The Crypto Launderers E-Book

Table of Contents

Cover

Table of Contents

Title Page

Copyright

Dedication

Foreword

Timeline of Key Events

Prologue

Chapter 1: The Dark Web: The Origins of Crypto Laundering

The Birth of Bitcoin and the Rise of the Silk Road

The Feds Follow the Trail on the Blockchain

The Feds Sell the Silk Road Bitcoins

The Paradox of Crypto Crime

Notes

Chapter 2: Black Holes: The Rise of the Rogue Exchange

The Mt. Gox Bitcoins Go Missing

FinCEN Lays Down the Law

The Rise and Fall of BTC‐e

Notes

Chapter 3: Mixers: Covering Up Their Tracks

The Myth of Bitcoin's Anonymity

Helix and the Rise of the Industrial‐Scale Mixer

Busting the Mixers

Wasabi Wallet: The CoinJoin Alternative

The Privacy Conundrum

Notes

Chapter 4: Privacy Coins: Going Underground

The Rise of the Blockchain Analytics Industry

The Birth of Privacy Coins

Law Enforcement's Worst Nightmare

More Than Meets the Eye

Notes

Chapter 5: Bitcoin ATMs: Crypto Hits the Streets

Bridging the Cash and Crypto Underworlds

The Law Steps In

Notes

Chapter 6: Ransomware: Cybercrime Goes Industrial

Bitcoin Transforms the Ransomware Ecosystem

OFAC Enters the Crypto Space

The Rise of Ransomware‐as‐a‐Service and Big Game Hunting

The FATF Responds and Sparks Debate

Wielding the Sanctions Hammer

Notes

Chapter 7: Hacked: Crypto Exchange Heists

Exchanges: Low‐Hanging Fruit for Hackers

North Korea's Crypto Billions

The Blockchain Leads to Dutch and Razzlekhan

Notes

Chapter 8: DeFi: Tornadoes, Bridges, and the Frontiers of Regulation

The Birth of Ethereum

The Rise of DeFi Laundering

Hacking DeFi

The Regulators Come for DeFi

FTX and the DeFi Maze

Notes

Chapter 9: NFTs: Virtual Art, Virtual Crime

Enter NFTs

Frauds and Scams Galore

Shining a Light on NFT Crime

Notes

Chapter 10: Brave New World: The Metaverse, Web 3.0, and the Battle for the Future of Finance

The Metaverse and Web 3.0

The Future of Crypto Crime

Notes

Afterword: How Much Crime in Crypto?

Notes

Acknowledgements

Glossary

List of Figures

Bibliography

Notes

Index

End User License Agreement

List of Illustrations

Chapter 1

Figure 1.1 Bitcoin payments Ross Ulbricht made to Carl Force, depicted in th...

Chapter 2

Figure 2.1 Bitcoin transfers Shaun Bridges made to Mt. Gox, depicted in the ...

Chapter 3

Figure 3.1 Example of an unspent transaction output (UTXO) in a Bitcoin tran...

Figure 3.2 Example of UTXOs used to generate a new Bitcoin transaction.

Figure 3.3 The Helix mixing service as it was advertised to users of the dar...

Chapter 4

Figure 4.1 An image of the Al Sadaqah fundraising campaign.

Chapter 5

Figure 5.1 A Bitcoin ATM the US government seized in the Herocoin case.

Chapter 6

Figure 6.1 Image of the WannaCry ransomware message.

Chapter 7

Figure 7.1 Example of a peeling chain process, as illustrated in the crimina...

Chapter 8

Figure 8.1 The Lazarus Group's entry on the OFAC SDN List, showing the group...

Chapter 9

Figure 9.1 Image from the Baller Ape Yacht Club NFT collection, which the US...

Chapter 10

Figure 10.1 The avatar of a law enforcement agent at the virtual INTERPOL he...

Figure 10.2 Law enforcement agents train with INTERPOL in an immersive metav...

Guide

Cover Page

Title Page

Copyright

Dedication

Foreword

Timeline of Key Events

Prologue

Table of Contents

Begin Reading

Afterword: How Much Crime in Crypto?

Acknowledgements

Glossary

List of Figures

Bibliography

Notes

Index

Wiley End User License Agreement

Pages

iii

iv

v

ix

x

xi

xii

xiii

xiv

xv

xvi

xvii

xviii

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

249

250

251

252

253

254

255

256

257

258

259

260

261

262

263

264

265

The Crypto Launderers

Crime and Cryptocurrencies from the Dark Web to DeFi and Beyond

This edition first published 2024

© 2024 John Wiley & Sons, Ltd

All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise, except as permitted by law. Advice on how to obtain permission to reuse material from this title is available at http://www.wiley.com/go/permissions.

The right of David Carlisle to be identified as the author of this work has been asserted in accordance with law.

Registered Office(s)

John Wiley & Sons Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, USA

Editorial Office

The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, UK

For details of our global editorial offices, customer services, and more information about Wiley products visit us at www.wiley.com.

Wiley also publishes its books in a variety of electronic formats and by print‐on‐demand. Some content that appears in standard print versions of this book may not be available in other formats. Designations used by companies to distinguish their products are often claimed as trademarks. All brand names and product names used in this book are trade names, service marks, trademarks or registered trademarks of their respective owners. The publisher is not associated with any product or vendor mentioned in this book.

Limit of Liability/Disclaimer of Warranty

While the publisher and authors have used their best efforts in preparing this work, they make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives, written sales materials or promotional statements for this work. The fact that an organization, website, or product is referred to in this work as a citation and/or potential source of further information does not mean that the publisher and authors endorse the information or services the organization, website, or product may provide or recommendations it may make. This work is sold with the understanding that the publisher is not engaged in rendering professional services. The advice and strategies contained herein may not be suitable for your situation. You should consult with a specialist where appropriate. Further, readers should be aware that websites listed in this work may have changed or disappeared between when this work was written and when it is read. Neither the publisher nor authors shall be liable for any loss of profit or any other commercial damages, including but not limited to special, incidental, consequential, or other damages.

Library of Congress Cataloging‐in‐Publication Data:

Names: Carlisle, David (Financial crime consultant), author.

Title: The crypto launderers : crime and cryptocurrencies from the Dark Web to DeFi and beyond / David Carlisle.

Description: Hoboken, NJ : Wiley, 2024. | Includes index.

Identifiers: LCCN 2023040107 (print) | LCCN 2023040108 (ebook) | ISBN 9781394203192 (cloth) | ISBN 9781394203208 (adobe pdf) | ISBN 9781394203215 (epub)

Subjects: LCSH: Cryptocurrencies. | Commercial crimes.

Classification: LCC HG1710.3 .C465 2024 (print) | LCC HG1710.3 (ebook) | DDC 363.25/968—dc23/eng/20231026

LC record available at https://lccn.loc.gov/2023040107

LC ebook record available at https://lccn.loc.gov/2023040108

Cover Design: Wiley

Cover Image: © Oleksandra Klestova/iStock

Author Photo: Nina Assam

To Juliette and Aoife

Foreword

Money laundering and fraud have threatened our financial systems for thousands of years. Many cite the first recorded instance of financial crime taking place in 300 BC, when a Greek merchant, Hegestratos, took out a large insurance policy on a ship full of grain. Hegestratos proceeded to sink his (empty) ship, keeping both the insurance money and the grain. What is remarkable about this story is that much of the fraud we see taking place today is so similar to what took place over 2,000 years ago.

But what happens to that financial crime when an entirely new form of digital money is introduced, one whose movements are recorded transparently and immutably on a blockchain for all to see? Does the traceability of cryptocurrencies spell the end of money laundering as we know it? Or do the borderless and pseudonymous characteristics of Bitcoin and other cryptocurrencies mean that financial crime will find a place to thrive? These are just some of the important questions that David Carlisle answers for us as he explores the fascinating, and at times unbelievable, history of crypto money laundering in his book, The Crypto Launderers.

David has been a committed student of financial crime in cryptocurrencies for a decade, almost as long as cryptocurrencies have existed (Satoshi Nakamoto published the Bitcoin White Paper in 2008). Now turned teacher, David has been educating those of us working in the crypto industry and in the anti‐financial crime community on the technologies that enable cryptocurrencies to work and what those innovations mean for how we must fight financial crime in this new world. Crucially, he has been responsible for regularly bringing us together to collaborate on this important topic.

When David authored the world's first guide to the most common typologies in crypto financial crime, which we published at Elliptic in 2018, we were immediately struck by the strong appetite for knowledge about this emerging topic – for a common language to unify our response, and for a collaborative dialogue to align us. The Elliptic Typologies Report, which David continues to update annually, is cited by many of our clients as their “bible,” and continues to be the definitive reference guide to identifying and understanding the financial crime risk landscape for cryptoassets. David's pioneering thought leadership in this space makes him the authority on money laundering in crypto – the perfect person to tell its story and, critically, to help us understand how to tackle it.

This book is not only a hugely enjoyable and immersive read, but also an incredibly important one. Whether you're a fervent believer in cryptocurrencies, a skeptical onlooker, or somewhere in between, the fact is that the movement of assets on blockchains – from cryptocurrencies such as Bitcoin, to digital artworks known as NFTs, to tokenized real‐world assets – is already a reality and becoming more mainstream by the day. We ignore the opportunities and challenges thrown up by the advent of cryptocurrencies at our peril, and The Crypto Launderers generously equips its reader with the confidence and wisdom needed to navigate this rapidly evolving world in the months and years ahead.

Simone Maini

CEO, Elliptic

Timeline of Key Events

October 31, 2008:

Satoshi Nakamoto releases the Bitcoin White Paper.

January 27, 2011:

Ross Ulbricht begins promoting the Silk Road, a drugs market he launched on the dark web.

July 17, 2011:

Alexander Vinnik establishes the BTC‐e cryptocurrency exchange.

October 21, 2011:

The Bitcoin Fog mixing service is launched.

March 18, 2013:

The US Treasury's Financial Crimes Enforcement Network (FinCEN) issues guidance on the application of anti–money laundering requirements to virtual currency businesses.

October 1, 2013:

The US Federal Bureau of Investigation (FBI) arrests Ross Ulbricht and shuts down the Silk Road.

October 29, 2013:

The first Bitcoin ATM begins operating in Vancouver, Canada.

January 23, 2014:

Vitalik Buterin announces his plans to launch the Ethereum network.

February 28, 2014:

The Mt. Gox cryptocurrency exchange files for bankruptcy in Japan following the theft of more than $350 million in customer funds.

April 18, 2014:

The privacy coin Monero is launched.

June 6, 2014:

Larry Dean Harmon begins operating the Helix mixing service.

June 27, 2014:

The US Marshal's Service undertakes its first auction of bitcoins seized from the Silk Road.

September 4, 2014:

Robert Faiella and Charlie Shrem plead guilty to operating unlicensed money transmitting businesses and facilitating transactions on behalf of Silk Road users.

November 19, 2015:

The ERC‐20 standard is proposed, paving the way for the issuance of new tokens, including stablecoins, on the Ethereum network.

August 2, 2016:

The Bitfinex cryptocurrency exchange announces that it was the target of a hack resulting in the loss of bitcoins totaling $72 million.

May 12, 2017

: The WannaCry ransomware attack is launched, and later attributed to North Korea's cybercrime outfit, the Lazarus Group.

July 26, 2017:

The United States indicts Alexander Vinnik and the BTC‐e cryptocurrency exchange on charges of money laundering and operating an unlicensed money service business.

January 24, 2018:

The ERC‐721 standard is proposed by members of the Ethereum community, providing the basis for the issuance of non‐fungible tokens (NFTs) on the Ethereum blockchain.

November 28, 2018:

The US Department of the Treasury's Office of Foreign Assets Control (OFAC) issues financial sanctions targeting two Iran‐based money launderers and includes their Bitcoin addresses on the Specially Designated Nationals and Blocked Persons List (SDN List).

May 8, 2019:

Europol announces the arrest of individuals in Spain allegedly involved in laundering the cash proceeds of drug sales through Bitcoin ATMs.

May 22, 2019:

Europol announces the takedown of the Bestmixer mixing service.

June 21, 2019:

The Financial Action Task Force (FATF) publishes

Guidance for a Risk‐Based Approach to Virtual Assets and Virtual Asset Service Providers

.

March 2, 2020:

The US Department of Justice (DOJ) announces the indictment of Tian Yinyin and Li Jaidong, two Chinese nationals alleged to have laundered cryptocurrencies on behalf of North Korea's Lazarus Group.

July 15, 2020:

The Twitter accounts of prominent individuals such as Barak Obama and Elon Musk are compromised by hackers, who scam other Twitter users into sending them bitcoins. The hackers launder the fraudulently obtained bitcoins through Wasabi Wallet.

July 31, 2020:

The perpetrators of the Twitter hack are arrested.

April 28, 2021:

The DOJ announces the arrest of Roman Sterlingov as the alleged operator of the Bitcoin Fog mixing service.

May 7, 2021:

The Colonial Pipeline is subject to a ransomware attack perpetrated by the DarkSide ransomware gang.

June 7, 2021:

The United States announces the seizure of most of the funds paid to the DarkSide in the Colonial Pipeline attack.

August 18, 2021:

Larry Dean Harmon, operator of the Helix mixer, pleads guilty to counts of money laundering and operating an unlicensed money service business.

February 1, 2022:

More than 94,000 bitcoins stolen from the Bitfinex exchange in 2016 are transferred from the original wallet that received them.

February 8, 2022:

The DOJ announces the arrest of Ilya Lichtenstein and Heather Morgan for allegedly laundering bitcoins from the Bitfinex hack.

March 23, 2022:

North Korean cybercriminals steal more than $625 million in cryptocurrencies from Axie Infinity's Ronin Bridge.

June 30, 2022:

The DOJ announces fraud and money laundering charges against Le Ahn Tuan, the alleged perpetrator of the Baller Ape Club NFT fraud scheme.

August 4, 2022:

Alexander Vinnik, the operator of the BTC‐e cryptocurrency exchange, is extradited to the United States to face trial.

August 8, 2022:

OFAC sanctions the Tornado Cash mixer for facilitating the laundering of funds on behalf of North Korea's Lazarus Group.

August 10, 2022:

Alexey Pertsev, one of the developers of Tornado Cash, is arrested in the Netherlands.

October 20, 2022:

INTERPOL announces the launch of the first global police metaverse.

November 11, 2022:

The FTX cryptocurrency exchange declares bankruptcy.

November 12, 2022:

Cryptocurrencies totaling $477 million are misappropriated from the FTX exchange and subsequently laundered through the decentralized finance (DeFi) ecosystem.

January 18, 2023:

FinCEN identifies the Bitzlato cryptocurrency exchange as a “primary money laundering concern” under the Combating Russian Money Laundering Act.

May 3, 2023:

A jury convicts Nathaniel Chastain of engaging in fraud and money laundering involving NFTs, in the first ever successfully prosecuted case related to insider trading involving digital assets.

June 9, 2023:

The DOJ unseals a criminal indictment alleging that Alexy Bilyuchenko and Aleksandr Verner were the hackers behind the theft of funds from Mt. Gox, and that Bilyuchenko operated BTC‐e alongside Alexander Vinnik.

August 3, 2023:

Ilya Lichtenstein and Heather Morgan plead guilty to laundering the bitcoins stolen in the Bitfinex hack case.

Prologue

August 2, 2016

Seventy‐two million dollars gone – poof! – just like that.

The news rocked Bitcoin trading markets, causing the Bitcoin price to plummet more than 20% overnight, from just above $600 per bitcoin – a near all‐time high – to $480 in a matter of hours, resulting in billions of dollars in additional losses to Bitcoin investors around the globe.

Bitfinex, a Hong Kong–headquartered cryptocurrency exchange and one of the ten largest trading platforms in the world, had just announced it had suffered a cybercriminal hack resulting in the loss of 119,756 bitcoins belonging to its customers – losses totaling approximately $72 million, based on the Bitcoin price at the time. The hack occurred after a breach of the infrastructure for securing the credentials of cryptocurrency wallets where Bitfinex held its customers' bitcoins.

News of the Bitfinex hack gave Bitcoin traders everywhere a sinking feeling of déjà vu. The theft was the largest that the cryptocurrency industry had seen since the hack of Mt. Gox, a Japanese exchange that two years earlier had announced the loss of a whopping $350 million in customer funds – an event that, in addition to sending Mt. Gox into bankruptcy and leaving behind a swarm of enraged creditors demanding retribution, had also caused Bitcoin's price to plummet. In the two years since the Mt. Gox implosion, the Bitcoin price had recovered and reached new heights, but this latest hack was a sign that things could change – quite literally – overnight. While Bitfinex was sufficiently capitalized to avoid collapse, and had promised customers they would be able to redeem most of their deposits, the hack was a worrisome sign that cryptocurrency exchanges – the banks of the Bitcoin world – were still vulnerable to major cyberattacks that could imperil traders and thrust Bitcoin markets into chaos. With much of the public still relatively unfamiliar with, and very often skeptical of, cryptocurrencies, headlines screaming about cyber thieves stealing millions of dollars in bitcoins was the last thing that cryptocurrency advocates needed, engaged as they were in a mission to persuade the world of the merits of this new technology, which they believed was the future of money.

Naturally, once Bitfinex announced the hack, speculation turned to the question of who the perpetrators might be. Was it an inside job? Cybercriminals from Russia or Ukraine? Who had the capability, and guts, to steal a haul of bitcoins that big from one of the largest exchanges in the world? And as they pondered these questions, Bitcoin watchers everywhere focused their gaze upon the same spot: a series of numbers and letters recorded on the blockchain – Bitcoin's public transaction ledger – representing the Bitcoin wallet where those 119,756 stolen bitcoins sat.

Immediately after draining the funds from Bitfinex, the attacker, whoever he or she or they were, sent the bitcoins from the exchange's wallets to a separate private Bitcoin wallet – a transaction displayed for all to see on the blockchain. Of the original 119,756 bitcoins stolen from Bitfinex, about 25,000 were transferred sporadically out of this wallet in several separate withdrawals between January 2017 and April 2021, and then laundered onward through the blockchain – possibly, some observers feared, never to be seen again. But about 80% of the stolen funds – approximately 94,000 bitcoins – would sit in that private wallet for the next five‐and‐a‐half years, not moving at all. Over that span, the value of Bitcoin rose dramatically, soaring from approximately $600 per bitcoin at the time of the Bitfinex hack to a high of more than $67,000 in November 2021. This, in turn, caused the value of the stolen bitcoins to skyrocket from $72 million to more than $7 billion.

By late 2021, the wallet with the stolen Bitfinex funds had become one of the highest valued Bitcoin wallets in the world – and its holder, or holders, Bitcoin billionaires. Bitcoin enthusiasts and traders, law enforcement agents and private intelligence firms, watched and wondered for more than five years if the Bitfinex hacker, or hackers, would ever move their enormous virtual pile of bitcoins, and where the trail might lead if they did.

Then, on February 1, 2022, the whole remaining stash moved. To be precise, 94,643.29 bitcoins were transferred from the wallet that had received the stolen Bitfinex funds, driving cryptocurrency watchers into a frenzy. Where would the Bitfinex coins go? Would the perpetrators manage to combine this massive stash with the 25,000 bitcoins they had already laundered, allowing them to get away with billions of dollars in stolen funds? And would the movement of the coins reveal anything about who was behind one of Bitcoin's biggest heists?

The money trail, it turned out, led to some of the most eccentric characters in the relatively short but extremely eventful history of cryptocurrency laundering: a mentalist magician named Dutch, his rapper wife Razzlekhan, and their Bengal cat Clarissa. The virtual trail that the Bitfinex bitcoins followed through the blockchain was one that had been paved across more than a decade – a trail that twisted and turned its way through an ecosystem of rogue cryptocurrency exchanges, digital black markets, anonymizing services, cash‐for‐Bitcoin trading kiosks, and cryptocurrencies designed to be untraceable – in short, an entire ecosystem available for laundering cryptocurrencies. It was a trail that had been travelled by a long list of characters, from peddlers of opioids to a fugitive Indian entrepreneur to North Korean cybercriminals – a trail over which tens of billions of dollars in bitcoins had flowed, and one that law enforcement agencies, regulators, and private analytics firms had been sniffing around for years, waiting to pounce.

And as that trail grew and grew over the years, accumulating billions of new data points and forming a veritable maze of transactions, it became the focal point for clashes between tech visionaries, entrepreneurs, privacy advocates, lawmakers, and law enforcers over the future of finance, and the potential for disruptive technologies to reshape not only money, but society as a whole.

As we follow that trail, we will in due course meet Dutch, Razzlekhan, and Clarissa. But first we must start at the beginning, 11 years before that giant stash of 94,643.29 bitcoins suddenly moved across the blockchain, back to when the foundations of the crypto laundering trail were laid.

Chapter 1The Dark Web: The Origins of Crypto Laundering

For Ross Ulbricht, Bitcoin was a godsend. By the time he turned 29 in March 2013, Ulbricht sat atop the largest online drugs market in the world, and Bitcoin was the secret ingredient that made it all possible.

Only two years earlier, in January 2011, Ulbricht had created a marketplace on the dark web called the Silk Road. Launched on The Onion Router (Tor) network, which allows users to obscure their Internet Protocol (IP) addresses and mask information about their whereabouts, the Silk Road was initially a small site for buying magic mushrooms. For several years, Ulbricht had been obsessed with the prospect of launching a marketplace that would allow users to transact with total freedom, beyond the reach of government enforcement. During his studies at Penn State University, Ulbricht had become deeply acquainted with libertarian politics and economics, and it was soon his life's mission to advance the cause of freeing commerce completely from state control. Convinced that the four‐decade‐long War on Drugs was an exercise in the excessive use of government force that had led to millions of innocent Americans being unjustly incarcerated, Ulbricht wanted to provide a venue where anyone could purchase drugs for recreational use without fear of surveillance or arrest. As Ulbricht wrote in his diary, he sought “to create a website where people could buy anything anonymously, with no trail whatsoever that could lead back to them.”1 Within a year of its launch, the Silk Road had grown into a massive, thriving marketplace, where users could buy all variety of prohibited items – primarily a wide range of narcotics but also fake IDs, hacking tools, and more – generating millions of dollars in monthly sales.

The Silk Road was the first successful, industrial‐scale illicit marketplace on the dark web. And the grease in its wheels was Bitcoin, a new form of digital money created only two years before Ulbricht launched his site. Bitcoin was an integral feature of the Silk Road's illicit economy. Purchases for items from Silk Road vendors could only be made using bitcoins, and Ulbricht used the cryptocurrency to pay collaborators who assisted him in running and administering the site. He even, it transpired, paid in bitcoins to arrange the murder‐for‐hire of people he learned were stealing from the site and threatening to reveal its existence, though those assassinations never took place. The Silk Road quickly became known as the Amazon of the dark web: individual vendors located anywhere around the globe could advertise their goods – whether heroin, LSD, ecstasy, malware, or other prohibited items – and receive reviews from buyers, who settled payment in this new cryptocurrency, which was still essentially unknown to the public. Ulbricht was convinced that in Bitcoin he had found the perfect mechanism for sustaining an online market that no government could ever dismantle. In an interview he held with Forbes magazine in August 2013 under his adopted pseudonym Dread Pirate Roberts, Ulbricht would even go so far as to declare, “We've won the State's War on Drugs because of Bitcoin.”2

What Ulbricht could not have known then was that Bitcoin, which had made him the millionaire kingpin of a new digital underworld, would also contribute to his downfall.

The Birth of Bitcoin and the Rise of the Silk Road

Before Bitcoin, selling drugs online had always been problematic. Just as the rise of websites such as Amazon and eBay in the mid‐1990s created a new paradigm for day‐to‐day commerce that disrupted brick‐and‐mortar retail businesses, so the global, borderless nature of the Internet offered the prospect of an online trade in illicit items that could allow black markets to thrive beyond the streets. Yet for nearly two decades after the advent of the World Wide Web, payments still could not be conducted in a manner that allowed illicit markets to flourish online.

Before cryptocurrencies, drug dealers faced a dilemma when selling their products on the Internet. A dealer could accept payment through a bank transfer or credit card purchase, but that put them at risk of detection under anti–money laundering laws. They could also arrange to collect payment in cash through a physical meet‐up with the buyer, but that risked public detection and capture. Neither presented an attractive or practical option for drug dealers who wanted to leverage the Internet to reach a global clientele. By the time Ross Ulbricht had the idea for the Silk Road, narcotics dealers were desperate for a way to transact with buyers anywhere in the world while maintaining anonymity and avoiding detection.

Bitcoin, it seemed, was the answer. In 2008, a White Paper entitled Bitcoin: A Peer‐to‐Peer Electronic Cash System was published online and distributed to a small mailing list of cryptographers by an author using the pseudonym Satoshi Nakamoto, whose identity remains unknown. Writing amidst the Global Financial Crisis, Nakamoto reflected on the need for a new form of money that would up‐end a financial sector beset with rent‐seeking behavior and entrenched inefficiencies that served the narrow interests of major financial institutions. What Nakamoto proposed in the Bitcoin White Paper was nothing short of revolutionary: a new form of digital cash that would allow two individuals to transfer funds online, from anywhere in the world, without having to use a bank. Bitcoin offered users one of the main advantages of cash – the ability to interact directly with their counterparties without a bank's involvement (hence the term “peer‐to‐peer”) – while improving on its main weakness, namely, its physical nature, which makes cash impractical to transfer globally and across borders.

Nakamoto was hardly the first to have the idea for a digital cash system. Bitcoin was the culmination of several earlier attempts to create digital money, and it fulfilled a dream long held by a loose collection of libertarian‐minded technologists known as the cypherpunks. In A Cypherpunk's Manifesto, a treatise published in 1993, Eric Hughes, one of the early proponents of the movement, set out the philosophy behind the quest for digital cash. “Privacy is necessary for an open society in the electronic age,” wrote Hughes. “When I purchase a magazine at a store and hand cash to the clerk, there is no need to know who I am… An anonymous system empowers individuals to reveal their identity when desired and only when desired; this is the essence of privacy… We the Cypherpunks are dedicated to building anonymous systems. We are defending our privacy with cryptography, with anonymous mail forwarding systems, with digital signatures, and with electronic money.”3

The objective of the cypherpunks was clear: to create a version of electronic cash that would preserve the freedom to transact privately. Several attempted to do just that. The first attempt of real significance came in 1989, when the American computer scientist David Chaum launched DigiCash, which employed cryptography to maintain user privacy. But DigiCash and other early digital currency proposals faced a major limitation: they relied on a central party to issue units of the currency and validate transactions. From a libertarian perspective, a centralized digital cash system was ultimately counterproductive because the issuer could block transactions and be dismantled by the government. For a digital cash system to make good on its true promise of financial freedom, it needed to be decentralized: no single person, authority, or business should own the system, or act as a single point of failure.

Decentralization therefore became pivotal to the cypherpunk ethos and foundational to the ideal of free commerce enabled by anonymizing technology. In 1998, the computer scientist Nick Szabo put forward a proposal known as BitGold, which envisioned a “trustless” payment settlement mechanism that eliminated middlemen such as banks and other payment intermediaries to allow users to transact directly. The same year, Wei Dei, another American computer scientist, published a paper outlining a concept called B‐Money, which envisioned a decentralized payment system much in the vein of Szabo's BitGold, where “participants cannot be linked to their true names or physical locations.”4 However, neither BitGold nor B‐Money proved implementable.

It was Nakamoto who eventually made the breakthrough with Bitcoin and was the first to succeed in developing a truly decentralized, peer‐to‐peer payment mechanism. Critical to achieving this was solving a technical problem that proposals such as BitGold and B‐Money had failed to solve, known as “double‐spend.” One of the main challenges developers had encountered in creating digital cash systems before Bitcoin was that anyone could counterfeit a unit of a given electronic coin. That is, a user could simply create a copy of a coin and repeatedly spend it, jeopardizing the integrity of the system. The simple way to solve this problem is to have a trusted central issuer or authority who can validate the authenticity of transactions. But that centralization runs contrary to the cypherpunk ethos, and undermines the goal of ensuring users' privacy and autonomy.

In Bitcoin, Nakamoto employed a mechanism for establishing consensus about activities of participants in the network without requiring a trusted central authority. This is achieved through a proof‐of‐work (PoW) algorithm, which requires that network participants devote computing power to solving cryptographic puzzles. This process enables those engaged in the PoW process – known as “miners,” who receive bitcoins as a reward for supplying computing power to the network – to validate transactions, and authenticate that no double‐spending has occurred. Once validated by miners, Bitcoin transactions are posted on the blockchain, a ledger that provides a complete and chronological history of all transactions and can be viewed publicly as a record of their authenticity. The blockchain is what is known as a distributed ledger technology (DLT) – a manner of record keeping that enables consensus and validation of information across a disbursed network. Importantly, because no single entity controls Bitcoin, the blockchain is an immutable record. This remarkable innovation ensures that the Bitcoin network remains self‐sustaining: no central authority operates Bitcoin, and no central authority can dismantle it. Bitcoin will operate as long as miners remain incentivized to continue validating transactions – and transactions will always be recorded on the blockchain for anyone to see.

In addition to decentralization, Bitcoin possesses another important feature. While all transactions are recorded on the blockchain publicly, the names of the individual users conducting those transactions do not appear on the ledger. Rather, Bitcoin users are pseudonymous: their identities are represented on the blockchain by alphanumeric addresses corresponding to their Bitcoin wallets. No personal identifying information is inherently associated with a Bitcoin transaction. For example, the Bitcoin address 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa was the address Nakamoto used to receive the first bitcoins ever mined.

With Bitcoin, therefore, the cypherpunk dream seemed fulfilled. Nakamoto had created a technology that was decentralized, couldn't be dismantled by governments, and would allow users to conceal their identities while maintaining control over their wealth. In the eyes of the cypherpunks, the implications of this innovation were nothing short of earth‐shattering. Over the course of the next several years, a dedicated global community of enthusiasts emerged among Bitcoin's early adopters, united by a conviction that Nakamoto's invention would change the future of finance, and society at large, by freeing individuals from reliance on a financial system controlled by self‐interested, institutional middlemen.

It was also not lost on early adopters that Bitcoin could play a role in facilitating illicit activity. In June 2010, one user on the forum bitcointalk.org – a message board Nakamoto created for the community – discussed the potential to host a “heroin store” on Tor that could accept Bitcoin payments.5 In June 2011, another bitcointalk.org user speculated about the possibility for Bitcoin to facilitate a prediction market for assassinations, in which users could bet on the probability that politicians might be assassinated, and would then receive bitcoins if those predictions occurred.6 This assumed that the existence of such a market would incentivize assassinations, drawing in a growing user base that would make the market self‐sustaining. Eventually, cryptocurrency‐enabled assassination markets would indeed emerge, such as those available on the Augur blockchain.7

Before Bitcoin, criminals had sought several ways to engage in illicit transactions and launder funds online. In the early 2000s, one popular option was e‐Gold. Established in 1996 by an oncologist and a lawyer in Florida, e‐Gold was the first large‐scale digital currency‐based system that enabled merchant payments and was accessible via mobile phone transfers. By 2000 it had obtained over one million users, but was quickly exploited by criminal actors, especially Russian and Ukrainian cybercriminals. In 2008, e‐Gold was shut down by the US government after its founders were charged with money laundering violations, and for failing to register with the federal government under anti–money laundering laws.8

Another early digital currency system, Liberty Reserve, met a similar fate. Based in Costa Rica, Liberty Reserve allowed users to access its site without verifying their identities. Users purchased Liberty Reserve Dollars or Liberty Reserve Euros, which they could transfer freely to other users of the site while remaining anonymous. Liberty Reserve's founding, unsurprisingly, was highly problematic. Its founder, Author Budovsky, had been charged in the United States in 2006 with running an illegal e‐Gold business known as Gold Age. Budovsky then fled to Costa Rica while still on probation in 2007, and launched Liberty Reserve. The new service rapidly became a favored method for drug dealers, credit card thieves, cybercriminals, vendors of child pornography, and other illicit actors to transfer funds internationally, serving more than one million users globally – nearly a quarter of whom were in the United States.9 In May 2013, Budovsky was arrested in Spain and indicted alongside his accomplices by the US government, which accused Liberty Reserve of laundering criminal proceeds worth more than $6 billion. Budovsky was eventually extradited to the United States and handed a 20‐year prison sentence for operating the service. The US Treasury also drew on a provision in the USA PATRIOT Act to designate Liberty Reserve as a financial institution of “primary money laundering concern,” ensuring that it was permanently cut off from any ties to the US financial system.10

E‐Gold and Liberty Reserve had demonstrated that a demand existed in the online criminal ecosystem for reliable digital payments. Yet both systems had suffered from a major flaw, one familiar to the cypherpunks: they were centralized. The issuers of e‐Gold and Liberty Reserve were essential to the ongoing functioning of those systems, which meant that when their founders were arrested, both platforms were seized by the US government and completely dismantled. As Nakamoto commented in an early Bitcoin discussion forum in 2009: “A lot of people automatically dismiss e‐currency as a lost cause because of all the companies that failed since the 1990s. I hope it's obvious it was only the centrally controlled nature of those systems that doomed them.”11

With Bitcoin, however, this would never be a problem. Because no single person or organization ran Bitcoin, it could never be shut down. Law enforcement agencies might arrest individual criminals who traded in bitcoins, but they could never dismantle the Bitcoin network. This made Bitcoin a seemingly trustworthy tool for criminals, who could depend on it to operate around the clock, 24 hours a day, seven days a week – accessible from anywhere on the globe.

The timing of Bitcoin's arrival could not have been more fortuitous for Ross Ulbricht, who was convinced that he had found the secret weapon he needed to liberate markets from the suffocating grip of the state. As he conceived of an anonymous online marketplace, Ulbricht knew he could look to the dark web as a place to host it and hide the identities of users. The Tor network had been developed by the US government in the mid‐1990s as part of an effort to encrypt confidential communications by concealing information about users' identities and locations. Because it is an open‐source project, Tor is free and accessible to anyone. It therefore offered the ideal home for an anonymous online market.

Having identified where to host his site, which he originally called Underground Brokers, Ulbricht needed a way for buyers and sellers to transact in secret. Earlier attempts to set up illicit markets on Tor had failed, in part due to the inability to anonymize payments, and their reliance on the regulated financial sector. One of the most successful early drug markets on the dark web was Farmer's Market, a site on Tor that generated approximately $1 million in drug sales between 2007 and 2009. But Farmer's Market was ultimately undone owing to its payment methods of choice: users settled their drug trades via services such as PayPal and Western Union, which identified suspicious transactions and reported them to law enforcement, as was demonstrated when the US Drug Enforcement Agency (DEA) shut down Farmer's Market in early 2012.12 Ulbricht was determined to learn from the failures of other dark web entrepreneurs. Writing in his diary, Ulbricht noted: “I had been studying the technology for a while, but needed a business model and strategy.”13 Bitcoin enabled Ulbricht to develop that business model, allowing him to establish a sustainable economy for his site. Even Satoshi Nakamoto had recognized that combining Bitcoin with the anonymizing capabilities of Tor was prudent for those seeking maximum privacy, writing in 2010: “If you're serious about privacy, TOR is an advisable precaution.”14

Ulbricht had learned of Bitcoin during his short‐lived stint as a financial trader after university, and through online forums frequented by like‐minded libertarians.15 He quickly realized that Bitcoin gave him what he needed: a way for vendors on his site to receive payments from anywhere in the world for the goods they sold without having to transfer money through a bank, while also concealing their identities. The Silk Road even established a payment settlement mechanism that was essential to building trust among buyers and sellers: after a buyer sent bitcoins to a vendor for a purchase, the funds were kept in an escrow wallet held by the Silk Road; once the buyer confirmed receipt of the goods, the bitcoins were released to the seller. The site also allowed vendors to set the sale price in bitcoins at a fixed US dollar figure to protect against volatility from the frequently fluctuating value of Bitcoin. For facilitating these services, the Silk Road took a commission of 8–15% of the total value of each transaction.16

Ulbricht began promoting the Silk Road on Bitcoin chat forums to recruit users. A March 1, 2011, posting under the username “silkroad” on bitcointalk.org declared: “Silk Road is into it's [sic] third week after launch and I am very pleased with the results. There are several sellers and buyers finding mutually agreeable prices, and as of today, 28 transactions have been made! What is missing? What works? What do you want to see created? What obstacles do you see for the future of Silk Road? What opportunities? The general mood of this community is that we are up to something big, something that can really shake things up. Bitcoin and Tor are revolutionary and sites like the Silk road [sic] are just the beginning.”17

The Silk Road was the first significant testing ground for Bitcoin. Over the course of two and a half years, it hosted more than 100,000 users and processed more than $1 billion worth of drug sales, all executed in bitcoins. Indeed, a substantial portion of Bitcoin's early users were buyers and sellers of illicit items on the Silk Road. At one point, the main Bitcoin address that the Silk Road used contained 5% of all bitcoins in existence, and the site accounted for as much as one‐third of Bitcoin transactions that took place during 201218 – a statistic that underscores how Ulbricht's site was not only powered by Bitcoin, but also essential to the cryptocurrency's growth. In an ironic twist, the Silk Road also made what must have been one of the first ever Bitcoin‐enabled ransomware payments in history when Ulbricht was forced to pay $25,000 in bitcoins to hackers who had disrupted access to the site and demanded a ransom to halt the attack.19

By 2013, Ulbricht had become a Bitcoin millionaire – though he continued to live a modest outward lifestyle, motivated primarily by ideology rather than riches. Nonetheless, Ulbricht and others who ran the Silk Road with him were aware of the potential to accumulate significant wealth through this new cryptocurrency. At one stage, Ulbricht confided to another of the Silk Road's administrators that he expected Bitcoin to make him a billionaire before his thirtieth birthday.20

The Feds Follow the Trail on the Blockchain

It turned out that Ulbricht and his accomplices weren't the only ones interested in the role of Bitcoin in unlocking new forms of illicit commerce. So was the US government.

US law enforcement agencies first became aware of the Silk Road the old‐fashioned way: officers had intercepted packages of drugs in the mail, and upon questioning the intended recipients, learned that they had been purchased on the Silk Road. As they looked into the site, US law enforcement agents were astounded – and terrified – by what they had discovered. A massive illicit marketplace had emerged nearly overnight in the darkest recesses of the Internet. Before long, the US government was running an extensive investigation into the Silk Road, featuring agents from the DEA, Federal Bureau of Investigation (FBI), Internal Revenue Service (IRS), and other agencies.

As they probed the Silk Road, law enforcement investigators quickly came to understand the essential role that Bitcoin played. Undercover agents began to buy Bitcoin on cryptocurrency exchange platforms so that they could make staged purchases of narcotics on the Silk Road. As they became acquainted with Bitcoin, they discovered an important feature of the technology: because all transactions are recorded publicly on the blockchain, government agents could identify the transactions that they had been undertaking with the Silk Road by observing them on the ledger.21 In making staged payments on the site, agents were instructed to send their bitcoins to addresses the Silk Road used for settling transactions; the agents could then locate these Bitcoin addresses on the blockchain and see as the site's addresses received bitcoins from other buyers and paid bitcoins out to the site's vendors. Soon, the FBI was monitoring hundreds of thousands of transactions going into and out of the Silk Road's Bitcoin addresses in real time. Ilhwan Yum, an FBI agent working on the case, made staged purchases of illicit items on the Silk Road; he could then readily cross‐reference transactions he had made by identifying them once they were recorded on the blockchain. Bitcoin's ledger, it turned out, offered the perfect digital money trail for investigators. In a press interview, Yum later described the impact of this transparency by noting: “Cash transactions are hard to track, but imagine if every serial number [on a dollar bill] used in a transaction was recorded and announced to the public.”22

Indeed, as they investigated the Silk Road, government agents realized that the blockchain offered them a unique source of intelligence that was in many ways more transparent and accessible than the financial intelligence they normally obtained in money laundering cases. When investigating money laundering through banks, investigators had to obtain court‐issued subpoenas to access banking records; and if they were investigating cases involving international money flows, they had to navigate a complex and time‐consuming process to access information from their law enforcement counterparts overseas by requesting documents through mutual legal assistance treaties (MLATs). But with Bitcoin, because the ledger is global, public, and decentralized, agents did not need to obtain a subpoena when analyzing the blockchain. The ledger was simply open for anyone to view, constantly updating with new transactions, relaying insights about Bitcoin transfers between counterparties located all over the world, and offering a continuous stream of financial intelligence that unfolded in real time.

But merely looking at the blockchain alone didn't reveal who controlled the Silk Road's wallets, since Bitcoin wallets are pseudonymous. For example, the Bitcoin address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a was one that Silk Road utilized to send and receive more than 222,000 bitcoins across 152 transactions that were worth tens of millions of dollars at the time.23 But knowing this didn't tell investigators who was behind the site. For the evidence trail on the blockchain to lead to arrests and money laundering convictions, investigators needed to link the pseudonymous transactional information on the blockchain to actual identities associated with the operators of the site. It turned out they would get a lucky break.

Though Ulbricht had gone to great lengths to conceal his role in the Silk Road by adopting the Dread Pirate Roberts moniker and