Cybersecurity: Crime and Espionage

The BTC-e Indictment: A Major Blow against Online Criminal Activity

By Nicholas Weaver
Thursday, July 27, 2017, 11:55 AM

Though it was little noticed outside the Bitcoin community, the arrest in Greece on a sealed U.S. indictment of Alexander Vinnik for allegedly running the BTC-e crypto-currency exchange is significant news, and may easily be on par with the Liberty Reserve takedown in 2013 in terms of disrupting criminal activity. The Department of Justice deserves a big round of applause.

BTC-e is a Bitcoin exchange founded in 2011 and purportedly located in Eastern Europe with the ownership and control heavily disguised. Despite (or as likely because of) its sketchy ownership and control, it is perhaps the longest lived Bitcoin exchange. Or rather, it was. It is currently “down for maintenance” and the alleged owner is in a Greek jail awaiting extradition to the United States.

Criminals, especially those in Eastern Europe, used BTC-e. Although BTC-e claimed to run a “Know Your Customer” program like Liberty Reserve, the Justice Department’s indictment accuses BTC-e of effectively faking it. Although just an accusation, it is about akin to accusing water of being wet. According to recent research, ransomware is currently a $1 million a month business and 95 percent of the payments end up processed through BTC-e.

The best short-term solution to ransomware probably lies in making it more difficult for the perpetrators to collect their payments—which shutting down BTC-e would do. We will know if the Department in Justice has been effective in doing so if the rate of ransomware attempts goes down over the next couple of months.

Other accusations in the indictment include that BTC-e got around an embargo on sending or receiving U.S. bank transfers by operating a series of “mule” accounts, accounts in other names used as intermediaries to disguise transfers. This potentially could make BTC-e accessible to U.S. customers despite the embargo. I suspect there will be more arrests and indictments here as many of the details of this part of the indictment are still redacted in the publicly released version.

There are also details hinting that the FBI obtained access to the data on BTC-e’s back-end server infrastructure as far back as January, when the indictment was filed. The document provides details on the ownership and control over specific BTC-e administrator accounts, which law enforcement likely would have needed access to BTC-e’s internal systems to obtain. This, combined with the recent takedowns of the dark web marketplaces AlphaBay and Hansa, should worry a lot of online drug dealers.

Although I suspect that the greater difficulty of dealing with transfers to the U.S. may have somewhat limited BTC-e’s usage, I’d still bet that numerous drug dealers thought the “anonymity” of Bitcoin and BTC-e protected them. Combining the AlphaBay, Hansa, and BTC-e’s datasets will enable law enforcement to track the payments of dealers who used BTC-e to turn their drug money back into cash.

Finally, although unimportant outside the Bitcoin community, a lot of the actual charges concern money laundering on Vinnik’s part. Unlike other crypto-currency exchanges—notably including MtGox, which went bankrupt after over 850,000 Bitcoins vanished from its custody—there has been no known major Bitcoin theft from BTC-e. As the joke goes, “Why hasn’t BTC-e suffered a major theft? Because the crooks need to cash out someplace.” According to both the Department of Justice and independent analysis, the connection was actually more fundamental: Vinnik himself was a participant in the MtGox theft.

19 of the 21 charges against Vinnik don’t actually involve running BTC-e but instead concern Vinnik’s alleged attempts to launder the proceeds of the Mt Gox theft by transferring the Bitcoin to his account on Tradehill, a (now defunct) Bitcoin exchange headquartered in California and which therefore followed U.S. laws. My favorite has to be count 12, involving the laundering of a princely sum of $12.60 through Vinnik’s Tradehill account. The headline may be “up to 20 years” on each offense, but the Justice Department will likely use each additional charge to add a few months to a year onto Viddick’s sentence—which seems trivial until you remember there are 19 such counts.

Since Tradehill was located in California, this gives a strong California nexus for all these charges, which is very important. BTC-e may be a global criminal enterprise, but the U.S. Attorney has to prove that each crime has a tie to the district where the prosecution takes place. With MtGox located in Japan and BTC-e in Eastern Europe, only Tradehill’s involvement gives the United States jurisdiction to prosecute for the theft.

It also is remarkably easy to prove. The “Blockchain is forever,” as the saying goes—which makes a criminal’s Bitcoin mistakes forever as well. Since it is now straightforward to identify the chain of custody as Bitcoin transfers were stolen from stolen from MtGox, then moved to a wallet belonging to Vinnik on TradeHill, these charges will be much easier to prove and won’t require decoding a maze of shell companies and Eastern European financial transactions.

We should know in a couple of months if this proves effective at disrupting criminal use of bitcoin. But I believe that this, in the long run, will probably prove more important than the AlphaBay and Hansa takedowns.

Criminals can replace a dark market by just spinning up a new hidden service. It is far harder for criminals to replace a key corrupt financial institution.