox knowing. And I can see you shake your head and everyone else in the world shakes their head at that. But that was really the lesson that was being learnt there. And then what happened was those funds were stolen from Mt. Gox. Those were accumulated into certain wallets. Those wallets were then used to pay into exchanges in order to cash out that money. And what people say is like, “Oh my god, they stole so much bitcoin, they must be multibillionaires. And where’s all this money?” At the time of transaction in total, I estimate somewhere between 20 and 30 million was made out of that theft. But that’s about it.
Laura Shin: 49:26
Wait. And I’m so confused because at the time they were saying that it was like half a million dollars worth of bitcoin was stolen. So why would they only be making 20 or 30?
Jonathan Levin: 49:34
So there were 650,000 bitcoins being stolen from Mt. Gox. In today’s terms, that’s a huge amount of money. But in actual fact, during the whole period when they were taking money out of Mt. Gox, they were cashing out immediately. Those assets were not worth the billions of dollars that people think that there were.
Laura Shin: 49:59
Something else I wanted to ask you about was Bitcoin activity in countries looking to avoid sanctions like North Korea and Venezuela. I know you guys are looking at kind of the whole blockchain. I was curious to know like what trends you’re seeing there?
Jonathan Levin: 50:15
Yeah. So, the North Korea question is quite interesting. It’s quite difficult to get a real sense of what is happening in North Korea. As people who asked me about it is that North Korea is a state, it’s a geography. There are also actors associated to North Korea that operate outside of that geography. And so they could be using other types of services that don’t exist. There is no North Korean exchange, right? That we can identify. And so there is a trend to try and identify, what North Korea, sympathetic actors or state sponsored actors are conducting activity in other exchanges around the world that are not within the North Korea geography. That’s quite a difficult challenge. So it’s quite hard to like give you a real sense of how much bitcoin is being used in North Korea for example.
Laura Shin: 50:15
But what about Venezuela?
Jonathan Levin: 51:14
It’s slightly more transparent. There are Venezuelan exchanges. That allow people to convert between local currency and bitcoin and those exchanges are growing and actually the number of exchanges is growing. Which is something that is definitely bringing the attention of the US government and financial institutions and cryptocurrency businesses that have to be concerned about sanctions evasion. We’ve spoken a lot about criminal uses of bitcoin and that’s like kind of petty to some extent. But, when it comes into the realm of sanctions, the fines associated and the actions associated to sanctions evasion is a lot stronger than missing a drug dealer [inaudible] that you should have been filing. What happens here is that exchanges should be, to the extent possible, monitoring some of their exposure to those countries because ultimately there’s actions and there’s some very sharp instruments that exist in the toolkit of US Treasury to actually go after people that help facilitate sanctions evasion. This is where, there is almost no compromise with sanction evasion. In fact, everyone, whether you’re a financial institution or not, has to be somewhat concerned with facilitating relationships that are with sanctioned entities and with the falling of the Iran deal, that’s like another country that’s like top of the agenda. And so, making sure that you have some processes and procedures in place to understand your exposure to that is something that I think exchanges would be wise to think about.
Laura Shin: 53:10
Do you have any sense as to why criminals turn to Bitcoin at all? Why don’t they use Monero or Zcash?
Jonathan Levin: 53:14
So I think that Monero and Zcash are currencies that do actually attract criminal activity because of their anonymity. We’ve seen, a lot of different markets adopt monero for instance, as a form of payment mechanism. But still, in terms of its widest acceptance, those privacy coins are relatively low. If you even look at like how people use Bitcoin. How people will use bitcoin, reveal preference about what they really care about. And most cryptocurrency users, criminals almost even included, actually entrust their identities to third parties. Even within the Bitcoin sphere. And when you open an account at an exchange based in the US, you entrust your privacy to that institution the same way that you entrust it to your bank. And, even if you are conducting activity on the blockchain, that service as we’ve sort of described in the early part of the interview is the custodian of your identity and protects your privacy.
Jonathan Levin: 54:23
And so, most people are pretty happy with that form of privacy that exists inside the bitcoin ecosystem. So they don’t really feel the need to move to like more private cryptocurrencies and especially when they’re not as usable or widely accepted as bitcoin itself. So for both criminal use cases and actually the majority of early adopters in cryptocurrency who you would almost say I like the most privacy conscious people on the planet. Like actually a lot of them are willing to entrust their privacy to institutions but are gaining their trust.
Laura Shin: 55:05
If people end up switching to more privacy coins is that going to make it work impossible?
Jonathan Levin: 55:07
I don’t think it ever makes our work impossible because I believe that our work has to be concerned with the economic majority.
Laura Shin: 55:07
But someday it could be that the economic majority transacts in privacy coins?
Jonathan Levin: 55:23
It is possible. My take is that we would need to have some signal that something that people have preferences over. So, if you look at Bitcoin as like a great example of… I would say the earliest part of the adoption curve of cryptocurrencies and you look at the preferences that are being revealed by the people who are actually transacting cryptocurrencies. Like they don’t actually, err on the side of controlling their own keys necessarily Or, a lot of them trust consumer brands in the space like Coinbase to protect their identity and privacy and fight back against, John Doe’s subpoenas against the IRS or something like that. So I don’t believe we’re killing the fungibility of bitcoin. In fact, the word fungibility to me actually has like a slight liquid definition as if it’s like an innate right or an innate property of a particular type of instrument. Like actually, like fungibility to me has like both technical elements and sort of more legal or norm based elements. For me what we are doing in terms of fungibility in cryptocurrencies is we’re actually enabling people to make decisions about who they are transacting with. In fact, the US dollars are not fungible in the sense that you can’t take money from someone in Iran who gives you a hundred dollar bill right. But, everyone says that the US dollar is fungible. Ultimately, you need to understand the facts and the purpose behind transactions in order to assess risk. Whether or not whatever monetary instrument you’re using. What we allow people to do in cryptocurrencies is to identify the purpose and the services that are being used to transact cryptocurrencies that allow for people to then determine who they want to do business or not worth. And so really understanding the technical specifics allow us to say, okay, when you are receiving money from a regulated financial institution on the bitcoin network, that is something that you have some opinion about. When you are receiving it from a ransomware account. You are not wanting to facilitate the proceeds of crime. It’s not the bitcoins, it’s actually like you facing a counterparty that you do not want to do business with. And the way that I think about fungibility s about. Well yeah, obviously every unit within the ledger is equal, but, people have opinions and need to have business requirements around who they want to be doing business with.
Laura Shin: 58:13
And so you feel like if a coin has been tainted by the fact that it went to a dark market at some point, dark net market, that that’s not making it less fungible?
Jonathan Levin: 58:27
We never taint bitcoins. So there are no currency units within our system that maintain a degree of taint. In fact, all we do is point out the facts about how different wallets have interacted. And so we like to think about are you interacting with someone that you want to do business with? Or, are you about to interact with someone that you do not want to do business with?
Laura Shin: 58:53
And then there are the cases where you want to interact with someone that you shouldn’t want to interact with.
Jonathan Levin: 59:00
For those businesses we say you can go somewhere else.
Laura Shin: 59:03
Okay, great. Well it’s been so fantastic having you on the show. Where can people get in touch with you?
Jonathan Levin: 59:07
So I’m on twitter @jony_levin. You can also go to our website to learn more about us, Chainalysis.com. We’re based in New York. If you’re ever in town, then hit me up on twitter.
Laura Shin: 59:22
Well thanks for coming on Unchained. Thanks so much for joining us today. To learn more about Jonathan, check out the show notes inside your podcast episodes. New episodes of Unchained come out every Tuesday. If you haven’t already, rate, review and subscribe on Apple podcasts. If you like this episode, share it with your friends on Facebook, Twitter, or LinkedIn. Unchained is produced by me, Laura Shin. With help from Elaine Zelby, Fractal Recordings, Jennie Josephson, Rahul Singireddy and Daniel Nuss. Thanks for listening.