Blockchain analytics firm Chainalysis recently hosted the “Chain analysis linksconference with a variety of speakers, from former members of MI6, police forces, financial institutions and the UK Treasury to internal Chainalysis speakers and moderators.
The conference didn’t provide many details about Chainalysis’ products or methods for monitoring activity on blockchains like Bitcoin’s, but it did offer a high-level overview of the background, uses, and value. potential future of its various services and products, giving Bitcoiners a glimpse. in those who look at them.
As part of its business, Chainalysis provides market data on some insightful metrics measuring Bitcoin activity. This included information about cryptocurrencies hacksinformation on the use of bitcoin for child pornography, bitcoin adoption metrics, and its uses in criminal activity.
Another service offered by Chainalysis helps companies comply with government recommendations through a service that performs real-time analysis of blockchains.
A third area is transaction tracking and investigation, with a tool called KYT and a tool called Reactor, both of which are used for investigations on Bitcoin and other blockchains.
In case you were wondering what these platforms look like, here are some screens from the public website:
Moving on to the Chainalysis business, he recently purchased and put bitcoin on his balance sheet. But like Bitcoin Magazine‘s Namcios wrote, “the company doesn’t align very well with the true ethos of Bitcoin because its business model is based on monitoringallowing its customers to obtain information about bitcoin transactions for the purpose of discrimination.
Customer Definitions and Considerations
Given Chainalysis’s lines of business and its ability to disrupt the pseudonym that Bitcoin is supposed to provide, I went to the conference with questions in three main areas:
- What is Chainalysis’ definition of “crime”? Within the crime, how does he define categories such as terrorism, illegal products and subversion of democracy?
- What customers does it sell its investigation platform to, and who will it not sell to or work with?
- How do their products work in detail?
Regarding the first question, an answer given to a chat question during the conference indicated that the role of Chainalysis is to produce a tool for use in investigations. The company is not a law enforcement agency.
Second, when asked if Chanalysis had any criteria for which entities it would not sell its products to, she replied that the criteria was “generally” whether or not the country or other customer was sanctioned.
I contacted Chainalysis for a confirmation statement regarding these conference chat responses, but did not hear back.
During the conference, different people discussed use cases of the KYT and Reactor investigation platforms. These included:
- MI6 investigations into those suspected of sabotaging democracy or child abuse
- A specific British investigation around firearms bought on the darknet
- An investigation into stolen cryptocurrency laundered through the use of a debit card
The conference did not go into specific details or under the hood of the products.
But the use cases above raise questions about the use of Chainalysis tools and tactics in the hands of “bad actors”, where the target of the investigation could very well be seen as the “good guy”. To reflect the use cases shown with more complicated naughty/nice scenarios:
- What if the investigator is a dictator and the target is someone who opposes that dictator?
- What if this is an investigation by a dictator or authoritarian regime purging or rounding up minorities, and they seek to defend themselves by purchasing weapons or other prohibited security mechanisms?
- What if the wrong country or ruler uses financial tracking against an oppressed person or group of people to determine where and what they buy?
All of these cases can also occur for smaller entities, such as an organization or an individual.
Can Chainalysis be hacked?
One of the main tactics used by Chainalysis is tracking ransomware payments and money movements. Below is a Chainalysis Reactor graph showing the money laundering process for five of Evil Corp’s ransomware strains (yes, that’s the name of the listed company).
(According to the image above, you can also see information about how the Colonial Pipeline ransomware payment was tracked.)
If Chainalysis tools are sometimes used to hunt down money from ransomware companies, these companies may be motivated to attack the platform. If you think about all the information that is aggregated for subjectively good or bad purposes, what if Chainalysis gets hacked?
In this case, the information he obtains could be redeemed. It would affect everybody privacy.
On-chain analysis products, dust usage and behavioral alerts
One of the questions that has arisen around Chainalysis is whether its products use Bitcoin dust (microscopic transactions below the minimum limit) to correlate recipient addresses. Jameson Lopp wrote recently that he believes Chainalysis does not use dust in this way, partly based on his statement below and the cost benefits, by a CoinDesk item:
“CoinDesk has contacted Chainalysis and CipherTrace to ask if they use dust in their analytics. Both companies denied using the technique, although Chainalysis investigation manager Justin Maile added that dusting is “more often [used] by investigators to trace illicit funds. Maile continued that exchanges can use dusting to trace funds stolen from a hack.
Chainalysis also offers webinars on its “Behavioral Alerts” service and how to set them up.
In the webinar, the presenter noted that most illicit actors are aware of standard behavioral alerts and trade with thresholds and time frames to avoid these alerts.
But how many typical blockchain users know which rules will put them on the alert list?
There seems to be a non-zero possibility that good or benign actors are caught in this analysis. Colin Harper has written about this issue (with respect to mixing specifically) in a previous Bitcoin Magazine article, “Bitcoin Mixing Case at Center of Transaction Privacy Fight”:
“Honest, privacy-conscious Bitcoin users should have nothing to worry about legally, as long as they have nothing to hide,” said Jesse Spiro, chief policy officer at Chainalysis. Bitcoin Magazine… But Spiro’s comment betrays the consequence of this surveillance: honest users can be caught in the crossfire.
Future Directions: Automating Flags and False Positives
If you’ve ever encountered a malfunctioning vending machine with a positive result, you’ve encountered the benefit of an error and the automation of that error – the machine continues to dispense snacks for free. (Yeah, I know Bitcoiners don’t eat that stuff).
As another example, anyone with a credit card has seen the number of fraud false positives. When you automate anything, if the methodology is flawed, then you can automate mistakes at a better and faster rate.
To make the platform more efficient and able to handle more small cases, many sessions talked about automating data analysis and reporting issues.
For false positives with a bank or credit card, the problem is a minor inconvenience. However, being falsely reported for nefarious activity within other systems can put you under the wheels of that system and it can be difficult to prove your innocence and get away with it. The systems mentioned included organizations such as the US Internal Revenue Service, police and international crime units, and banking systems around the world.
It was noted at the conference that data from more data systems will be collected, aggregated, and otherwise used within the Chainalysis platform. It remains to be seen what this will mean to generate false positives around what the platform considers to be “criminal” activity using platforms like Bitcoin.
Chainalysis, privacy and censorship resistance
This is at the heart of the concern around the Chainalysis tools and its ability to do financial monitoring.
Chainalysis provides helpful metrics that counter false narratives. These include data on how much cryptocurrency is actually used for “criminal” activities and data on cryptocurrency adoption by country and demographics.
However, the Chainalysis investigative analysis tools that are used against what most would consider “bad actors” can also be easily used against anyone. Its tools could also be used to remove rights and freedoms when certain laws or arbitrary laws do not allow these rights and freedoms.
As global entropy increases, the greater good would be served if Chainalysis were to develop protocols regarding who it will sell its products to and what its definition of “crime” is to reduce the likelihood of them causing harm unintentionally.
Chain analysis can allow others to monitor blockchains for nefarious actors. But privacy experts and the Bitcoin plebs should also watch and watch Chainalysis for equally bad actors and actions.
This is a guest post by Heidi Porter. The opinions expressed are entirely their own and do not necessarily reflect those of BTC Inc or Bitcoin Magazine.