The Fungibility Monster Under Bitcoins Bed Just Went Bump

Donald Trump, An Indictment, Russian Government Hackers (allegedly) and Bitcoins Fungibility are all in the mix, so this is going to be a fun exploration.

Recommendation: Skip to the bottom of this article for a TL:DR point by point analysis, then come back to the top to read through the article

The Background:

I’m going to try and get right to the point here and disregard the fluff.

America has been going through a very politically charged storm with Trump, Hillary, Wikileaks, The Server, 30000 deleted emails, Russian hackers and the Mueller probe.

To be blunt, there is a continuing power struggle happening between the deep state (represented by Mueller and Rosenstien) and the Trump camp. This was further highlighted in Trump and Putin’s recent remarks in Helsinki on Monday.

But before this meeting between Trump and Putin occurred, an interesting indictment (dirty bomb) came out from Rod Rosenstein (Deputy Attorney General of the USA), indicting 12 Russian nationals (who live in Russia) for hacking and related crimes, like money laundering, in association with the 2016 American presidential election.

On the surface, the intent of releasing the indictment hours before the Putin meeting was to muddy the waters between Putin and Trump, and also to put Trump into an awkward position. In any case, Trump called the deep states bluff and doubled down, and even had Putin double down for him on a number of issues that I won’t go into here. Lets get back to the indictment and the related Bitcoin context.

During the press briefing held by Rosenstien on the indictment he informed the press that the 12 Russian hackers used cryptocurrency as a vehicle to achieve their objectives. So what cryptocurrency did these Russian hackers allegedly use to accomplish their nefarious super secret actions?

According to the indictment, which you can read here, the Russian hackers, the elite of the elite Russian nerds, used Bitcoin to conduct their super secret operations…which is baffling for a number of reasons I will get into latter.

Here are the relevant pieces of the indictment, as they relate to Bitcoin.

45 The conspirators conducted operations as Guccifer 2.0 and DCLeaks using overlapping computer infrastructure and finance: a. For example, between on or about March 14, 2016 and April 28, 2016, the conspirators used the same pool of Bitcoin funds to purchase a Virtual Private Network (“VPN”) account and lease a server in Malaysia. In or around June of 2016, the conspirators used the Malaysian server to host the dcleaks.com website. On or about July 6, 2016, the Conspirators used the VPN to log into the @Guccifer_2 twitter account. The Conspirators opened that VPN account from the same server that was also used to register malicious domains for the hacking of the DCCC and DNC networks.

So from this we can see that the Russians were not careful enough with their Bitcoin funds. When they bought two different services with the same pool of Bitcoin funds, they inadvertently exposed those two operations as associated. We also may be able to eventually track down the above transactions on the blockchain, since the dates of those transactions are given…more on this to come.

57 to facilitate the purchase of infrastructure used in their hacking activity — including hacking into the computer of U.S. persons and entities involved in the 2016 U.S presidential election and releasing the stolen documents — the Defendants conspired to launder the equivalent of more than $95,000 through a web of transactions structured to capitalize on the perceived anonymity of cryptocurrencies such as bitcoin.

Bitcoin can be very traceable. since each sending and receiving transaction is recorded in perpetuity on the blockchain. Senders and receivers are identified with a string of characters and numbers like so:

Sender who is named 1Gzmp3SbZdP1by8auwYnHofbtKRNZb1uF3 sends 0.00336755 BTC to the receiver, who is named 1BPpDjGsbYARyju7jCUFYGhfcpof6Szzg3

This data is recorded on the blockchain and unchangeable. Forever. You, I and your grandmother can view this information anytime, anywhere, for free. And no one can alter it. Functionally it operates like email addresses and messages do, except these messages are public for everyone to see, including who and when a transaction was sent.

Continued:

58 Although the conspirators caused transactions to be conducted in a variety of currencies, including U.S. dollars, they principally used bitcoin when purchasing servers, registering domains, and otherwise making payments in furtherance of hacking activity. Many of these payments were processed by companies located in the United States that provided payment processing services to hosting companies, domain registrars, and other vendors both international and domestic. The use of bitcoin allowed the Conspirators to avoid direct relationships with traditional financial institutions, allowing them to evade greater scrutiny of their identities and source of funds. 59 All bitcoin transactions are added to a public ledger called the Blockchain, but the Blockchain identifies the parties to each transaction only by alpha-numeric identifiers known as bitcoin addresses. To further avoid creating a centralized paper trail of all of their purchases, the Conspirators purchased infrastructure using hundreds of different email accounts, in some cases using a new account for each purchase. The Conspirators used fictitious names and addresses in order to obscure their identities and their links to Russia and the Russian government. For example, the dcleaks.com domain was registered and paid for using the fictitious name “Carrie Feehan” and an address in New York. In some cases, as part of the payment process, the Conspirators provided vendors with nonsensical addresses such as “usa Denver AZ” “gfhgh ghfhgfh fdgfdg WA” and “1 2 dwd District of Columbia” 60 The Conspirators used several dedicated email accounts to track basic bitcoin transaction information and to facilitate bitcoin payments to vendors. One of these dedicated accounts, registered with the username “gfadel47”, received hundreds of bitcoin payment requests from approximately 100 different email accounts. For example, on or about February 1, 2016, the gfade47 account received the instruction to “[p]lease send exactly 0.026043 bitcoin to” a certain thirty-four character bitcoin address. Shortly thereafter, a transaction matching those exact instructions was added to the Blockchain.

From this above example, we have the exact date and exact amount of bitcoin sent in the transaction. We can therefore, quite easily find this transaction on the blockchain.

And here’s where things start to get weirder…the indictment starts to claim the Russian government were mining bitcoin…

62 The Conspirators funded the purchase of computer infrastructure for their hacking activity in part by “mining “ bitcoin. Individuals and entities can mine bitcoin by allowing their computing power to used to verify and record payments on the bitcoin public ledger, a service for which they are rewarded with freshly-minted bitcoin. The pool of bitcoin generated from the GRU’s mining activity was used, for example, to pay a Romanian company to register the domain dcleaks.com through a payment processing company located in the United States.

TL:DR

So what kind of conclusions, speculations and extrapolations can we make from this mess of information.

The Russians are either ignorant of Bitcoin’s traceability feature. Or the hackers (possibly non-Russian) are deliberately leaving a false Bitcoin trail to make it look like it was Russian intelligence who carried out these hacks of the DNC. The Russians are ignorant of more private and untraceable cryptocurrencies, like Monero. Or they are lazy and just wanted to simplify things with Bitcoin, which is publicly traceable and has never claimed to be private.

5. See number 2 again.

6. The transaction example that was discovered to be associated with this indictment taints all the coins associated with this address. Both upstream (transactions that happened afterwards with the same coins) and downstream (transactions that happened prior to this example that led up to it). You can play and view this upstream and downstream flow of funds by clicking on the blue addresses in the link above.

7. Therefore, all coins associated with 1Gzmp3SbZdP1by8auwYnHofbtKRNZb1uF3 are potentially proceeds of money laundering by alleged Russian agents. It would be illegal for a cryptocurrency exchange to accept these coins and exchange them for cash. Especially if that exchange resides in the United States. Line 58 of the indictment indicates that some do reside in the United States and did process these transactions…so pray for Coinbase.

8. Though far fetched, 7. implies that if they in any way facilitated these transactions, cryptocurrency exchanges and services in the United States could be charged and fined for facilitating money laundering in the service of Russian hackers.

9. Ultimately what this indictment means for Bitcoin is that it highlights Bitcoin’s weak fungiblity. The history of a coins transactions can taint and make those funds undesirable to receive by merchants or exchanges. In the long term these funds may outright be black listed by fiat exchanges, and seized if received.

This has larger implications for the Cryptocurrency community, and paves the way for privacy focused cryptocurrencies, like Monero, to be considered for use by those who wish to keep their transaction history private and free of indictment or seizure after being sent.

10. If someone can conclusively prove that 1Gzmp3SbZdP1by8auwYnHofbtKRNZb1uF3 is not associated with Russian intelligence, then the indictment may fail in the court of public opinion, or even the actual court.

What would I like to see come from this discussion is as follows:

Blockchain analysis be done on the discovered transaction to determine if the narrative in the indictment can be verified or questioned further. I would specifically love it for CHAINALYSIS to take a crack at this, but other blockchain analysts are also encouraged to weigh in on this discovery. That the transactions mentioned in 45 a. be discovered as well in addition to the provided example and also be analyzed. This should be possible to discover with the information provided in the indictment, though it could take much more time. That if 45 a’s transaction is discovered, can it be related with the 1Gzmp transaction that has been discovered? Can the history of these transactions prove they are associated with Bitcoin mining activity, as claimed in the indictment on line 62. That the larger cryptocurrency community realize your funds may be safe, but they may also be traceable. You may also be at risk of inadvertently receiving blacklisted tainted coins without knowledge. Those coins then could be seized after the fact, once an exchange flags them as associated with Russian hackers. If exchanges start seizing “tainted” coins from users, what is the barometer used by exchanges to determine if a coin is tainted or taint free? How many transactions have to occur before a coin is clean and exchangeable for USD cash? 100? 1000? A million? For privacy and fungibility use Monero.

An update will be provided if the 45 a. transaction is discovered or new developments unfold. The content of this post was originally posted on reddit.com/r/monero and received a warm discussion. But upon discovery and publication of the 1Gzmp transaction, the discussion was locked and removed from the front page of /r/monero. The mods were contacted about this, and did not respond after being asked for an explanation…

Donation Addresses (don’t send me tainted coins):

Bitcoin: 32iYLdiz7HTX2fyFJTtsgkxqWpPv8yej2T

Monero: 46GVrnXK7qR4qRpwc5XMB7BhaXmjbwRFZ9WDibpxnc3ofyXub2QmZB156JvGguuTrbdjucaa4VEti5EAMKjhJFnpJaMU8jw

Btrash: its all tainted