A current or former Chainalysis employee has gone rogue and conducted an AMA on r/Bitcoin in which he disclosed sensitive information about the company’s blockchain forensics capabilities. The whistleblower then appears to have had a change of heart and deleted all their comments. Thankfully, the internet never forgets. The comments remain archived on Removeddit.com and they provide a fascinating insight into one of the most hated companies in crypto.
Chainalysis Has Its Dirty Secrets Aired in Public
As a company that works hand in glove with law enforcement, governments, defense contractors and other three-letter agencies, Chainalysis is secretive about the sauce that makes up its proprietary tech. The company was dismayed, therefore, to discover that an anonymous employee was conducting an ask me anything (AMA) on Reddit on June 24 without their permission. Users of r/Bitcoin proceeded to ask a series of probing questions about Chainalysis’ forensic capabilities, which the anon was only too happy to answer.
Twelve hours later, perhaps after sobering up, or after management tracked down the rogue employee and placed pressure on them, the comments were deleted, but an archived version remains. When asked about the company’s take on BTC mixing tools such as Coinjoin, Wasabi and Samourai Whirlpool, for instance, the anon began: “I personally love it. The company management hates it, of course. Things like that destroy the need for our/their software. It can make the software completely irrelevant.”
Simple Preventative Measures Can Make Blockchain Forensics Obsolete
Many cryptocurrency users feel that they are powerless to attain a reasonable measure of privacy in the face of such well-funded and well-equipped adversaries. As the Chainalysis anon’s AMA shows, however, forensics tools aren’t nearly as powerful as they’re made out to be, and simple obfuscation measures can thwart them. (Having recently spoken to a Chainalysis employee at a blockchain conference, in which a similar sentiment was expressed, news.Bitcoin.com can attest to this.) When quizzed about the ability of coin mixing and other privacy tools to make Chainalysis obsolete, the anon replied:
Even just privacy coins are more than anyone can handle right now, but throw in anonymization techniques, and forensic tracking utilities are done for. They might still have a niche purpose, but it will be small.
Commenting on Chainalysis’ most hated adversarial tool, the anon ventured that it was probably Wasabi, a privacy-oriented BTC wallet that used Coinjoin. While conceding that bitcoin mixers are “still bad” for forensics firms, the anon asserted that “Wassabi is enemy number one. There is no way to de-anonymize it, and I don’t see how the government can legally take Wassabi down, so it will probably persist. Put it this way, if everyone used Wassabi, Chainalysis would go out of business.”
While observing that “running your own node and electrum server is a great way to not get your IP tracked” by Chainalysis software, he countered that mobile wallets are bad for privacy. As for the five likeliest things to have your bitcoin transaction flagged as suspicious, the answer came: “Being stolen funds (like from a hacking type incident), coming from a dnm, coming from a mixer, coming from terrorist financing, and coming from ransomware payout addresses.”
An Unethical Company or an Innovative Startup Fighting the Bad Guys?
To say that Chainalysis and similar companies are controversial within the bitcoin space would be an understatement. On the one hand, their software can generate useful research reports into on-chain activities, including UTXOs, “hodler waves,” and lost coins. It can also be used to follow the flow of hacked funds from exchanges. But on the other hand, many people believe Chainalysis goes against the spirit of bitcoin, and that its software will be sold to despotic regimes who will use it to surveil and persecute cryptocurrency users, leading to a financial system that is even less inclusive than the one Bitcoin was designed to replace.
When quizzed on the most unethical thing Chainalysis has done, the anon responded: “1. Transparency. 2. Defeating the purpose of a system that was designed for anonymity, thereby reducing the interest and market for crypto. And pushing people into other crypto platforms, away from what we/they are able to track.”
“[Chainalysis] definitely think they are the good guys,” he commented. “They are definitely team government, which doesn’t sit right with me, personally. Self-righteous would be a good way to describe the attitude of some of them … Not a single person in the company has displayed any sort of concern over the ethics of our software except for one person being concerned that law enforcement would use our software and abuse their authority … He left.”
According to the anon, the government agencies using Chainalysis software include HSI, FBI and IRS (they “seem to have the most licenses, or are, at least, the most active in using our software, since their names come up constantly.”) In addition, “ATF, DEA, SEC, Secret Service, CIA (through In Q Tel), and most of the other federal law enforcement agencies are running the software. Only really large police departments are running the software (it isn’t cheap) like NYPD. I know some district attorney offices have software licenses too, but I don’t know which ones. Oh and RCMP uses the software too. And Europol. The national police (NCA) in the UK, as well.”
Other gems from the now deleted AMA include confirmation that Chainalysis runs its own Electrum nodes (at one point it was responsible for 10% of all BTC nodes) and discussion of whether Chainalysis creates dusting attacks for tracking purposes: “It has been discussed a few times, but no one has ever admitted to it. It doesn’t seem like there is much utility in it, because if the address exists on the blockchain, it can already be tracked. And if it doesn’t, a single payment to it will make it appear in the software, so no need for dusting. It wouldn’t improve IP tracking capabilities.”
Use Mixers and Monero for Privacy – Don’t Use Mobile Wallets
The anon also explained that Chainalysis keeps its “own database on entities in the crypto space are a known, or believed to be bad actors. Individual people aren’t exactly tracked.” As for cryptocurrency that has passed through a mixer, “Mixed funds are rated as high risk if the mixer is attributed (known about). Same level as dark net markets.” During the AMA, he recommended monero for privacy, but reiterated the need for caution for mobile wallets that don’t incorporate privacy measures.
Final privacy advice from the current or former Chainalysis employee went as follows: “I would say to avoid mobile wallets, look into Wasabi/Coinjoin and similar efforts, run a VPN/tor at all times, remember that everything you check out on the clear net is being logged by someone.” Shortly after typing those words, Reddit user “chainalysis1” deleted their account.
What are your thoughts on Chainalysis? Let us know in the comments section below.
Did you know you can verify any unconfirmed Bitcoin transaction with our Bitcoin Block Explorer tool? Simply complete a Bitcoin address search to view it on the blockchain. Plus, visit our Bitcoin Charts to see what’s happening in the industry.
Go to Source
Author: Kai Sedgwick