By 6102bitcoin, Dec 19, 2019

Overview

Screenshots appear to show that Binance are blocking users who use Wasabi Wallet from further withdrawals. In this article I explore what reason Binance my have to distance themselves from users who use Wasabi Wallet.

TL;DR. I speculate why I think that it’s likely that binance received lots of the scam PlusToken bitcoin that @ErgoBTC tracked going into Huobi. This would explain why they are now blocking of anyone mixing with wasabi (which was known to have been used as part of the scammers mix process) as they try to publicly distance themselves from the scam.

CoinJoin

Bitcoin transactions are public. Used naively this makes bitcoin transactions very easy to follow, meaning that bitcoin is not private by default. Used carefully (with the correct tools) bitcoin can be used quite privately and much work is being done to improve both the ease of using bitcoin privately & the cutting edge of bitcoin privacy.

One key tool used by those looking to use bitcoin more privately is CoinJoin. I have written an intro for those who are unfamiliar, but put simply it is a process of mixing your coins with those of other strangers in such a way that it is not possible to determine with certainty the links between the bitcoin that goes into the CoinJoin transaction, and those which emerge from the other side.

Fungibility Risk

A frequent concern of users learning to improve their bitcoin privacy is whether their bitcoin will be more difficult to sell / exchange after mixing. They wonder whether mixed ‘tainted’ coins are less valuable than ‘untainted’ coins, i.e. whether bitcoin is fungible.

Taint

Typically people describe coins as either having no Taint (A freshly mined coin which has no ‘history’ to speak of) to being Tainted (A coin which for which the pubkey is widely known to be a scammer’s repeatedly re-used address.)

The ‘Tainted’ coin is only such because the address of the scammer is known to the analyst. Suppose that the analyst doesn’t know this vital piece of information, would the coin still be tainted? It should be clear that the degree to which coins can be classified as tainted depends on the level of information available to the person doing the classifying.

As such, taint is not an intrinsic property of the coin (unlike, for example, the value of the coin in satoshis), it is an extrinsic property imposed ON the coin BY the analyst.

A non-issue?

Until now there have been no reports of people having issues selling / exchanging bitcoins which have been mixed. If confirmed this would be the first sign (to my knowledge) of exchanges blocking mixed coins, and thus warrants investigation.

The Screenshots

3 screenshots were posted by @bittlecat (See link or at the end of this article).

The second screenshot contains the following message supposedly from Binance:

We noticed [REDACTED] cryptocurrency withdrawals to WasabiWallet.io which upon our review is a mixing/private wallet provider with a total amount of [REDACTED] BTC in total, the addresses are as follows, …

Binance Singapore has reportedly blocked bitcoin withdrawals for one of their users after the user participated in a Wasabi CoinJoin with coins previously withdrawn from the exchange.

This raises two questions which I will address separately;

Why did Binance care that this user had used Wasabi AFTER withdrawing? How did Binance notice that this user had used Wasabi AFTER withdrawing?

Why did Binance care that this user had used Wasabi AFTER withdrawing?

Exchanges are generally incentivised to do the following two things:

Accept as many customers as possible (to increase revenue). Abide by the laws of the jurisdiction in which they are based (to avoid fines / jail).

In order to satisfy (1) exchanges either move to jurisdictions where the rules are relaxed / unenforced or KYC their users to such a degree that they scare away anyone who could remotely be considered a risk, satisfying (2).

Exchanges which go the route of moving to relaxed jurisdictions often grow so large that they end up becoming a large target for well financed American law enforcement, and eventually enforce strict KYC. Binance is one such exchange. They originally had a no KYC policy, increasingly they are targeting users attempting to make large withdrawals or using a VPN with invasive KYC requests.

It could well be that Binance is flagging accounts participating in CoinJoins (generally). If a user withdraws directly into a CoinJoin it is very easy to identify this because CoinJoin implementations have multiple outputs of the same size.

BUT, it seems strange that Binance would be the first exchange to start doing this given that they typically ‘fly by night’ and spent much of their first year without any KYC whatsoever.

So … why Binance?

The founder of Binance, Changpeng Zhao (CZ) is clearly attempting to break into the Chinese market and get close to the Chinese Government (he posted the below tweet in the midst of the HongKong protests).

The last thing Changpeng needs is to get embroiled with a scam of unprecedented magnitude which would jeopardise his links with the Chinese Government. One such scam which Binance would NOT want to get embroiled with is PlusToken which was widespread in China. Some of the operators of the scam were arrested by Chinese Police.

It is likely that Binance executives recently read the superb reporting by ErgoBTC into the PlusToken scam which involved using Wasabi Wallet to (poorly) mix 50,000 BTC (between early August and mid-September 2019).

It is likely that they read the below sentence a few times over

“The majority of the poorly mixed coins were sent directly to Huobi.” — ErgoBTC in Tracking the PlusToken Whale

Why would they have been interested in this line? Well, in a tweet last month CZ celebrated the fact that 259K BTC had been sent from Huobi to Binance in 2019.

Pure Speculation

It is possible that Binance has reactively instructed their staff to flag accounts withdrawing and mixing with Wasabi Wallet (rather than withdrawing and CoinJoining generally) in order to distance themselves from the PlusToken scam after realising that an enormous amount of bitcoin likely flowed from the PlusToken scammer, through huobi exchange and into binance as part of a massive laundering operation.

How did Binance notice that this user had used Wasabi AFTER withdrawing?

Wasabi Wallet is particularly easy to identify (given that the coordinator fee address is re-used each round) making this flagging process particularly easy.

Users could investigate whether this is the case by trying to withdraw into a different mix (for example a Whirlpool mix) though they should clear out their account before trying.

What if I am wrong?

This may well be the canary in the coalmine regarding exchanges treating any CoinJoin participation generally as suspicious it is the perfect time to familiarise yourself with non-custodial, decentralised exchanges (e.g. BISQ) which operate in such a way as to sidestep centralised KYC requirement.

In the meantime it would be trivial to evade this automatic flagging (by sending to at least one intermediate address before sending to the CoinJoin transaction). It will be interesting to hear how many transactions deep will cause binance flagging to kick in.