Tag: Money laundering

Amy and David answer your questions on crypto! (Part 1)

  • By Amy Castor and David Gerard

Crypto is still hungover from New Year’s and there’s no news. So we asked readers what they were curious about in crypto. [Twitter; Bluesky]

Keep your questions coming for part 2, some time or other!

Sending us money will definitely help — here’s Amy’s Patreon, and here’s David’s.

Q: I keep wondering what’s keeping the circus alive, given that the retail dollars are practically gone, and the last remaining on/off-ramps are all but down the drain. [Tomalak on Bluesky]

The circus is fed by dollars — real and fake — and its product is hopium, the unfaltering belief that number will always go up. The hopium runs on narratives, such as the current story that a bitcoin ETF will result in a magical influx of fresh dollars.

In crypto, the retail dollars have largely gone home — but too many people have large piles of crypto accounted as dollars to let the number go down. So they deploy fake dollars to keep the crypto flowing.

There are currently 93 billion dubiously-backed tethers sloshing around the crypto markets. We expect that to go over 100 billion as we get closer to the bitcoin mining reward halving in April.

The circus is advertised by the crypto media, which functions as PR outlets for the space. The CoinDesk live-wire feed on any given day is about half hopium, for instance. There are no respectable media outlets in a crypto winter.

(Except us, of course. Subscribe today!

Q: Why can’t or wouldn’t the average investor make money in crypto? We criticize it, and rightfully so, but why should the person looking to make a profit care? [King Schultz on Twitter]

There is no source of dollars other than fresh retail investors. Old investors can only be paid out with money from new investors.

Crypto isn’t technically a Ponzi scheme — it just works like one. So investing in crypto will always be a slightly negative-sum game.

Functionally, crypto is a single unified casino, run by a very small number of people, with no regulation. Binance is the tables, Coinbase is the cashier window. The flow of cash is from retail suckers to very few rich guys at the top.

There are many, many complicated mechanisms in the middle, and they’re fascinating to look at and describe and watch in action. But the complex mechanisms don’t change what’s happening here — money flows from lots of suckers to a few scammers.

Some people make money in crypto, just like some people make money in Las Vegas — but gambling in Vegas isn’t an investment scheme either. And the house always wins.

You can make money in crypto if you’re a better shark than all the other sharks in the shark pool, who built the pool. It can be done! Good luck!

Q: be interested in reading about money laundering [Broseph on Bluesky]

Money laundering is when you try to turn the proceeds of crime into money that doesn’t appear to be the proceeds of crime. Laundering money is also a specific crime in itself.

With money going electronic, it’s harder to obscure the origins of ill-gotten gains and avoid unwanted attention from banks and the authorities. Many crooks have attempted to launder money by using crypto as the obfuscatory step.

Bitfinex money mule Reggie Fowler set up a global network of bank accounts. He told the banks the accounts were for real estate transactions. He was sentenced to six years in prison.

Heather “Razzlekhan” Morgan and Ilya Lichtenstein tried laundering the bitcoins from the Bitfinex hack through the Alphabay darknet market. This would have completely covered their trail! Except that the police had pwned Alphabay by then, and Lichtenstein’s transactions were all right there for the cops to track him. Whoops.

We also highly recommend Dan Davies’s fabulous book on fraud, Lying for Money.

Q: Not so much baffled but curious as to how law enforcement can and does identify people using blockchain. Also, do some coins not have a public blockchain? [Bob Morris on Twitter]

Cryptocurrencies run on publicly available blockchains. In theory, you can trace the history of every transaction on a blockchain right back to when it started.

The hard part for authorities is linking someone’s real-world identity to a specific blockchain address. Achieving this was the key to busting Heather Morgan and Ilya Lichtenstein, for instance. The hardest part for crooks is cashing out successfully without being busted.

The trail can be difficult to trace, especially if the crook has put effort into obfuscation — e.g., running transactions through a mixer such as Tornado Cash. But specialists can get good at tracing blockchain transactions and several companies sell this as a service.

Privacy coins like Monero and ZCash try to obfuscate the traceability of transactions on the blockchain itself. But users often give themselves away by other channels — e.g., transaction volumes elsewhere that coincidentally correspond to amounts of Monero sent to a darknet market.

Even if you can protect yourself cryptographically, one error can leave your backside hanging out — and crypto users are really bad at operational security.

Q: nfts aren’t really relevant these days but I’ve never been clear on what ‘mint events’ are and how they relate to the icos. Are users generating new nfts paid for by using the coins they previously bought? [Robert Kambic on Bluesky]

Initial coin offerings (ICOs) were huge in 2017 and 2018 — but the SEC came down hard on them because they were pretty much all unregistered offerings of penny stocks.

Since that time, crypto has tried to come up with other ideas for doing unregistered offerings while making them look at least a little less illegal. There were SAFTs, airdrops, and now NFT mint events. These are all about creating fresh tokens out of thin air and promoting them as an investment in a common enterprise that will make a profit from the efforts of others.

A “mint event” is when you buy into an NFT collection early — when it first mints — hoping the value will increase astronomically over time.

But these are not securities, no, no, no. Yuga Labs wasn’t selling you shares in a company — they were selling you ape cartoons! You weren’t getting dividends, you were getting Mutant Apes, dog NFTs, and ApeCoins! You’re not investing in a speculative startup, you’re buying art!

The SEC has so far sued one NFT company, Impact Theory, after it raised $30 million through NFT sales. The SEC said the NFTs were promoted as investment contracts and not registered. [Complaint, PDF]

We didn’t say too much about NFTs in our 2024 predictions, but we expect that the SEC will go after more NFT projects this year, as they clear their backlog of violators.

Q. I’d like a definitive explanation on the amount of apes you can feed with a single slurp juice. [Etienne Beureux on Twitter]

Slurp juices were popularized in a tweet about Astro Apes, a Bored Apes knockoff, which also featured tokens called “slurp juices” that you could apply to your Astro Ape tokens to generate more Astro Ape tokens and get rich for free.

The tweet was posted on May 4, 2022 — just a few days before Terra-Luna exploded and popped the 2021-2022 crypto bubble.

Also, the guy who tweeted about slurp juices is a neo-Nazi. Welcome to crypto. [BuzzFeed News]

Q: I’ve often wondered why new languages like Solidity were necessary for smart contracts. [David John Smailes on Twitter]

The Ethereum team originally just wanted to use JavaScript, but it didn’t quite do what they needed in terms of functionality and data types — so they created Solidity, a new language based on JavaScript.

A blockchain is an extremely harsh programming environment. It’s hard or impossible to modify your code once deployed — you must get it right the first time. It’s about money, so every attacker will be going after your code.

In situations where programming errors have drastic consequences, you usually try to make it harder to shoot yourself in the foot — functional programming languages, formal methods, mathematical verification of the code, not using a full computer language (avoid Turing completeness), and so on.

Solidity ignores all of that — and the world’s most mediocre JavaScript programmers moved sideways to write the world’s most mediocre smart contracts and cause everyone to lose all their money, repeatedly. Smart contracts are best modeled as a piñata, where you whack it in the right spot and a pile of crypto falls out.

Other blockchains saw Ethereum-based projects making a ton of money (or crypto) and wanted that for themselves — so they tend to just use the Ethereum Virtual Machine so they can run buggy Solidity code too.

There are other, somewhat better, smart contract languages — but Solidity is overwhelmingly the language of choice, which keeps the comedy gold flowing nicely.

Q. Miner extracted value? [Cathal Mooney on Twitter]

Miners — or now validators — supposedly make money from block rewards and transaction fees.

There is a third way for validators to make money. Smart contract execution depends on the order of transactions within a block. Since the validator controls what transactions they can put in a block and how they order those transactions, they can front run the traders — the validator sees an unprocessed transaction, creates their own transaction ahead of that one and takes some or all of the advantage that the trader saw.

The term “Miner Extractable Value” was coined in the paper “Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability” in 2020. [IEEE Xplore]

Front-running is largely illegal in real finance. But since the Ethereum Foundation couldn’t stop their validators from front-running their users, they decided to claim it was a feature, which they have renamed “maximal extractable value.” [Ethereum Foundation]

Q: What do you think will eventually happen to all the Satoshi Nakamoto Bitcoin wallets? [Steve Alarm on Twitter]

Quite likely nothing. We suspect the keys, and thus the million bitcoins, are simply lost. Nobody has heard anything verifiably from Satoshi since April 13, 2011, when he sent a final email to bitcoin developer Mike Hearn. [Plan99]

If the Satoshi coins ever did move, there would be a lot of headlines. But we don’t think the crypto trading market would be affected much — the market is so thin, there are multiple large holders who could crash the market any time they felt like it, and the market is already largely fake. We think everyone will just pretend nothing happened and everything is fine.

Q. Did Do Kwon actually sell all his BTC to prop up Luna? [Saku Kamiyūbetsu on Twitter]

Terra (UST) was an algorithmic dollar stablecoin and luna was its free-floating twin. Terraform Labs ran the Anchor Protocol, which promised 20% interest on staked UST. At peak, there were 18 billion UST in circulation.

It turned out there was money to be made in crashing UST — so in May 2022, someone did. There is a strong rumor (and DOJ investigations) that it was Alameda. Other parties who collapsed because of Terra-Luna left the gaping hole in Alameda that eventually killed FTX. If Alameda fired the first shot directly into their own leg, that would be extremely crypto, as well as extremely funny.

UST was crashing, so Terraform Labs tried to prop up Terra-Luna. The bitcoins came from the Luna Foundation Guard, which promised to deploy $1.5 billion worth of bitcoin to defend UST. This didn’t work. [Twitter, archive]

We haven’t found a smoking gun that Luna actually spent the bitcoins on buying up UST or luna. In 2023, the SEC charged Terraform Labs and Do Kwon and said that Kwon and Terraform took over 10,000 BTC out of Luna Foundation Guard in May 2022 and converted at least $100 million into cash.

Q: I’m baffled at the lack of interest from crypto critics that the DoJ will not be pursuing additional charges against SBF. Specifically, the charges that could make some politicians very uncomfortable. [Amer Icon on Twitter]

The issue was specifically whether to further prosecute Sam Bankman-Fried. The prosecution letter to the judge quite clearly explains their reasons why a second case wouldn’t do anything useful in this regard. [Letter, PDF]

The evidence that Sam was the guy who made these bribes was presented in the case that just concluded and will be considered when he’s sentenced in March — they don’t need a second trial to nail those facts down.

Hypothetical other evidence that might have come to light about other parties wasn’t a factor in considering what to do about Sam Bankman-Fried. It’s quite reasonable to want to get those guys, but you will probably need a more direct method than a side factor in an additional case against a guy who is already likely going to jail forever.

Q. snarkier memes would be worthy [Chris Doerfler on Twitter]

“Esto no puede ser tan estúpido, debes estar explicándolo mal.”

We did a follow-up on this story. Part 2, though not labeled as such, is here!

Image: Amy Landers and Dear David reading today’s Web 3 Is Going Just Great

Posted on by Amy Castor 2

Notes on NFTs, the high-art trade, and money laundering

Last month, I wrote a story for Artnet (paywalled) describing how NFTs create new opportunities for bad guys to move money without attribution. Read the full story if you can. Otherwise, here are some of the points I touch on along with additional notes.

  • The physical art world has a money-laundering problem — it is a secret world where expensive pieces are often bought and sold anonymously.  
  • Art is subjective, so it’s easy to justify spending millions of dollars on a piece. “This is a beautiful painting. I paid what I thought it was worth!”
  • The art trade is not subject to the Bank Secrecy Act. In other words, the BSA does not consider art dealers, advisers, and auction houses to be financial institutions.
  • Many collectors keep their art in freeports — ultra-secure storage facilities in tax-free zones near airports. They can sell their art to anonymous buyers, and the art itself never even needs to leave the warehouse. Thanks to middlemen and shell companies, the buyers often don’t know who the seller is either.
  • A US Senate Permanent Subcommittee on Investigations report in July 2020 highlighted the extent of the problem. The report was devastating to the art world and pointed out the need to regulate the space.
  • The art trade is already regulated in the EU, under the Anti-Money Laundering directives. 
  • I like to compare buying an NFT to buying high-art in a freeport. You become the prestigious new owner, and you don’t even have to bother hanging the piece on your wall.
  • Disclaimer: I know of no conviction yet so I can’t name anyone, but if you look through a pile of NFT transactions, you’ll see stuff that looks very odd and worthy of investigation.
  • A lot of NFTs are bought and sold for crazy amounts of money — generally in the form of crypto — and often, we have no idea who the buyers or the sellers are. It’s not clear whether the platforms facilitating these trades know either.
  • Earlier this year, two CryptoPunk NFTs sold separately for $7.5 million each in crypto — Punk #7804 and Punk #3100. In both cases, the buyers were known only by their crypto wallet addresses.
  • In February, an NFT of Nyan Cat, a cat cartoon with a Pop-tart body, sold for $600,000 — in crypto. Again, the buyer was only known by their wallet address.
  • Those are just a few examples. There are many, many others.
  • The most practical way to launder money with NFTs would be via what is called “trade-based money laundering” — deals that appear legit on the face but are meant to hide the flow of ill-gotten gains. All you need are two parties to make that happen.
  • Let’s say, I need to receive $3 million worth of dirty crypto. I mint an NFT, establish its value by wash-trading (selling back and forth to myself a few times) and then sell it to my colleague. I then cash out at a banked exchange. If anyone asks where the money came from, I simply tell them, “I sold an NFT!”
  • Because regulations haven’t caught up with NFTs, some of the NFT platforms are more laissez faire in their anti-money-laundering and know-your-customer (AML/KYC) practices.
  • Nifty Gateway, the NFT marketplace owned by Gemini, is centralized. All of its NFT trades are handled off-chain. Gemini is registered with FinCEN, and it’s widely thought of as one of the more regulated platforms.
  • Also, it makes sense that Gemini would want to minimize risk and remain in good standing with the banks. (You can link directly to your bank account via Gemini. And you can purchase NFTs on Nifty Gateway with USD via your credit card.)
  • However, other NFT marketplaces, such as OpenSea, Rarible, and Foundation, tend to be more relaxed in their AML/KYC.
  • These exchanges are decentralized, meaning the backend code runs on the blockchain. Unlike Nifty Gateway, these platforms are non-custodial, meaning you always hold the keys to your own crypto. This is sometimes used as an excuse not to have a rigorous AML program in place. 
  • “KYC is only required when you buy crypto using OpenSea,” cofounder Alex Atallah told me. In that case, KYC is handled through Moonpay, a fiat onramp that lets you buy crypto with your credit card to spend on OpenSea.
  • If you transfer your own crypto onto the platform and buy an NFT with it, OpenSea doesn’t ask who you are. Nor does the platform ask who you are if you sell your NFT for crypto and move your funds off the platform.
  • All this will likely change. 
  • Regulators have their eyes on the art market — and the NFT market.
  • On Jan. 1, 2021, Congress passed the Anti-Money Laundering Act of 2020, as part of the National Defense Authorization Act, with the biggest changes to the BSA in two decades.
  • Among the changes, the AML Act extends the BSA to antiquities dealers.
  • Antiquity dealers are now considered financial institutions with the same record-keeping and reporting requirements. It is up to FinCEN to spell out exactly how this will be implemented. FinCEN has until Jan. 1, 2022, to do so.
  • The AML Act also commissions FinCEN to study the art market. If FinCEN finds significant links between money laundering and high art, it will likely recommend Congress extend the BSA to the wider art market, too.* 
  • Experts believe this is very likely to happen. (As I mentioned above, it’s already happened in the EU.)
  • The good news: There is still time for art dealers and auction houses to review and update their AML programs. (Christie’s and Sotheby’s, who have been auctioning NFTs, have likely already updated their AML programs in response to the Senate PSI report.)
  • The AML Act also formally extends the scope of the BSA to crypto exchanges, in keeping with FinCEN’s earlier guidance that virtual currency businesses are money services businesses, and therefore, subject to BSA requirements.
  • NFTs, on the other hand, aren’t mentioned in the new AML law. But they are not being overlooked either!
  • In March, the Financial Action Task Force, a Paris-based AML watchdog, issued a draft updated virtual asset guidance, which could have implications for NFTs.
  • In its draft, the FATF doesn’t specifically call out NFTs, but it replaces an earlier phrasing of “assets that are fungible” with “assets that are convertible and interchangeable” in describing the kinds of virtual assets that need regulation. (NFTs are convertible when you sell them for other forms of crypto.)
  • This subtle change in language directly targets NFTs (and DeFi as well).
  • If the US adopts the final guidance — which it most likely will — those subtle changes in wording give FinCEN the authority to regulate not only existing virtual currencies but also emerging asset classes such as NFTs.
  • Additionally, NFTs could be considered art and NFT marketplaces could be considered art auction houses and get included in new BSA laws.
  • Like high-art, NFTs hit all the right targets for money laundering.

* On Feb. 4, 2022, the U.S. Treasury released “Study of the Facilitation of Money Laundering and Terror Finance Through the Trade in Works of Art.” The report says NFTs are particularly vulnerable to money laundering because “NFT platforms range in structure, ownership, and operation, and no single platform operates the same way or has the same standards or due diligence protocols.”

It also says that NFT platforms, such as Dapper Labs, SuperRare, and OpenSea, could be considered VASPs by FATF and may come under FinCEN regulations. 

Posted on by Amy Castor 0