Tag: ShapeShift

News: Craig Wright suing more people, exchanges respond by delisting BSV, and Arwen launches

I am trying to make my news posts shorter with an effort to focus mainly on cryptocurrency exchanges, unless something else comes up that is just fun to write about. If you enjoy my stories, tips are always welcome via Patreon.

At a hearing on April 18, Quadriga’s court-appointed monitor continued its battle with the exchange’s third-party payment processors to get them to hand over transaction records and funds. The court also extended Quadriga’s creditor protection until June 28.

Screen Shot 2019-04-19 at 9.53.58 AM
Dorian Nakamoto, one of those who turned out not to be Craig Wright.

Craig Wright, who claims to be Satoshi, is suing people who are accusing him of not being Satoshi. (Wright has yet to prove he actually is.) As mentioned in my last newsletter, it all started when Wright sued twitter user Hodlonaut. Wright has now followed with libel suits against Bitcoin podcast host Peter McCormack, Ethereum co-founder Vitalik Buterin and crypto blog Chepicap. (CoinGeek, a publication financed by Calvin Ayre, Wright’s billionaire backer, has a full story.)

Naturally, the Bitcoin community is up in arms. In response, Binance—an exchange that has been traditionally unselective in the coins it lists—has delisted BSV (stands for Bitcoin Satoshi’s Vision), the coin that resulted from the bitcoin fork spearheaded by Wright and Ayre. The move was followed by several other exchanges delisting BSV, including Kraken, ShapeShift and Bittylicious. Blockchain.info removed support for BSV from its wallet.

Kraken’s BSV delisting was in response to a poll it put up on Twitter. This quote from Kraken founder Jesse Powell is priceless. He says:

“In this case, it is a unique case for us, we haven’t delisted any other coins because the founders, people who are promoting it turned out to be total assholes.”

Angela Walch, a law professor at St. Mary’s University School of Law, compared the #DelistBSV movement to Visa and PayPal not processing Wikileaks transactions and expressed surprise the crypto world was cheering it.

Meanwhile Gemini’s Tyler Winklevoss says Gemini never listed BSV in the first place, and Chandler Guo, a Chinese miner who has made a fortune on ICOs and Bitcoin forks, announced that he would do the opposite and list BSV.

Crypto exchanges just aren’t pulling in the gazillions they used to. Binance generated about $78 million in profit last quarter, up 66 percent quarter-over-quarter. But that still falls short of full year 2018, when the exchange made $446 million in profits. Coinbase brought in revenue of $520 million in 2018, down 44 percent year-over-year.

Hacks, inside jobs and irreversible goof-ups are pushing some crypto exchanges to the brink. Coinnest, once South Korea’s third-largest exchanges, is closing. Users have until April 30 to get their funds off the exchange. Coinnest lost $5.3 million in a botched airdrop in January, though it blames its closure on low trading volume.

Elsewhere, on April 10, Bittrex’s application for a BitLicense (required to do business in New York State) was rejected—in part, because Bittrex customers were using fake names, like “Give me my money,” “Elvis Presley” and “Donald Duck” to trade.

Bittrex says the NY Department of Financial Services (DFS) “sent four people who didn’t know anything about blockchain.” DFS responded again, saying the exchange “continues to misstate the facts” and “presents a misleading picture about the denial.”

Binance is about to begin the process of moving its BNB (currently an ERC20 token) off the Ethereum network and onto Binance Chain, its custom blockchain. Interestingly, The Block’s Larry Cermak notes that Binance has quietly changed its white paper to remove a clause about the exchange using 20 percent of its profits to buy back BNB.

Arwen, a self-custody solution that uses on-blockchain escrows and off-blockchain atomic swaps to allow traders to maintain control of their keys while they trade, launched on Singapore’s KuCoin earlier this week. KuCoin raised $20 million in VC funding last year, and it is the first exchange to partner with Arwen, created by a company of the same name based in Boston.

Finally, Intercontinental Exchange (ICE), the owner of the New York Stock Exchange, is reportedly eyeing a New York license for its crypto exchange Bakkt. The launch date for Bakkt has been delayed for months due to skepticism from the CFTC. The regulator appears most concerned over how tokens will be stored.

 

 

Posted on by Amy Castor 1

CipherBlade CSO and founder Richard Sanders responds

Early Friday, I published “Blockchain analytics firm CipherBlade steps in to launder ShapeShift’s image.”

The story was about how crypto exchange ShapeShift requested analytics firm CipherBlade to repeat a September 2018 report by the Wall Street JournalThe original report said ShapeShift had been used to facilitate $9 million in money laundering over a period of several years. The investigation took place before ShapeShift implemented KYC identity checks in October 2018.

After I published my story, CipherBlade founder and CSO Richard Sanders sent me a response late in the evening on March 24. What follows is his letter in full, which adds a little more background to the whole story. Thank you, Richard.

Hey Amy,

Thanks for taking the time to review some items I noticed in your article. I’ll quote particular items and provide some feedback on each.

The second WSJ report does not address what happened to Quadriga’s missing funds, only that, according to two independent researchers, some ether left the online accounts of the platform and moved through ShapeShift before Quadriga became insolvent. But the implication was the same—money laundering.

I haven’t looked into this myself, but FYI, I believe ShapeShift looked into this. If I recall correctly, these transactions were indicative of liquidity—if you can’t find the bit I’m referencing, let me know, and I’ll hunt it down for you. I’d equally be happy to review proof the WSJ provides behind their claim, but to be frank, don’t expect that to be provided by them.

To defend its reputation, ShapeShift “requested” CipherBlade, a hitherto unknown

This has been addressed in numerous articles, so I’m not sure how to appease the “requested” bit here. However, this request was done indeed—ShapeShift has been aware of CipherBlade for some time now (as most major exchanges/platforms are) and knows what we do. Regarding the ‘hitherto unknown,’ we’ve spent precisely $0.00 on marketing. In this current phase, we just don’t need to—we have more than enough requests coming our way, primarily via word of mouth. We’re quite well known by the current demographics that constitute the largest demand for our services (ICOs, exchanges, attorneys) – and while we may not yet be on the tip of the tongue of the average person in blockchain, we’re certainly well-known enough to get a stream of word of mouth referrals large enough that we can’t take all of the requests.

It is important to clarify what the new report actually says. It does not vindicate ShapeShift. It only says the laundering was less than what WSJ said. But money laundering is money laundering, and no matter how you slice or dice it, or who else is allowing it, it’s still money laundering.

I’ll start with saying that I have extensive respect for the way you worded this—the report indeed did not vindicate ShapeShift. ShapeShift was very, very aware that if our findings were damning, they’d still be our findings. However, I will disagree with the “but money laundering is money laundering” bit. There is significant importance behind analyzing the extent instances of laundering takes place on any platform. Analyzing how much money has gone through any system contingent with volume is a KPI that’s existed before blockchain was a thought, and continues to be a metric of review for anyone in the know on these topics. Obviously, in a perfect world, the amount would be $0 – but we live in a far from perfect world. If you’d like to break down percentiles of dirty funds going through other platforms, I’m keen to discuss more in-depth – but the short version is that, relative to other platforms, the percentile of laundered funds that went through ShapeShift is substantially lower, and yeah, this matters a lot.

The company is based in Pittsburgh.

I personally am based in Pittsburgh, and the core team is spread out mostly in Europe. This datapoint, as you linked, is from our LinkedIn, which has a location of Pittsburgh since it is much more of a tech hub and place someone may decide to meet me in person. Your other due diligence on registered office/incorporation aside, I simply find it sensible to be public-facing enough to a degree to say “hey, I’m here if anyone cares to meet.” This is more than many companies have done, and frankly, a step I think as an industry we must demand more of – so why not practice what I preach, right?

You can file “incident reports” on CipherBlade’s website. A basic report costs $100. Adding a police report brings the price to $350. The platform accepts payments in bitcoin, ether and go—the latter being an obscure coin that mainly trades on Binance. The company does accept cash, but only via bank wires. 

So by now, a few other articles analyze bits about our Report function (and why it exists,) but allow me to go more in-depth with you directly: often times (and this ties into why people would pay for a Report) law enforcement doesn’t have the training on how to handle these types of incidents. Local/state police in the US often don’t even know where to direct victims (typically, would be an IC3 report) and victims (and sometimes law enforcement) often don’t know what should be in a report of one of these incidents. While I wish I had all of the time in the world to help everyone for free, I don’t – and the fees we charge for help on these reports, to be quite candid, is obviously not of a level that is highly attractive to us as a business. This may be explained better on a call, as it’s a lot to type in a brief paragraph – but the short version is that most incidents aren’t reported at all, and the few that are reported often don’t have what LE needs in them. The reports we generate give LE everything in what I like to call “a nice pretty box with a bow on it,” increasing the likelihood of action on these reports.

“Matthew [Greene] paints a picture of a company doing James Bond-level work.”

I have to chuckle a bit here, because I hear this joke on at least a weekly basis. Yeah, we do some pretty… interesting stuff, and indeed, some of it does involve tradecraft (I have and do cover both the cyber and physical realms in these cases,) but that’s pretty rare.

Sanders is the public face because his background, experience, training, and connections “hedge the risk he is exposed to,” Matthew [Greene] said. He added that Sanders likes “to joke that we should state on our website that all death threats should kindly be addressed to him directly.”

I mean, again, in fairness—I know you’re quoting Matthew here with the hedge the risk portion, but it’s simply the reality. There are indeed death threats we receive—and many in the industry get these (though, obviously, based upon angering criminals and friends of criminals, we get more,) so you’d likely have some context. The majority of these threats hold little to no merit of concern even for the average person – those making the threats are highly unlikely to act on them. However, we have done numerous reports that have identified sophisticated criminal organizations and even nationstate actors as responsible for a particular incident (actually, no less, one of these was identified via someone that filed via Report—and we identified a key logger ran by a particular organization that was benefiting a particular nationstate.)

If you do want a hilarious quote for an article, do feel free to ask me what another journalist once did – if I’m scared about this.

Where am I going with all this? Nowhere, other than, when a company issues a report that downplays money laundering on a crypto exchange, you may be interested in finding out just how that company actually knows about the subject—of money laundering, that is. The answer may surprise.

So I disagree extensively with your wording here, and here is why—all of the items regarding the company registration/incorporation have already been covered. Our knowledge of laundering primarily stems from my knowledge of laundering, drawn across an extensive case history. Without delving into cases, let’s simply say this – I can respect and appreciate the due diligence attempted on a company, and it would be fair to analyze connections in the way you did. However, to imply a company that has someone like me public-facing being knowledgeable of money laundering by premise of past history therein is a pretty insane accusation if you contemplate my background, holding of a security clearance, the fact I’m extremely public-facing (and, certainly, US Gov’t keeps tabs on what I’m doing and who I associate with)—it’s simply not a strong connection to make. I can go far more in depth about my knowledge of money laundering, whether in crypto, fiat (suitcase of cash stories?) or both—tell me what you need to know.

Lastly, I need to chuckle with you on this one…

His bio reads a bit like an Internet tough guy.

My military service making me have a label of “tough guy” (let alone internet tough guy, which, typically, is someone faking the funk and hasn’t served) isn’t warranted. In reality, I’m a huge softy. I’m continually baffled why I’m hearing multiple claims basically alluding to “badass” “tough guy” or other variations. I volunteered to do a job, and I did that job. It was my choice to do it. I expect no (nor do I want) any labels ranging from “brave” to “tough guy”—either side is just not applicable. There is courage in numerous lines of work, just like there is courage in being a journalist hunting for truth in the best interests of the public. We all have our roles. I served my role as a soldier, and I now serve my role as someone cleaning up this industry. I’m a bit baffled as to why CipherBlade, and especially in particular myself, are receiving labels that essentially amount to “scary”—the only people that need to be scared of me are people that have commit crime.

Put simply—I think that equipping you with some perspective from my end may prove beneficial to you. Make whatever revisions you see fit having had read this, and feel free to ask me any questions you have. I certainly assess you as the type receptive to getting the record straight.

Side note, props for your work on Quadriga. I was just in Toronto to do a solvency and security audit on an exchange… you know, the types of steps folks like you and I are pushing to make fair expectations. It’s a damn shame it had to come to that, but the overall vibe of transparency is reflected in both situations here.

Cheers,

Rich

(Sanders also wrote a lengthy response to David Gerard’s CipherBlade report.)

Posted on by Amy Castor 0

Blockchain analytics firm CipherBlade steps in to launder ShapeShift’s image

Screen Shot 2019-03-21 at 11.13.16 PMShapeShift was none too pleased when the WSJ put out a report in September 2018 claiming that the crypto exchange was being used to facilitate money laundering.

In an article titled “How Dirty Money Disappears Into the Black Hole of Cryptocurrency,” WSJ said it did an independent investigation and learned that ShapeShift facilitated at least $9 million worth of money laundering over several years.

Founded in 2013, with headquarters in Colorado, ShapeShift made a name for itself early on by allowing anyone to instantly switch out one crypto for another—while requiring no personal information. That changed in September 2018 when the firm announced it would soon require a log-in. ShapeShift didn’t specify why it added know-your-customer identity checks, but likely regulatory pressure was behind the move.

Nonetheless, the WSJ story was bad press for ShapeShift, one of the oldest of the crypto exchanges. The last thing you want when regulators have their eyes on you is to be associated with criminals. Of course, this was not the first time ShapeShift had been linked to criminal activity. In August 2017, WannaCry ransomers also tried to funnel their bitcoin through the exchange. ShapeShift responded by freezing their accounts.

Erik Voorhees, the exchange’s founder and CEO, fought back against WSJ’s claims on Twitter“We are aware of the poorly-researched piece written against us by someone at WSJ. The implications are disingenuous and misleading,” he said when the story came out. He also posted a lengthy rebuttal online.  

In February, WSJ struck again, this time stating that ShapeShift allegedly received hundreds of thousands of ether from Canadian crypto exchange QuadrigaCX in the months before its CEO, Gerald Cotten, died under mysterious circumstances, taking with him the secret to the whereabouts of 100s of millions of dollars in customer funds.  

The second WSJ report does not address what happened to Quadriga’s missing funds, only that, according to two independent researchers, some ether left the online accounts of the platform and moved through ShapeShift before Quadriga became insolvent. But the implication was the same—money laundering. 

To defend its reputation, ShapeShift “requested” CipherBlade, a hitherto unknown blockchain analytics company, to do a separate investigation. On Thursday, the analytics firm unveiled the results of what it said was a months-long project in a Medium post under the headline “How Truth Disappears Into the Black Hole of Shoddy Journalism.”

It what it claims was a recreation of the 2018 WSJ report, CipherBlade announced that “the WSJ’s $9 million ‘laundering’ claim was overstated by a factor of 4x.”  

It is important to clarify what the new report actually says. It does not vindicate ShapeShift. It only says the laundering was less than what WSJ said. But money laundering is money laundering, and no matter how you slice or dice it, or who else is allowing it, it’s still money laundering.  

CipherBlade said its analysis was based upon publicly available data and that it made extensive use of the “txstat” function of ShapeShift’s public API. The company also denies that ShapeShift or anyone else paid for the investigation. “We did this as pro bono work because CipherBlade has an interest in preserving the reputation of highly compliant and helpful organizations like ShapeShift,” the firm said

Crypto trade publications jumped on the redemptive news. “WSJ’s ShapeShift Exposé Overstated Money Laundering by $6 Million, Analysis Says,” wrote CoinDesk. (The pub also included a glowing comment from Voorhees, who said that “Crypto is bringing light, truth, and openness to finance.”) The Block published a story with the headline, “WSJ’s ShapeShift money-laundering claims greatly overstated, says CipherBlade.” 

Meanwhile, Voorhees took the opportunity to once again condemn WSJ on social media. “A respectable publication would issue a retraction or correction. WSJ made up false claims against [ShapeShift] both quantitative and qualitative, in order to push an anti-crypto, pro-bank surveillance agenda. WSJ may lie, but blockchains don’t,” he tweeted.  

One question nobody seemed to be asking was, “Who is CipherBlade?”

In short, CipherBlade is a firm with links to hundreds of shell companies and a director who has associations to Panama law firm Mossack Fonseca, one of the world’s largest providers of offshore financial services—but I’m sure, none of that means anything.  

The company is based in Pittsburgh. Its registered office is located at Nwms Center, 31 Southampton Row, London. And the company is incorporated in the Marshall Islands.

On its website, the eight-month-old CipherBlade claims to have “recovered millions of dollars of stolen funds, prevented dozens of ICO scams, and professionally handled PR disasters and other emergency situations.” The company was founded in August 2018. 

You can file “incident reports” on CipherBlade’s website. A basic report costs $100. Adding a police report brings the price to $350. The platform accepts payments in bitcoin, ether and go—the latter being an obscure coin that mainly trades on Binance. The company does accept cash, but only via bank wires.

The only employee listed on CipherBlade’s website is Richard Sanders, the company’s chief security officer and co-founder. His bio reads a bit like an Internet tough guy. He “served in US army Special Operations Forces” and “rose to site security lead at Google.” A spokesperson for the company going by “Matthew” (no last name given) told me in an email that the company does have other employees—they just aren’t on the website. 

Matthew paints a picture of a company doing James Bond-level work. Sanders is the public face because his background, experience, training, and connections “hedge the risk he is exposed to,” Mathew said. He added that Sanders likes “to joke that we should state on our website that all death threats should kindly be addressed to him directly.”

The company’s only human director is Genevieve Magnan, a 36-year-old woman, who is a citizen of Seychelles, an archipelago island off of the Indian Ocean. Seychelles is “an offshore magnet for money launderers and tax dodgers,” according to a 2014 International Consortium of Investigative Journalists (ICIJ) report

According to her LinkedIn profile, Magnan is the corporate administrator for Seychelles-based AAA International Services, a “corporate services provider” — essentially, a company that helps other companies set themselves up in off-shore jurisdictions.

CipherBlade describes Magnan as a nominee director, whose only role is to be publicly visible in paperwork, such as the company registry. Matthew explained to me that the purpose of this company setup is to keep most of the CipherBlade team “shielded,” based on the nature of its work. “We’ve worked cases that involve very dangerous individuals and groups, including nation-state actors,” he said.

A little more digging pulls up a maze of companies. Magnan, for instance, holds shares of Sera Company, a holding company for an issuing company based in Cyprus (with a placeholder name “The Bearer”) that holds shares in 20 other companies.   

Screen Shot 2019-03-21 at 11.24.04 AMShell companies are ghost companies that have no significant assets or operations of their own. They are not illegal. In fact, ICIJ, which houses the leaked Panama Papers database—where I got a lot of the information for this story—makes it clear that “there are legitimate uses for offshore companies and trusts.”

I don’t want to suggest or imply that CipherBlade or any of the companies that it is linked to have done anything improper—as Matthew said, CipherBlade’s setup has a purpose, obviously. However, shell companies lend themselves to illegal activity. Criminals know how to use them to move money and create a house of mirrors to fool the system.

As examples, one company Magnan is listed as being a director of — Big365.com—is the recipient of a disgruntled review on Forexpeacearmy. “Jeff_calgary” claims the firm disappeared with his money. Magnan also appears to be the director of StocksM, which another Forexpeacearmy user describes as a high-yield investment, aka ponzi, scheme.

Where am I going with all this? Nowhere, other than, when a company issues a report that downplays money laundering on a crypto exchange, you may be interested in finding out just how that company actually knows about the subject—of money laundering, that is. The answer may surprise.

 

Thanks to and Cas Piancey and David Gerard, who inspired and contributed to this story.

Posted on by Amy Castor 0