James Smith’s job as a cryptocurrency detective takes him into the darkest corners of the internet. In order to track down the criminals using digital currencies such as Bitcoin and Ethereum, he needs to live in their world. His team, he says, participates in “every criminal service we can find”. This includes “drug marketplaces or firearm vendors”.
Smith has an unusual job, to say the least, and one that did not exist until a few years ago. He is one of three British entrepreneurs who started Elliptic, an investigations firm with the fiendishly-difficult mission of tracing the real owners of cryptocurrency on behalf of banks, crypto exchanges and governments.
Elliptic is trying to solve a big problem in the secretive world of cryptocurrency. As crypto goes mainstream, and becomes an increasingly legitimate financial tool used by banks and exchanges, there is an onus on these big institutions to prove they are not inadvertently being used to fund crime or terrorism.
When Elliptic started in 2013, they were the first doing crypto forensics, says Smith. But he estimates there are now around eight other companies seriously competing in this emerging industry. This week, a New York-based startup in the same line of business, Chainalysis, announced a $30m funding round and plans to open a London office.
But all of these companies are tackling the same issue. How do you actually connect real-world entities to Bitcoins— which are built to be anonymous?
Undercover investigations
The flow of cryptocurrency is hard to track, by design.
Take Bitcoin as one example. While the “metadata” of all transactions — like time, date, transaction value and receiving Bitcoin address — are recorded on a public “blockchain ledger” for anyone to see, there is no recorded data which directly identifies the parties involved.
Anyone can anonymously generate a Bitcoin address for coins to be sent to. These addresses are exclusively used to receive funds in a transaction, and there is no mark of where they are sent from. What’s more, standard practice is to generate a new Bitcoin address to receive funds for every new transaction.
Our team spends a large part of their time on the dark web
What this all boils down to is that public blockchain data shows only the flow of funds — the “chain” across which money moves — and does not contain information on who is sending or receiving money. How, then, do startups like Elliptic do their jobs?
Elliptic starts with this transaction data, looking for patterns which suggest addresses are all owned by the same person. This builds up a web with clusters of addresses belonging to one person or company.
The missing link is the most crucial and most precarious part of the research: relating this web to real-world entities in order to identify the markers of criminal activity. The aim is to be able to classify future transactions as risky or not, on the basis of the data already collected.
“The big important step is to find information that says who owns the cluster of addresses,” says Smith. “That data acquisition step — finding metadata that allows you to learn real-world facts about blockchain activity — is a big part of what we do.”
This is where Elliptic’s team goes undercover. Their team of internet sleuths themselves engage in crypto services and explore illegal marketplaces to find clues that will tie these services to particular addresses or particular blockchain activity.
For example, opening an account in Coinbase — an online platform for people to buy, sell and store cryptocurrencies — provides a few data points which can help classify blockchain activity as Coinbase transactions, which are perfectly legal currency swaps.
The big important step is to find information that says who owns the cluster of addresses.
Identifying safe transactions is not the majority of the work, though. The more valuable data comes from interactions in illegal marketplaces on the dark web.
“Our team spends a large part of their time on the dark web finding out about new services, whether it is drug marketplaces or firearms vendors, and looking for ways that we can identify them,” he says.
A vendor on a drug marketplace might provide a Bitcoin address for prospective buyers to send money to, which can then be used to classify a whole cluster of addresses.
Does it really work?
According to Smith, it is rare that Elliptic’s product won’t be able to tell a client any information about a particular address.
As it stands, the company says it has identified the “real world entities” behind 25% of all Bitcoin addresses. Even for an unidentified address, its position and connections in the overall web can still provide clients with useful intelligence.
But for many in the industry, the trouble is that — while some information is clearly better than none — this kind of forensic work will only ever be able to provide a partial picture.
Chain analytics is nowhere near a magic bullet.
Matthew Pollard is the co-founder and chief financial officer of Archax, an exchange for digital assets. He describes crypto forensics as a “black book” of criminal addresses, which has value but inevitably has its limits.
“Chain analytics is very useful because it allows you to track all the activity associated with an address,” he says. But, he says that no one is quite sure how much historic transaction flow will be sufficient to prove that a transaction is not connected to criminal activity.
He also says that at the moment it is unclear exactly what the regulators think about this kind of work.
“One challenge on the horizon is when Europe’s Fifth Anti-money Laundering Directive comes in and regulators start to really get involved in this. How many steps back will crypto exchanges have to do for the regulators to be happy that the Bitcoin is sufficiently clean? No one knows the answer to that and it is quite a hot topic. Chain analytics is nowhere near a magic bullet.”
Pollard believes that, as financial institutions become more invested in crypto assets, they will have to combine chain analytics with traditional anti-money laundering techniques — which require formal identification and background checks for all participants. The two methods will then combine into a “risk matrix” for compliance teams to evaluate.
Cat and mouse game
Aside from concerns over the lack of regulatory clarity, the Elliptic team is also engaged in a cat-and-mouse game with sophisticated criminals.
Common techniques to evade detection include using “tumbler” services, which allow criminals to mix their own crypto tokens with other people’s, and "hopping": exchanging one cryptocurrency into a different cryptocurrency for each transaction, to break the links in the transaction history.
Smith says: “It’s an interesting cat and mouse game; criminals are continually innovating and we are continually improving our analysis of the data.” Nonetheless, Smith believes that the crypto detectives ultimately have the advantage since their data resource is always available, and growing. Once Elliptic advances its own techniques, it will be able to go back and apply them to historical transaction data, since it always available on public blockchains, he says.
The right side of the law
As a business model, engaging in drug marketplaces on the dark web is unusually risky, even if the intentions and results are ultimately for crime-fighting.
To mitigate their own risks, Elliptic has worked with a barrister from its earliest days to ensure it is always on the right side of the law.
Sanctioned activities include opening an account in an illegal marketplace, and buying legal items like “how-to guides”, rather than illegal substances. Opening an account, depositing money and withdrawing money are also safe activities.
“We can’t go and buy drugs and have them shipped to our office,” says Smith. “But it is not inherently illegal to have an account there.”
Over the years, Elliptic has worked closely with regulators and law enforcement to refine its legal stance and open up more opportunities to “get deeper” into criminal activities.
We can’t go and buy drugs and have them shipped to our office.
Staying on the right side of the law is not only about protecting themselves. Elliptic wants to ensure that its data could be used in legal cases and also will satisfy any clients doing due diligence on crypto services’ anti-money laundering processes.
“We made a clear decision on day zero that we wanted any evidence we collect to always be able to stand up in court or under heavy client-prodding as legally gained,” says Smith. “As a result, we were conservative with our activities to start with, but have been able to refine that and gather more information since then.”
Fighting for the future
Elliptic is far from the only player in this emerging industry.
Chainalysis, which this week announced its plans to open its European base in London, follows a similar research method, deriving intelligence first-hand from dark web interactions as well as other sources to try and trace illicit cryptocurrency actions.
Michael Gronager, co-founder and chief executive, explains: “A significant understanding of illicit activity over time also requires additional context. We maintain a comprehensive open source intelligence data, gathered from over a thousand clear and dark web sources.”
Crypto will not achieve mainstream adoption if it is not understood.
Both Elliptic and Chainalysis see their work as part of a larger project not only to safeguard crypto activity but to encourage adoption of open financial networks.
Philip Gradwell, the chief economist at Chainalysis, sees the company's role as two-fold: an infrastructure provider, offering software to ensure transactions are safe, and also an educator.
“Crypto will not achieve mainstream adoption if it is not understood, and it will only be understood if there is data on what is going on on the blockchain,” he says.
The startup has chosen London as its base for research and development in order to leverage the multi-disciplinary expertise from the UK’s strong university research sector and London’s fintech community.
Gradwell believes that the recent fundraising, and the European expansion, is an important step in promoting greater understanding of blockchain and cryptocurrency.
Elliptic also aims to enable more innovation — from established banks but also from “coders in their bedroom” using the open blockchains.
“Our initial focus was how to help crypto businesses protect themselves from criminal activity,” says Smith. “From there it broadened out to helping grow the industry by mitigating risk and helping everybody who wants to get involved to feel safe while they are doing it.”
