Bitcoin Mixing, Wasabi, and Coinbase - E216
Europol EC3 Cyber Bits April and May issues where they talk about Wasabi wallet and bitcoin mixing in general.
In this episode, I read through the new Europol EC3 Cyber Bits April and May issues where they talk about Wasabi wallet and bitcoin mixing in general.
My copy: /content/images/wordpress/2020/06/Europol-Wasabi-Wallet-Report.pdf
Next part is on why you should Delete Coinbase. They are trying to sell your data to the DEA and the IRS.
Janine thread on Neutrino and now Coinbase’s crimes against human rights. Coinbase owns the technology from https://twitter.com/J9Roem/status/1100876184999596054?s=20
Get The Bitcoin Dictionary!
Bitcoin jargon demystified. Over 180 Bitcoin terms, concepts, and idioms.
The TOP Free Bitcoin Newsletter!
Don't miss another issue. Subscribe to the Free tier!
Subscribe to the Pod!
iTunes | Stitcher | Google Pods | YouTube | Soundcloud | RSS
The Show Needs Your Support
We’re a small operation and producing quality content people find valuable.
Check out our big list of ways to help the show
- Chart Like A Pro With TRADINGVIEW
- The Best WordPress Theme I’ve Ever Used! GeneratePress
- Sign Up For Audible And Get 2 FREE Audio Books
Have Feedback? Send it our way.
**DISCLAIMER: This is not investment advice, do your own research.**
This is the Bitcoin in markets podcast my name is Ansel Lindner. I'm keeping you ahead of the curve in Bitcoin.
What's up bitcoiners? Welcome back to the show. Today, we're gonna do a privacy centered episode. We're going to talk about the Europol paper on coinjoin and then talk about Coinbase, the backstabbing that they've done to their customers, selling their private data, or trying to sell their private data, so we're going to get into that.
Before we get started though, I wanted to make sure I plug my other podcast called Fed Watch, this is a Bitcoin Magazine podcast. So, you go onto Bitcoin magazine's podcast feed and you can find it there. I cohost that with Christian, we talk about macro, Fed stuff, ECB, Bitcoin, and how it all mixes together in that macro type of climate. So, check that out Fed Watch.
Next thing up is my Bitcoin Dictionary has been listed on Amazon for presale. I've been working on this thing for about a year. I'm going back and forth getting, making sure I get the right entries, the right format, the right definitions, is taking a long time. Right now, it is out for proofreading to some friends in in my circle and so once I get it back, I'll make those edits and it will be up on Amazon. Paperback to follow shortly after that. That's called the Bitcoin Dictionary. If you're on Patreon, if you support me on Patreon for $5 or more every month, then you will be getting the book for free, of course. So, if you want to support the show and get some free content go over there to patreon.com/bitcoinandmarkets and help support my stuff. Thank you to everybody that supports.
Alright, let's get into this privacy stuff. Now, I have to have a disclaimer up front here, I am not an expert, I'm not a privacy expert here, alright. I support fungibility 100%, 100%! support fungibility. And I know that since Bitcoin is a permissionless system, privacy efforts will grow independent of what I think. Like I could think X implementation is better than Y implementation, but it doesn't matter because the market will sort that out. It is a permissionless free market system. So, I just support in general people that want to use this fungibility, but of course always be careful with this stuff.
I was one of the first 100 users on Samurai Wallet back when they were doing their Alpha release on Android years and years ago. I probably was the first person to talk about it on a podcast. So, I support Samurai, I also support Wasabi. I don't have a dog in this fight. I think fungibility/privacy wins, so, I'm all for both of them. Again, I'm not a tech expert, so, I'm going to focus on some different arguments than the actual implementation of it.
Europol EC3 on Wasabi Wallet
Okay, let's jump into the Europol thing. They have a European cyber-crime center (EC3) and they have this series called Cyber Bits. It's all about darknet markets and cryptocurrencies and that kind of stuff. They have a couple recent issues in April and I wanted to read through this because they specifically talk about Wasabi and coinjoin. This is very applicable to Bitcoin, and applicable to my listeners, so, I wanted to go through this.
This is from EC3 and it is dated April 2020.
Part 1 Wasabi Wallet
What happened in the last period was Europol’s EC3 started to notice an increasing number of investigations involving Wasabi Wallet. Wasabi is a light wallet that implemented a very effective method of mixing Bitcoin into a so-called coinjoin. This means that it merges coins originating from different users into one transaction and redistributes these into many standardized amounts on the output side, which makes it difficult to correctly link inputs with their respective outputs.
Wasabi claims to be an open source, non-custodial, privacy-focused Bitcoin wallet for desktop use, which implements trustless coin shuffling with mathematically provable anonymity.
How does it work
Let's take a closer look at the above mentioned four adjectives:
Open-source: Same as many other wallets including the very first one – Bitcoin Core – all have code transparently showcased at GitHub so that everyone can check that the code is doing anything malicious.
Non-custodial: Users who download the wallet store all bitcoins locally, so the administrators and developers of Wasabi have no way of accessing a user’s balance or funds.
This also means that the AML (anti-money laundering) legislation including Europe’s latest AMLD5 (the 5th Anti-Money Laundering Directive) does not apply to this service.
Privacy-focused: Unlike most other cyptocurrency wallets, the main purpose of Wasabi is to protect the anonymity of its users – via non-optional use of passwords, integration of TOR and, most importantly, its unique and elaborate coin mixing mechanism.
Additional privacy-focused transaction-specific features include:
· Very large transactions mixing funds of many participants at the same time;
· Blind signatures that assure that even Wasabi operators cannot link inputs and outputs;
· Standardized randomized amounts;
· Generation of a new address for each incoming transaction;
· A coin control feature (gives users a choice on which input address to spend);
· Custom transaction fees;
The last item deserves a more elaborate technical explanation. If a user runs a light wallet, such as Wasabi, that does not require storing the 250 GB bitcoin blockchain, the wallet needs to connect to one of the nodes in the bitcoin network to get the current status for all addresses in the wallet. However, this may decrease a user’s privacy as the tracing companies operate many of the nodes in the network, who could then easily make a link between a wallet and all addresses it controls and correlate transactions with IP addresses.
Breaking in here, these analytics companies are running nodes. Your node will request certain addresses, that’s where they get you. They can get your IP address, your wallets, they can look at the history of those inputs and outputs, and trace that back and apply that to your name. That’s a very big problem. That’s what they are talking about with this Block-filter here.
To make this process less reliable, some wallets (e.g. MultiBit or Bread) implemented so-called Bloom filters, which request many addresses from the node, including false negatives. However, this did not stop tracing companies from harvesting valuable information for their tools. Block-filter goes one step further than Bloom-filters by downloading full blocks of data, making it difficult to establish which address in the block is actually being requested. This should prevent the tracing tools from linking bitcoin addresses to IP addresses and clustering addresses based on network traffic.
Trustless: When using centralized mixers, users run a risk of their funds being stolen by the mixer. Another risk is that the centralized service may be taken down by law enforcement who may seize logs and subsequently identify users behind the transactions. Wasabi completely mitigates the first risk as the user has a complete ownership of the private keys and while the wasabiwallet.io site could theoretically be taken down, IP logs would be worthless as the service uses TOR by default.
How popular is the service?
Certainly popular enough to spark our interest. Wasabi has been in operation from Autumn 2018 and has gradually been gaining tractions. Looking at the Wasabi cluster in Chainalysis, the service received over 110,000 BTC, which corresponds to over 500 million Euros as of March 18, 2020.
The ratio of addresses to transactions is very high, which is expected given multiple parties mixing their coins within the same transaction.
How is the service used?
According to the same tool, over the last three weeks, BTC in the amount of nearly 50 million USD were deposited into Wasabi with almost 30% coming from dark web markets. This is a significant amount, relatively speaking, given the dark web transaction are estimated to have only 1% share of total transactions.
Now this is interesting here, that they admit dark net markets only make up 1% of bitcoin transactions as a whole. So, this means they know.
Why do you need to know?
· Wasabi is a very effective decentralized bitcoin mixer with many privacy-focused options;
· It provides possibly the most convenient and secure way to mix bitcoins;
· Wasabi become popular and naturally also attracted those involved in criminal activities;
· The next Cyber Bit will provide an insight into a hands-on interaction with Wasabi, demonstrating a transaction and explain the possibilities for law enforcement investigations. Spoiler alert: things are not looking good.
They actually put that in there. “Things are not looking good.”
I’m not going to bore you with the entire next issue. I’m going to concentrate on the conclusion. So, this is the next issue, the May issue of 2020.
Why should you know?
· It is easy to visually identify Wasabi wallet transactions, just by looking at them in the blockchain;
· Tracing tools will identify most of the addresses but will not demix the transactions;
· It may be possible to follow the money if the suspect happens to make a mistake;
· Suspects who avoid major slip-ups have a very high probability of staying undetected;
· If you or your colleagues actively research Wasabi or other mixing – do get in touch!
They are very interested in this. But it's very important to know that if you avoid major slip-ups you have a very high probability of staying undetected, which is very very good. Not because you're a criminal but because you have the right to move your money without people watching you. This is your property, you have the right to privacy, if you don't believe in the right to privacy what's your password for your email? Give it to me, I have the right to know apparently, you think that. That's wrong.
Everybody has the right to privacy. You have the right to your passwords, you have the right to private email, private messaging, private money transactions; it is dependent on them to do the police work. So, I'm not mad at them for trying to do this. They have the right to do that, and you have the right to try to avoid it. This is an arms race in privacy, and it looks like Wasabi gives us the opportunity to win this. Very very interesting.
Check the link to this in the show notes, and I I'll host it on my website as well, because supposedly some people were saying that they took this down, but I'm accessing right now on the original place I found it. But I will be hosting it on my website for you guys.
Coinbase exposing customer data
You might have seen this come out earlier this month, so, I don't know, two weeks ago now, this was a story from The Block. I linked to this through an archive link, and I want to explain these archive links real quick, because I think it's important.
A lot of discussion has come up recently that I've seen about fake news and not trusting people, and the revenue model that these websites have for fake news and stuff, click bait, it's very important to not support them. Even if they have some good articles, you should not be sending people, sharing a link to directly to the website, because, even if you share it and 10 people follow your link, then you know you're just giving them more clicks, and giving them more revenue for their ads. If you want to police them, and you want to hold the purse strings, then you will not do that. But as a corollary to that, remember, June is the month where I've been challenging my listeners to go out there and support your favorite content producers, independent content producers online. It could be anything. Some science show you watch on YouTube, or some fan fiction movie that you really enjoyed, and you want to support them, or a news outlet like this one or another podcast you listen to. So, I challenge you to go out there and support somebody for $5 a month. You need to pay to have good quality content.
You're not going to get good quality content by paying through your eyeballs, because that's the way you degrade the quality down to fake news and scamming. The reason why I share this specifically for the block crypto is because they are big shitcoiners, anti-bitcoiners. The main guy that runs that, I forget his name now, but he's on Twitter and he's always bashing on Bitcoin maximalism and bitcoiners. They do a lot of reporting on altcoins, so they're getting people into those scams. Same thing with Coindesk. I haven't shared a Coindesk link in a long time. I do just the archive links, because I don't want to send them clicks. I don't want to send them revenue. So, we gotta take control of our content. OK. I shared the archive link in the show notes once you can get take a look at it there.
From The Block Crypto, and the headline is, Coinbase Wants to Sell Blockchain Analysis Software to the IRS and DEA a year after its Neutrino acquisition.
Sounds very very bad, you probably saw this out there. I want to get into what Neutrino is real quick for newbies. I linked to this great tweet thread by Janine, I don't know if she's still doing the show with them over there at Block Digest, but she was a contributor to Block Digest on YouTube and really good security researcher, really good privacy advocate. Neutrino is basically the term for this Hacking Team, and they called themselves Hacking Team. Hacking Team was listed as an Enemy of the Internet by RSF International because they, “sell products that are used by authoritarian governments to commit violations of human rights and Freedom of Information.” They sold stuff to Saudi Arabia to crack down on their population, and their enemies sold to Egypt when Egypt was in the middle of their Arab Spring revolts. They've sold all of this to Mexico, and Latin America, and other governments, of course, the US government I'm sure. This thread is full of links, Janine does a great job archiving this stuff for us, so, check that out.
Coinbase acquired this company and there was such a uproar on Twitter and in the Bitcoin community that they ended up laying off a bunch of over, they laid off all of the founders of this Hacking Team. They were going to keep them on, at coinbase and then they decided to let them go, but they use their software. And now, The Block is reporting that they are using this Neutrino technology to sell information to the DEA and the IRS here in the United States.
These two agencies intend to buy licenses from Coinbase for an analytics platform called Coinbase Analytics. This is just a rebranding of Neutrino. Neutrino is now called Coinbase Analytics. So, this technology that was used in human rights abuses, is now being used by Coinbase against their own customers. Really really bad deal.
Documents related to the purchases by the IRS and DEA were published in April and May respectively notably the IRS document draws a connection between Coinbase Analytics and Neutrino and intelligence agency that Coinbase controversially purchased in 2019. The acquisition drew controversy due to its founder's involvement in the Italian spyware firm Hacking Team and Coinbase ultimately said that it would part ways with team members associated with Hacking Team, so, it's pretty bad.
Public records also indicate that Coinbase is not being officially granted the awards and the company does not appear in queries submitted to USAspending.gov e-directory for government contract awards. According to this database page, Coinbase’s registration to offer products and services to the United States government became active on April 28th with an expiration date of April 13th 2021. When reached for comment, a Coinbase spokesperson told The Block that the information offered in Coinbase Analytics has always been kept completely separate from Coinbase internal data. They're trying to say that this is not customers, it's just everybody else, it’s just general people out there.
Trying to deanonymize Bitcoin, invade on your privacy. Anyway, I'm not going to read through the rest of this. It's really bad. Delete Coinbase.
After this hit the wire there was something like, I don't know, 100,000 bitcoins came off of Coinbase over the next couple of days. Which is pretty interesting. Again, they're saying they're not co-mingling this with customer data, but I find that very hard to believe. You know it's just Bitcoin in general, so, if they find something for Bitcoin in general, and you have an account at Coinbase, they're probably legally required to freeze it. To me that makes sense.
They're looking into this trying to be as compliant as freaking possible, and make as much money off of your data as they can. Delete Coinbase. This is a very important thing for the privacy and fungibility of Bitcoin.
I rest my case. Guys, thanks for joining me. My name is Ansel Lindner, this is Bitcoin and Markets. Support me over on patreon, patreon.com/bitcoinandmarkets. Check out the new Bitcoin Dictionary book. It is available for pre-order now on Amazon. And don't forget to check out Fed Watch, the new podcast with Bitcoin Magazine and CK Snarks. I will see you guys next time.