A version of this article was published in TIME’s newsletter Into the Metaverse. Subscribe for a weekly guide to the future of the Internet. You can find past issues of the newsletter here.
Criminals have increasingly turned to cryptocurrencies to hide illicit activities over the last decade, and Wired reporter Andy Greenberg has covered their movements since the beginning. His new book, Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency, however, is focused on the enemies of crypto scammers and criminals: the federal agents who used the transparent qualities of the blockchain to carefully track down ne’er-do-wells and put them behind bars.
The book tells the story, for example, of how blockchain tracing techniques led to the arrest of 337 people who participated in a horrifying dark web network that shared child pornography. These users believed their identities to be secure because of the network’s use of Bitcoin. But it was precisely the open nature of Bitcoin transactions that allowed for all them to be tracked down and arrested.
Greenberg’s book (Doubleday) arrives at an era of mounting crypto scams, including the $400 million hack of the now-insolvent exchange FTX. In a phone call, Greenberg talked about the status of that hack and the dangers of both online anonymity and surveillance.
Excerpts from the conversation are below.
How did you come to write a book about the tracing of crime across the blockchain?
The reporting goes back to 2011. Around that time, I was obsessed with this group called the Cypherpunks, a movement of mostly libertarians who, in the 1990s, began to dream about using encryption technologies to try to take power away from governments and corporations and give it to individuals. That’s when I learned about what seemed like a Cypherpunk invention, which was Bitcoin.
What was remarkable about Bitcoin at the time was not just buying a cup of coffee—but also, just like cash, you could put a bunch of unmarked bills in a briefcase and send it across the world without revealing anything about your identity. Bitcoin seemed like it could be anonymous and untraceable. As someone who was interested in this world of cybercrime and evasion of surveillance, it seemed like this was going to unlock a whole new world of online crime and money laundering and drug dealing and cybercrime.
That definitely happened. But it took me a decade to realize how opposite of untraceable Bitcoin really was. Cryptocurrency tracing was not only possible, but an incredibly powerful investigative technique. And in the hands of one small group of detectives, it led to the bust of one massive cyber criminal operation after another, each bigger than the last.
Let’s talk about some big news of the moment: this month, FTX founder Sam Bankman-Fried admitted that his crypto exchange co-mingled customer funds with that of his investment firm, Alameda Research. Why did nobody find evidence of this on the blockchain until now?
It is fascinating to see that in the midst of this golden age of crypto tracing, where so many recognized bad actors were traced and identified and charged and imprisoned through crypto tracing, this huge black hole of financial irresponsibility or negligence was happening under our noses, but evaded notice.
I think it’s partly because it was seen as a legitimate player in the crypto economy. It wasn’t a black market trying to evade surveillance. But I don’t know if the dangerous flows of money from FTX to Alameda were visible on the blockchain, or if they were happening at a different level of those company’s accounting systems.
It’s worth noting there has been this apparent theft of about half a billion dollars of FTX’s funds. That is a real crime in progress, it seems.
The interesting thing about the properties of crypto is we can all watch that half-billion-dollar sum move around the blockchain. Many of the main characters of my book are watching that money move. It will be very difficult for whoever took that cryptocurrency from FTX to cash it out without being identified. We will, almost certainly, get an answer of who took that money.
You see this with so many of these heists: somebody steals an enormous amount and is left with the very difficult problem of what to do with it. Very often, you see them freeze up for years. The problem isn’t stealing it: that’s all too easy. It’s getting away with it, and laundering that money in a way where you can actually spend it on something.
Do you think most people who use crypto in 2022 understand its lack of privacy?
I think the majority of crypto users probably don’t care whether it is anonymous or private at all: They are just buying it as a speculative investment. For people seeking financial privacy, they have come to realize most crypto, and certainly Bitcoin, are anything but private. You see that in part in the ways they’re shifting to more private currencies, like Monero and Zcash. You also see it in the ways the most prolific crypto criminals seem to be in places where it doesn’t matter if they can be traced, like Russia and North Korea.
I think there is still a shrinking but existent group of people who think they’re staying a step ahead of law enforcement and surveillance. But it’s very easy to think you’re doing enough to evade this tracing when you’re not. And there’s a whole industry of very clever and well-funded people whose job it is to find ways to surprise you and trace what seems untraceable.
How have both law enforcement agencies and independent tracing companies stepped up their game since the main bulk of reporting in your book took place?
When Tigran Gambaryan [the IRS agent and investigator who is a main character of Greenberg’s book] traced corrupt Secret Service agents, he essentially was working on his own, after hours, and doing so without any real tools. Now, if you flash forward to 2022, IRS criminal investigators have routinely used this technique to make the first, second, and third biggest seizures of money of any kind in Justice Department history. There are whole teams at probably every major law enforcement agency in the U.S. and probably others worldwide, who use this fluently. I know there are full-time crypto tracers inside the FBI, DEA, and IRS.
But also, there’s this whole arsenal of tools created by a whole industry of companies, first by Chainalysis, who was the first start-up to focus on Bitcoin tracing as a business. Now they are competing with Elliptic, TRM Labs, CipherTrace, and more every day.
The cat-and-mouse game is going to just keep advancing—or at least, the cat side of it is becoming so cutthroat and cutting edge. They are all competing to come up with new techniques to trace people’s money.
It also means that these tools are becoming a commodity. If you’re a law enforcement agency who doesn’t know how to trace cryptocurrency, you don’t have to learn. You can just pay for a contract with one of these companies that will provide you super polished tools to do it and train you how to do it.
At the end of your book, the cryptography professor and tracing pioneer Sarah Meiklejohn expresses trepidation about how this sort of power might be used by oppressive governments.
One scenario is that people might have wanted to use crypto as a means to pay for abortions in states where that is illegal. Now, that can be traced. Internationally, it’s even more harrowing to think about how there will be Russian, Chinese or other powerful repressive regimes that use this tool to crack down on people seeking financial privacy or raising money for dissent or adversarial journalism or activism.
There’s no doubt that this is a complicated capability, ethically speaking. I’m not saying necessarily that Chainalysis or the U.S. government will abuse it. But it seems clear at some point, these capabilities will be available to regimes we would rather not be giving new surveillance powers to.
When I was working on this book, I had trepidation about telling a whole story from the law enforcement perspective: I didn’t want to tell a simple cops-and-robbers story. So much of the narrative came from federal agents and prosecutors, and I felt like I really needed to offer the perspective of someone who could correct this. Luckily for me, Sarah serves as the conscience of the story. She invented so many of these techniques, but decided not to work for the crypto tracing industry. She is a super thoughtful person who can talk about the ways in which not entirely a good thing that crypto can be so easily traced.
In August, the Treasury Department sanctioned Tornado Cash, a privacy-preserving blockchain tool, arguing that it was “a significant threat to the national security” of the U.S. Its defenders have opened lawsuits and argued that to ban it would be to make privacy a crime. What do you make of this legal battle?
I don’t think the future of crypto privacy depends on the outcome of this one case. There will be other decentralized mixing services, and there are tools like ZCash and other alternative cryptocurrencies that already seem to be very hard to trace. As these tools gain more adoption, there will be new both technical and policy battles over this stuff.
I think it may yet be that untraceable transactions are possible—and a world of true financial privacy still may be coming, for good and for ill. Some of that will no doubt be criminal.
- For more of TIME’s coverage of the future of the internet, subscribe to our newsletter Into the Metaverse by clicking here.