Cryptocurrency Limitations For Financial Crimes. There are possible reasons for the current limited use of cryptocurrencies in the world of financial crime, including areas of financial crime such as money laundering and terrorist financing. To do this, we will look at six dimensions of currencies limiting their use. These dimensions are anonymity, usability, security, acceptance, reliability, and volume.
Cryptocurrency Limitations For Financial Crimes
The anonymity of a cryptocurrency depends on many factors, including operational and technical factors. To understand this, let’s recall that cryptocurrencies are, from a technical perspective, not owned by people or institutions. Instead, cryptocurrencies are controlled by whoever has cryptographic private keys.
For example, if the owner of a key gives the private key to another person, the new person could spend the money, but so could the first person if they kept a copy of the keys. The owner of a key can be identified only by the corresponding public key. For this reason, Bitcoin is frequently called pseudonymous because the keys mask identities, which is somewhat misleading. The key owner could be well known if they publish their public key to allow others to send them money, and even if not, they could be identified.
For example, if someone used a single public-private key pair for all of their transactions, which is known as key reuse, it would be relatively easy for an observer to discover their identity. The first transaction on the blockchain is tied to the person’s real-world identity, which means that the second transaction is as well. After all, the blocks always link to the predecessor, which would be an operational failure for anonymity. Even without any key reuse between transactions, it is possible to find users who control multiple accounts because the outputs are used together for a single purchase.
In addition, many other threats to cryptocurrency anonymity can potentially identify users, including temporal data, off-network information, IP address data, and other side channels. There has been much work on deanonymization using various methods, and even transactions that are not yet able to be deanonymized are plausibly susceptible, given future capabilities.
Users can mitigate some of these technical threats to anonymity by using techniques built into some newer cryptocurrency applications or by taking steps to use cryptocurrencies more anonymously, such as using a coin mixer to hide ownership or obfuscating IP addresses. However, defending against all threats requires significant technical knowledge and consistently following best practices.
Additionally, many potential operational methods of evading detection, like using TOR to hide IP addresses when using cryptocurrencies, have flaws. It is difficult for users to know when they have been successful at evading deanonymization and detection. For this reason, cryptocurrencies are not trustworthy in the face of technically sophisticated adversaries. Even with a cryptocurrency that is more effectively anonymous than cryptocurrencies such as Bitcoin, there are no guarantees that anonymity will stand up to law enforcement’s efforts to attack it.
Non-Bitcoin cryptocurrencies incorporate a variety of mechanisms to boost their anonymity by obfuscating transactions. Dash, for example, employs mixing by default. Coins, as such, employ a variety of other methods for masking ownership, such as standard denominations to hide transaction amounts. Despite this, other avenues of deanonymization exist. The cryptonote protocol, for example, uses a cryptographic technique called ring signatures that enables pseudonym reuse while making it more difficult to associate it with a user spending money.
This approach masks which public key was used for a transaction, making the blockchain a less public ledger. Modifications of this concept have been implemented, allowing transaction amounts to be obfuscated. Monero, the largest of these currencies, bills itself as “Secure, Private, and Untraceable” and has begun to gain adoption in online darknet markets for drugs. IP masking, incorporated into Monero, is another technique to boost anonymity.
Monero is only the latest in a series of purportedly anonymous cryptocurrencies that seem poised to gain significant market share; others are Dash, BlackCoin, ShadowCash, and Zcash. Each has adherents, but none has found the widespread adoption of Bitcoin, Ethereum, and other legal and less anonymous currencies. Widespread adoption, in turn, comes with more acceptance and greater volume.
Secondly, there is the issue of usability. Like many emerging technologies, cryptocurrencies are difficult for newcomers to use. Once a new user has broken through the initial knowledge challenges, the user will most likely find himself using wallets for managing the cryptocurrency. However, such easy-to-use online wallets that manage funds for the user are problematic for covert use because the service can both see details of what is being done and freeze funds. You can imagine these wallets as similar to banks in that they are subject to anti-money laundering regulations.
Methods of anonymously managing cryptocurrency require somewhat more technical sophistication. Still, general trends indicate that the technical sophistication of both users and the public is increasing, while cryptocurrency developers are increasing usability and working on making these systems more secure. For example, there is a quite infamous book on using Bitcoin anonymously that is relatively user-friendly for technically adept people. On the other hand, the use of techniques that allow anonymity might, paradoxically, function as a red flag for law enforcement monitoring the use of these currencies. Additionally, even sophisticated techniques will not necessarily provide anonymity in the face of a sophisticated opponent.
Closely related to Usability is Security. Security is a critical need for any user of a monetary system, and cryptocurrencies have many potential weaknesses that traditional currencies do not share. For example, many formerly centrally run cryptocurrency exchanges, which allowed users to create online wallets easily, have been compromised. These compromises – both insider-driven and external – led to well-publicized losses of user funds. This type of loss is far from unknown in traditional banking, but the procedures for handling it make these losses unlikely to affect depositors.
The alternative to such centrally run systems is user-controlled wallets. The use of such wallets requires the user to secure the system. Hardware wallets, which allow users to store currencies in a dedicated device, are susceptible to various attacks ranging from highly technical thefts to simple theft. On the other hand, the use of software wallets requires the user to secure the system being used to store them. Compromising the computer system could easily lead to a complete loss of funds.
Even in 2011, so relatively early in the history of cryptocurrencies, some computer viruses were found that stole Bitcoin. Most users cannot entirely secure a computer or smartphone holding cryptocurrency, and in other domains, even well-protected, fully offline systems have been hacked by sophisticated adversaries.
In addition to hacking, there is a possibility of protocol-level vulnerabilities. It could be exploited if there is a flaw in the software or in the logic of how the system works. Even if the code is secure, the standard assumption in cryptography is that systems and algorithms become less secure over time as flaws and attacks against the system are found. It is very likely and quite real that this also applies to all sorts of cryptocurrencies.
As alternative cryptocurrencies become more widespread, attract academic interest, and become valuable enough for attackers to want to steal, they are likely to experience the same attacks waged against Bitcoin in the early days. For example, the ring signature schemes used in some cryptocurrencies have been found to provide no anonymity, leaving the systems vulnerable to attack.
It is unclear how difficult it will be to use these currencies securely in the future. I expect security concerns will decrease over time if no such breaches occur. Nonetheless, the criminal organizations still might not trust these systems, mainly because they are primarily designed and maintained by people working in Western countries. Many of the world’s largest criminal organizations, including large-scale money launderers and terrorist groups, are not.
In addition, one must keep in mind the acceptance of cryptocurrencies. The limited reach of cryptocurrencies at present is a significant challenge, especially in the regions where criminal organizations operate, which applies to terrorist organizations and large-scale money launderers. For example, despite the large network of Bitcoin-accepting vendors and services, there are few Bitcoin ATMs in the Middle East and outside Israel.
The future trajectory of these currency technologies is uncertain, but if and when consumer use increases worldwide, it will be used by criminals such as terrorists, for example. However, in general, the conditions needed to allow terrorist groups, for example, to establish themselves and flourish, such as failed states and lack of government oversight, might make the technological infrastructure needed for cryptocurrencies infeasible.
Next, let’s talk about reliability. The newness and instability of cryptocurrency might create concerns about reliability. Bitcoin’s price instability is an obvious example. Still, additional reliability issues exist significantly if support for the currency declines and could lead to developers abandoning a project or a lack of commercial support by exchanges. Most cryptocurrencies that have been launched are abandoned or shut down because of neglect, scams, or attacks.
These problems are less severe for short-term uses, which cover many potentials uses by criminals. The stability of a cryptocurrency system depends on typical market risks and the continuing involvement of developers, the interest of miners, and the ecosystem of applications that support the currency. For this reason, it is unclear how many of the newer cryptocurrencies will last. These factors matter primarily in the medium-to-long term, not in the short term when money would quickly be transferred in and out of such a currency.
Last but not least, there is the issue of volume. Transaction volume is a critical limitation of cryptocurrency use for many criminal organizations, especially medium-to-large scale money launderers and some of the bigger terrorist organizations. Many cryptocurrencies have a too low market volume compared to what many criminals would require. The low market volume makes the prices more sensitive to transactions and makes the transfer of large amounts of money expensive. Essentially, this is due to the most basic supply and demand equation, which is a particularly critical concern for smaller and newer cryptocurrencies and concerns about the security and reliability of any new system.
The other critical problem with low volume is the traceability of transactions. This problem manifests in two ways.
- First, large transactions impact price, and increased demand is visible, making the transaction less anonymous.
- Secondly, a public ledger with robust technical anonymity cannot mask the fact that large volumes or high-value single transactions appear. Because transactions are posted publicly for all to see, including law enforcement, changes in average volume are easy to detect. Thus, a sudden spike in volume is enough to attract attention.
Each crypto asset system or exchange may contain vulnerabilities that can be exploited. Many acts of money laundering, for example, are made possible by the relative anonymity of cryptocurrency transactions or security flaws in some of the systems used to facilitate those transactions.
In essence, unlike banks, which have a distinct and heavily regulated global system of legal protections and obligations, the crypto asset market is not as universally protected or regulated. While many businesses and jurisdictions work hard to ensure the safety and security of their territories, not all jurisdictions can say the same.