Who Watches the Chain Watchers?

Chainalysis works within the bounds of the law, exploiting the real privacy issues for public blockchains. That’s not an invitation for blanket, legislative surveillance.

AccessTimeIconSep 22, 2021 at 3:25 p.m. UTC
Updated May 11, 2023 at 6:16 p.m. UTC
AccessTimeIconSep 22, 2021 at 3:25 p.m. UTCUpdated May 11, 2023 at 6:16 p.m. UTC
AccessTimeIconSep 22, 2021 at 3:25 p.m. UTCUpdated May 11, 2023 at 6:16 p.m. UTC

Yesterday we had a major scoop from CoinDesk’s Danny Nelson, who unearthed a set of slides showing the crypto investigations firm Chainalysis has been running a wallet explorer site that scrapes users’ IP addresses as part of the firm’s investigative services for law enforcement agencies.

While the idea of a honeypot website harvesting IP data is definitely creepy, I would argue Chainalysis’ apparent methods here are laudable because the data is gathered as part of targeted investigations rather than as a form of sweeping surveillance. Legislators around the world sometimes seem to forget the distinction, as when they pressure companies like Apple for backdoors into its system that compromise the privacy of all users – or, increasingly, push for crypto legislation with blanket invasive surveillance requirements.

This article is excerpted from The Node, CoinDesk’s daily roundup of the most pivotal stories in blockchain and crypto news. You can subscribe to get the full newsletter here.

Particularly notable here is that the block explorer in question, walletexplorer.com, is not particularly well-known, at least in the West. That, along with its primitive appearance, suggests that Chainalysis may have actively promoted it in criminal circles, perhaps even as a “safe” alternative to more mainstream block explorers. The IP addresses gathered by the site, as the leaked slides explain, could be correlated with other data, on and off the blockchain, to help establish the real-world identities of investigation targets. That means that if you’re not in Chainalysis’ crosshairs, visiting its block explorer is unlikely to have compromised your identity on its own.

Now, this is not an advice column for criminals, but if it were, this would be my takeaway: Don’t use cryptocurrency to do crime. For whatever reason, early discussion of Bitcoin often described it as “anonymous,” but that’s profoundly inaccurate. In fact, real privacy is extremely hard to implement on public blockchains, which in many cases must keep transaction data transparent to function. That includes, in the case of Bitcoin, a public record of every transaction ever.

So while a Bitcoin wallet provides a useful level of everyday privacy in that it doesn’t have your name attached to it, there’s a whole lot of metadata that can be correlated. Over the last few years, it has become increasingly clear that data often leads back to a real-world name – the IP addresses gathered by Chainalysis are one obvious source of clues, but probably not the only one. Even crypto specifically designed for privacy seems to have major limits – Chainalysis also claims it was able to “provide usable leads” in 65% of investigations on the Monero blockchain.

The good news is that if you’re looking for money laundering services, you have some better options. If you’re a big enough fish, give megabank HSBC a call: The bank has been extremely attentive to the illicit finance needs of Mexican drug cartels. If your requirements are more esoteric, consider a trip to Vatican City: The Holy See, through its affiliated banks, allegedly played a key role in funneling the Central Intelligence Agency’s drug money to terrorist cells throughout Italy and Europe as part of Operation Gladio.

Again, this is not a criminal advice column – but I hope I’m doing some good here. We already know (thanks to Chainalysis, in fact), that the level of criminal activity on blockchain networks is low. It’s simply not an application the technology is built to fit, or maybe ever will be. The more people figure that out, the less pressure authorities can bring to bear to systematically compromise the privacy of law-abiding citizens.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

David Z. Morris

David Z. Morris was CoinDesk's Chief Insights Columnist. He holds Bitcoin, Ethereum, and small amounts of other crypto assets.